Compare commits
26 Commits
4.4
...
1.5-branch
| Author | SHA1 | Date | |
|---|---|---|---|
|
bc050faba8 | ||
|
|
814aaddaaa | ||
|
|
0aa07547e2 | ||
|
658b7540d5 | ||
|
71a8451159 | ||
|
|
43f3ec3827 | ||
|
|
626c316ed1 | ||
|
|
ec02dedc48 | ||
|
|
16db18f5f6 | ||
|
|
d5c9f3e85c | ||
|
|
90c4ec0c9d | ||
|
|
d707353a40 | ||
|
|
38dc5dd279 | ||
|
|
a5475b1b3e | ||
|
|
b5a9432efc | ||
|
|
6251f851df | ||
|
|
ea9c93a64c | ||
|
|
9097e32aa5 | ||
|
|
bcb43dd535 | ||
|
|
e2a2039164 | ||
|
|
4e88e96128 | ||
|
|
aadbabc73e | ||
|
|
f518948ccf | ||
|
|
26ed4e2a86 | ||
|
|
3ce18b9a3c | ||
|
|
dea69baaef |
@@ -55,7 +55,7 @@ if (isset($_GET['page'])) {
|
||||
}
|
||||
|
||||
if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
|
||||
die(sprintf(__('Cannot load %s.'), $plugin_page));
|
||||
die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));
|
||||
|
||||
if (! isset($_GET['noheader']))
|
||||
require_once(ABSPATH . '/wp-admin/admin-header.php');
|
||||
|
||||
@@ -34,6 +34,7 @@ case 'addcat':
|
||||
$cat = intval($_POST['cat']);
|
||||
|
||||
$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$cat')");
|
||||
do_action('add_category', $wpdb->insert_id);
|
||||
|
||||
header('Location: categories.php?message=1#addcat');
|
||||
break;
|
||||
@@ -57,6 +58,7 @@ case 'delete':
|
||||
$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$cat_parent' WHERE category_parent = '$cat_ID'");
|
||||
// TODO: Only set categories to general if they're not in another category already
|
||||
$wpdb->query("UPDATE $wpdb->post2cat SET category_id='1' WHERE category_id='$cat_ID'");
|
||||
do_action('delete_category', $cat_ID);
|
||||
|
||||
header('Location: categories.php?message=2');
|
||||
|
||||
|
||||
@@ -85,12 +85,17 @@ edCanvas = document.getElementById('content');
|
||||
</script>
|
||||
|
||||
<p class="submit">
|
||||
<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Edit Page') :_e('Create New Page') ?> »" />
|
||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo $sendto; ?>" />
|
||||
<?php if ( $post_ID ) : ?>
|
||||
<input name="save" type="submit" id="save" tabindex="5" value=" <?php _e('Save and Continue Editing'); ?> "/>
|
||||
<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Edit Page') : _e('Create New Page') ?> »" />
|
||||
<?php else : ?>
|
||||
<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php _e('Create New Page') ?> »" />
|
||||
<?php endif; ?>
|
||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo $sendto; ?>" />
|
||||
</p>
|
||||
|
||||
<fieldset id="pageoptions">
|
||||
<legend><?php _e('Page Options') ?></legend>
|
||||
<legend><?php _e('Page Options') ?></legend>
|
||||
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
|
||||
<?php if ( 0 != count( get_page_templates() ) ) { ?>
|
||||
<tr valign="top">
|
||||
|
||||
@@ -29,7 +29,7 @@ $editing = true;
|
||||
|
||||
switch($action) {
|
||||
case 'post':
|
||||
|
||||
check_admin_referer();
|
||||
if ( !user_can_create_draft($user_ID) )
|
||||
die( __('You are not allowed to create posts or drafts on this blog.') );
|
||||
|
||||
@@ -195,10 +195,9 @@ case 'post':
|
||||
if ('publish' == $post_status) {
|
||||
do_action('publish_post', $post_ID);
|
||||
if ($post_pingback)
|
||||
pingback($content, $post_ID);
|
||||
do_enclose( $content, $post_ID );
|
||||
do_trackbacks($post_ID);
|
||||
|
||||
register_shutdown_function('pingback', $content, $post_ID);
|
||||
register_shutdown_function('do_enclose', $content, $post_ID );
|
||||
register_shutdown_function('do_trackbacks', $post_ID);
|
||||
}
|
||||
|
||||
if ($post_status == 'static') {
|
||||
@@ -269,11 +268,12 @@ case 'edit':
|
||||
break;
|
||||
|
||||
case 'editpost':
|
||||
check_admin_referer();
|
||||
// die(var_dump('<pre>', $_POST));
|
||||
if (!isset($blog_ID)) {
|
||||
$blog_ID = 1;
|
||||
}
|
||||
$post_ID = $_POST['post_ID'];
|
||||
$post_ID = (int) $_POST['post_ID'];
|
||||
|
||||
if (!user_can_edit_post($user_ID, $post_ID, $blog_ID))
|
||||
die( __('You are not allowed to edit this post.') );
|
||||
@@ -308,7 +308,7 @@ case 'editpost':
|
||||
|
||||
$post_parent = 0;
|
||||
if (isset($_POST['parent_id'])) {
|
||||
$post_parent = $_POST['parent_id'];
|
||||
$post_parent = (int) $_POST['parent_id'];
|
||||
}
|
||||
|
||||
$trackback = $_POST['trackback_url'];
|
||||
@@ -434,10 +434,10 @@ case 'editpost':
|
||||
|
||||
if ($post_status == 'publish') {
|
||||
do_action('publish_post', $post_ID);
|
||||
do_trackbacks($post_ID);
|
||||
do_enclose( $content, $post_ID );
|
||||
register_shutdown_function('do_trackbacks', $post_ID);
|
||||
register_shutdown_function('do_enclose', $content, $post_ID );
|
||||
if ( get_option('default_pingback_flag') )
|
||||
pingback($content, $post_ID);
|
||||
register_shutdown_function('pingback', $content, $post_ID);
|
||||
}
|
||||
|
||||
if ($post_status == 'static') {
|
||||
@@ -478,7 +478,7 @@ case 'editcomment':
|
||||
|
||||
get_currentuserinfo();
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));
|
||||
|
||||
if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
|
||||
@@ -496,10 +496,10 @@ case 'editcomment':
|
||||
break;
|
||||
|
||||
case 'confirmdeletecomment':
|
||||
|
||||
check_admin_referer();
|
||||
require_once('./admin-header.php');
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
||||
|
||||
@@ -534,8 +534,8 @@ case 'deletecomment':
|
||||
|
||||
check_admin_referer();
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$p = $_GET['p'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
$noredir = true;
|
||||
} else {
|
||||
@@ -566,8 +566,8 @@ case 'unapprovecomment':
|
||||
|
||||
check_admin_referer();
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$p = $_GET['p'];
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
$noredir = true;
|
||||
} else {
|
||||
@@ -591,7 +591,7 @@ case 'unapprovecomment':
|
||||
break;
|
||||
|
||||
case 'mailapprovecomment':
|
||||
|
||||
check_admin_referer();
|
||||
$comment = (int) $_GET['comment'];
|
||||
|
||||
$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
||||
@@ -611,9 +611,9 @@ case 'mailapprovecomment':
|
||||
break;
|
||||
|
||||
case 'approvecomment':
|
||||
|
||||
$comment = $_GET['comment'];
|
||||
$p = $_GET['p'];
|
||||
check_admin_referer();
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
$noredir = true;
|
||||
} else {
|
||||
@@ -640,9 +640,9 @@ case 'approvecomment':
|
||||
break;
|
||||
|
||||
case 'editedcomment':
|
||||
|
||||
$comment_ID = $_POST['comment_ID'];
|
||||
$comment_post_ID = $_POST['comment_post_ID'];
|
||||
check_admin_referer();
|
||||
$comment_ID = (int) $_POST['comment_ID'];
|
||||
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
||||
$newcomment_author = $_POST['newcomment_author'];
|
||||
$newcomment_author_email = $_POST['newcomment_author_email'];
|
||||
$newcomment_author_url = $_POST['newcomment_author_url'];
|
||||
|
||||
@@ -64,10 +64,10 @@ case 'update':
|
||||
die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
|
||||
if ( $pass1 != $pass2 )
|
||||
die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
|
||||
$newuser_pass = $pass1;
|
||||
$newuser_pass = $wpdb->escape($pass1);
|
||||
$updatepassword = "user_pass=MD5('$newuser_pass'), ";
|
||||
wp_clearcookie();
|
||||
wp_setcookie($user_login, $newuser_pass);
|
||||
wp_setcookie($user_login, $pass1);
|
||||
}
|
||||
|
||||
$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);
|
||||
|
||||
@@ -213,7 +213,7 @@ $piece_of_code = htmlspecialchars( $piece_of_code );
|
||||
<p><code><?php echo $piece_of_code; ?></code>
|
||||
</p>
|
||||
<p><strong><?php _e('Image Details') ?></strong>: <br />
|
||||
Name:
|
||||
<?php _e('Name:'); ?>
|
||||
<?php echo $img1_name; ?>
|
||||
<br />
|
||||
<?php _e('Size:') ?>
|
||||
|
||||
@@ -24,6 +24,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
||||
switch ($action) {
|
||||
case 'update':
|
||||
|
||||
check_admin_referer();
|
||||
|
||||
get_currentuserinfo();
|
||||
$edituser = get_userdata($user_id);
|
||||
if ($edituser->user_level >= $user_level) die( __('You do not have permission to edit this user.') );
|
||||
|
||||
@@ -72,7 +72,9 @@ case 'adduser':
|
||||
(user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, user_registered, user_level, user_idmode, user_firstname, user_lastname, user_nicename, user_url)
|
||||
VALUES
|
||||
('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname', '$user_nicename', '$user_uri')");
|
||||
|
||||
|
||||
do_action('user_register', $wpdb->insert_id);
|
||||
|
||||
if ($result == false)
|
||||
die (__('<strong>ERROR</strong>: Couldn’t register you!'));
|
||||
|
||||
@@ -96,7 +98,7 @@ case 'promote':
|
||||
header('Location: users.php');
|
||||
}
|
||||
|
||||
$id = $_GET['id'];
|
||||
$id = (int) $_GET['id'];
|
||||
$prom = $_GET['prom'];
|
||||
|
||||
$user_data = get_userdata($id);
|
||||
@@ -108,12 +110,11 @@ case 'promote':
|
||||
|
||||
if ('up' == $prom) {
|
||||
$new_level = $usertopromote_level + 1;
|
||||
$sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
|
||||
$wpdb->query("UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level");
|
||||
} elseif ('down' == $prom) {
|
||||
$new_level = $usertopromote_level - 1;
|
||||
$sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
|
||||
$wpdb->query("UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level");
|
||||
}
|
||||
$result = $wpdb->query($sql);
|
||||
|
||||
header('Location: users.php');
|
||||
|
||||
|
||||
@@ -57,7 +57,7 @@ header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||
header('Cache-Control: no-cache, must-revalidate, max-age=0');
|
||||
header('Pragma: no-cache');
|
||||
|
||||
$location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
|
||||
$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to'];
|
||||
|
||||
wp_redirect($location);
|
||||
?>
|
||||
@@ -49,7 +49,12 @@ if (have_posts()) :
|
||||
foreach ($comments as $comment) {
|
||||
?>
|
||||
<item>
|
||||
<title>by: <?php comment_author_rss() ?></title>
|
||||
<title><?php if ( (! is_single()) || (! is_page()) ) {
|
||||
$title = get_the_title($comment->comment_post_ID);
|
||||
$title = apply_filters('the_title', $title);
|
||||
$title = apply_filters('the_title_rss', $title);
|
||||
echo "Comment on $title";
|
||||
} ?> by: <?php comment_author_rss() ?></title>
|
||||
<link><?php comment_link() ?></link>
|
||||
<pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></pubDate>
|
||||
<guid><?php comment_link() ?></guid>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -355,20 +355,20 @@ function pings_open() {
|
||||
// Non-template functions
|
||||
|
||||
function get_lastcommentmodified($timezone = 'server') {
|
||||
global $tablecomments, $cache_lastcommentmodified, $pagenow, $wpdb;
|
||||
global $cache_lastcommentmodified, $pagenow, $wpdb;
|
||||
$add_seconds_blog = get_settings('gmt_offset') * 3600;
|
||||
$add_seconds_server = date('Z');
|
||||
$now = current_time('mysql', 1);
|
||||
if ( !isset($cache_lastcommentmodified[$timezone]) ) {
|
||||
switch(strtolower($timezone)) {
|
||||
case 'gmt':
|
||||
$lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
|
||||
$lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
|
||||
break;
|
||||
case 'blog':
|
||||
$lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
|
||||
$lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
|
||||
break;
|
||||
case 'server':
|
||||
$lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
|
||||
$lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
|
||||
break;
|
||||
}
|
||||
$cache_lastcommentmodified[$timezone] = $lastcommentmodified;
|
||||
|
||||
@@ -989,5 +989,12 @@ function ent2ncr($text) {
|
||||
}
|
||||
return $text;
|
||||
}
|
||||
function stripslashes_deep($value)
|
||||
{
|
||||
$value = is_array($value) ?
|
||||
array_map('stripslashes_deep', $value) :
|
||||
stripslashes($value);
|
||||
|
||||
return $value;
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -6,21 +6,17 @@
|
||||
* generic function for inserting data into the posts table.
|
||||
*/
|
||||
function wp_insert_post($postarr = array()) {
|
||||
global $wpdb, $post_default_category, $allowedtags;
|
||||
global $wpdb, $allowedtags;
|
||||
|
||||
// export array as variables
|
||||
extract($postarr);
|
||||
|
||||
// Do some escapes for safety
|
||||
$post_title = $wpdb->escape($post_title);
|
||||
$post_name = sanitize_title($post_title);
|
||||
$post_excerpt = $wpdb->escape($post_excerpt);
|
||||
$post_content = $wpdb->escape($post_content);
|
||||
$post_author = (int) $post_author;
|
||||
|
||||
// Make sure we set a valid category
|
||||
if (0 == count($post_category) || !is_array($post_category)) {
|
||||
$post_category = array($post_default_category);
|
||||
$post_category = array(get_option('default_category'));
|
||||
}
|
||||
|
||||
$post_cat = $post_category[0];
|
||||
@@ -107,19 +103,19 @@ function wp_update_post($postarr = array()) {
|
||||
global $wpdb;
|
||||
|
||||
// First get all of the original fields
|
||||
extract(wp_get_single_post($postarr['ID'], ARRAY_A));
|
||||
$post = wp_get_single_post($postarr['ID'], ARRAY_A);
|
||||
|
||||
// Now overwrite any changed values being passed in
|
||||
// Escape data pulled from DB.
|
||||
$post = add_magic_quotes($post);
|
||||
extract($post);
|
||||
|
||||
// Now overwrite any changed values being passed in. These are
|
||||
// already escaped.
|
||||
extract($postarr);
|
||||
|
||||
// Make sure we set a valid category
|
||||
// If no categories were passed along, use the current cats.
|
||||
if ( 0 == count($post_category) || !is_array($post_category) )
|
||||
$post_category = array($post_default_category);
|
||||
|
||||
// Do some escapes for safety
|
||||
$post_title = $wpdb->escape($post_title);
|
||||
$post_excerpt = $wpdb->escape($post_excerpt);
|
||||
$post_content = $wpdb->escape($post_content);
|
||||
$post_category = $post['post_category'];
|
||||
|
||||
$post_modified = current_time('mysql');
|
||||
$post_modified_gmt = current_time('mysql', 1);
|
||||
@@ -158,18 +154,17 @@ function wp_get_post_cats($blogid = '1', $post_ID = 0) {
|
||||
|
||||
$result = $wpdb->get_col($sql);
|
||||
|
||||
if ( !$result )
|
||||
$result = array();
|
||||
|
||||
return array_unique($result);
|
||||
}
|
||||
|
||||
function wp_set_post_cats($blogid = '1', $post_ID = 0, $post_categories = array()) {
|
||||
global $wpdb;
|
||||
// If $post_categories isn't already an array, make it one:
|
||||
if (!is_array($post_categories)) {
|
||||
if (!$post_categories) {
|
||||
$post_categories = 1;
|
||||
}
|
||||
$post_categories = array($post_categories);
|
||||
}
|
||||
if (!is_array($post_categories) || 0 == count($post_categories))
|
||||
$post_categories = array(get_option('default_category'));
|
||||
|
||||
$post_categories = array_unique($post_categories);
|
||||
|
||||
|
||||
@@ -9,24 +9,39 @@ function get_currentuserinfo() {
|
||||
global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
|
||||
// *** retrieving user's data from cookies and db - no spoofing
|
||||
|
||||
if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
|
||||
if ( wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true) ) {
|
||||
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
|
||||
$userdata = get_userdatabylogin($user_login);
|
||||
$user_level = $userdata->user_level;
|
||||
$user_ID = $userdata->ID;
|
||||
$user_nickname = $userdata->user_nickname;
|
||||
$user_email = $userdata->user_email;
|
||||
$user_url = $userdata->user_url;
|
||||
$user_pass_md5 = md5($userdata->user_pass);
|
||||
$userdata = get_userdatabylogin($user_login);
|
||||
$user_level = $userdata->user_level;
|
||||
$user_ID = $userdata->ID;
|
||||
$user_nickname = $userdata->user_nickname;
|
||||
$user_email = $userdata->user_email;
|
||||
$user_url = $userdata->user_url;
|
||||
$user_pass_md5 = md5($userdata->user_pass);
|
||||
|
||||
$idmode = $userdata->user_idmode;
|
||||
if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
|
||||
if ($idmode == 'login') $user_identity = $userdata->user_login;
|
||||
if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
|
||||
if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
|
||||
if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
|
||||
if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
|
||||
if (!$idmode) $user_identity = $userdata->user_nickname;
|
||||
$idmode = $userdata->user_idmode;
|
||||
switch($userdata->user_idmode) {
|
||||
case 'login':
|
||||
$user_identity = $userdata->user_login;
|
||||
break;
|
||||
case 'firstname':
|
||||
$user_identity = $userdata->user_firstname;
|
||||
break;
|
||||
case 'lastname':
|
||||
$user_identity = $userdata->user_lastname;
|
||||
break;
|
||||
case 'namefl':
|
||||
$user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
|
||||
break;
|
||||
case 'namelf':
|
||||
$user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
|
||||
break;
|
||||
case 'nickname':
|
||||
default:
|
||||
$user_identity = $userdata->user_nickname;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
endif;
|
||||
|
||||
@@ -216,6 +231,10 @@ function wp_notify_postauthor($comment_id, $comment_type='') {
|
||||
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
|
||||
}
|
||||
|
||||
$notify_message = apply_filters('comment_notification_text', $notify_message);
|
||||
$subject = apply_filters('comment_notification_subject', $subject);
|
||||
$message_headers = apply_filters('comment_notification_headers', $message_headers);
|
||||
|
||||
$message_headers = "MIME-Version: 1.0\n"
|
||||
. "$from\n"
|
||||
. "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
|
||||
@@ -240,7 +259,6 @@ function wp_notify_moderator($comment_id) {
|
||||
|
||||
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
|
||||
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
|
||||
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
|
||||
|
||||
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
|
||||
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
|
||||
@@ -260,6 +278,9 @@ function wp_notify_moderator($comment_id) {
|
||||
$subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title );
|
||||
$admin_email = get_settings("admin_email");
|
||||
|
||||
$notify_message = apply_filters('comment_moderation_text', $notify_message);
|
||||
$subject = apply_filters('comment_moderation_subject', $subject);
|
||||
|
||||
@wp_mail($admin_email, $subject, $notify_message);
|
||||
|
||||
return true;
|
||||
|
||||
@@ -262,6 +262,8 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
|
||||
}
|
||||
}
|
||||
|
||||
$exclusions = apply_filters('list_cats_exclusions', $exclusions);
|
||||
|
||||
if (intval($categories)==0){
|
||||
$sort_column = 'cat_'.$sort_column;
|
||||
|
||||
|
||||
@@ -352,7 +352,7 @@ function next_post($format='%', $next='next post: ', $title='yes', $in_same_cat=
|
||||
function get_pagenum_link($pagenum = 1) {
|
||||
global $wp_rewrite;
|
||||
|
||||
$qstr = $_SERVER['REQUEST_URI'];
|
||||
$qstr = wp_specialchars($_SERVER['REQUEST_URI']);
|
||||
|
||||
$page_querystring = "paged";
|
||||
$page_modstring = "page/";
|
||||
|
||||
@@ -2,6 +2,6 @@
|
||||
|
||||
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '1.5.1.2';
|
||||
$wp_version = '1.5.3-beta1';
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -103,7 +103,7 @@ do_action('retrieve_password', $user_login);
|
||||
$key = substr( md5( uniqid( microtime() ) ), 0, 50);
|
||||
// now insert the new pass md5'd into the db
|
||||
$wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
|
||||
$message .= __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
|
||||
$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
|
||||
$message .= get_option('siteurl') . "\r\n\r\n";
|
||||
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
|
||||
$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
|
||||
|
||||
15
wp-mail.php
15
wp-mail.php
@@ -50,9 +50,7 @@ for ($i=1; $i <= $count; $i++) :
|
||||
if (preg_match('/Subject: /i', $line)) {
|
||||
$subject = trim($line);
|
||||
$subject = substr($subject, 9, strlen($subject)-9);
|
||||
if (!preg_match('#\=\?(.+)\?Q\?(.+)\?\=#i', $subject)) {
|
||||
$subject = wp_iso_descrambler($subject);
|
||||
}
|
||||
$subject = wp_iso_descrambler($subject);
|
||||
// Captures any text in the subject before $phone_delim as the subject
|
||||
$subject = explode($phone_delim, $subject);
|
||||
$subject = $subject[0];
|
||||
@@ -63,8 +61,10 @@ for ($i=1; $i <= $count; $i++) :
|
||||
if (preg_match('/From: /', $line) | preg_match('Reply-To: /', $line)) {
|
||||
$author=trim($line);
|
||||
if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) {
|
||||
echo "Author = {$regs[1]} <p>";
|
||||
$result = $wpdb->get_row("SELECT ID FROM $tableusers WHERE user_email='$regs[1]' ORDER BY ID DESC LIMIT 1");
|
||||
$author = $regs[1];
|
||||
echo "Author = {$author} <p>";
|
||||
$author = $wpdb->escape($author);
|
||||
$result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");
|
||||
if (!$result)
|
||||
$post_author = 1;
|
||||
else
|
||||
@@ -81,11 +81,11 @@ for ($i=1; $i <= $count; $i++) :
|
||||
}
|
||||
$date_arr = explode(' ', $ddate);
|
||||
$date_time = explode(':', $date_arr[3]);
|
||||
|
||||
|
||||
$ddate_H = $date_time[0];
|
||||
$ddate_i = $date_time[1];
|
||||
$ddate_s = $date_time[2];
|
||||
|
||||
|
||||
$ddate_m = $date_arr[1];
|
||||
$ddate_d = $date_arr[0];
|
||||
$ddate_Y = $date_arr[2];
|
||||
@@ -136,6 +136,7 @@ for ($i=1; $i <= $count; $i++) :
|
||||
$post_status = 'publish';
|
||||
|
||||
$post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
|
||||
$post_data = add_magic_quotes($post_data);
|
||||
|
||||
$post_ID = wp_insert_post($post_data);
|
||||
|
||||
|
||||
@@ -103,9 +103,9 @@ case 'register':
|
||||
|
||||
<div id="login">
|
||||
<h2><?php _e('Registration Complete') ?></h2>
|
||||
<p><?php printf(__('Username: %s'), "<strong>$user_login</strong>") ?><br />
|
||||
<p><?php printf(__('Username: %s'), '<strong>' . wp_specialchars($user_login) . '</strong>') ?><br />
|
||||
<?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br />
|
||||
<?php printf(__('E-mail: %s'), "<strong>$user_email</strong>") ?></p>
|
||||
<?php printf(__('E-mail: %s'), '<strong>' . wp_specialchars($user_email) . '</strong>') ?></p>
|
||||
<p class="submit"><a href="wp-login.php"><?php _e('Login'); ?> »</a></p>
|
||||
</div>
|
||||
</body>
|
||||
|
||||
@@ -1,7 +1,27 @@
|
||||
<?php
|
||||
// Turn register globals off
|
||||
function unregister_GLOBALS() {
|
||||
if ( !ini_get('register_globals') )
|
||||
return;
|
||||
|
||||
if ( isset($_REQUEST['GLOBALS']) )
|
||||
die('GLOBALS overwrite attempt detected');
|
||||
|
||||
// Variables that shouldn't be unset
|
||||
$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
|
||||
|
||||
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
|
||||
foreach ( $input as $k => $v )
|
||||
if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
|
||||
unset($GLOBALS[$k]);
|
||||
}
|
||||
|
||||
unregister_GLOBALS();
|
||||
|
||||
$HTTP_HOST = getenv('HTTP_HOST'); /* domain name */
|
||||
$REMOTE_ADDR = getenv('REMOTE_ADDR'); /* visitor's IP */
|
||||
$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); /* visitor's browser */
|
||||
unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
|
||||
|
||||
// Fix for IIS, which doesn't set REQUEST_URI
|
||||
if (! isset($_SERVER['REQUEST_URI'])) {
|
||||
@@ -133,13 +153,19 @@ load_default_textdomain();
|
||||
// Pull in locale data after loading text domain.
|
||||
require_once(ABSPATH . WPINC . '/locale.php');
|
||||
|
||||
if ( !get_magic_quotes_gpc() ) {
|
||||
$_GET = add_magic_quotes($_GET );
|
||||
$_POST = add_magic_quotes($_POST );
|
||||
$_COOKIE = add_magic_quotes($_COOKIE);
|
||||
$_SERVER = add_magic_quotes($_SERVER);
|
||||
// If already slashed, strip.
|
||||
if ( get_magic_quotes_gpc() ) {
|
||||
$_GET = stripslashes_deep($_GET );
|
||||
$_POST = stripslashes_deep($_POST );
|
||||
$_COOKIE = stripslashes_deep($_COOKIE);
|
||||
}
|
||||
|
||||
// Escape with wpdb.
|
||||
$_GET = add_magic_quotes($_GET );
|
||||
$_POST = add_magic_quotes($_POST );
|
||||
$_COOKIE = add_magic_quotes($_COOKIE);
|
||||
$_SERVER = add_magic_quotes($_SERVER);
|
||||
|
||||
function shutdown_action_hook() {
|
||||
do_action('shutdown');
|
||||
}
|
||||
|
||||
213
xmlrpc.php
213
xmlrpc.php
@@ -10,7 +10,6 @@ include_once(ABSPATH . WPINC . '/class-IXR.php');
|
||||
// error_reporting(0);
|
||||
|
||||
$post_default_title = ""; // posts submitted via the xmlrpc interface get that title
|
||||
$post_default_category = 1; // posts submitted via the xmlrpc interface go into that category
|
||||
|
||||
$xmlrpc_logging = 0;
|
||||
|
||||
@@ -127,8 +126,19 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return true;
|
||||
}
|
||||
|
||||
function escape(&$array) {
|
||||
global $wpdb;
|
||||
|
||||
|
||||
foreach ($array as $k => $v) {
|
||||
if (is_array($v)) {
|
||||
$this->escape($array[$k]);
|
||||
} else if (is_object($v)) {
|
||||
//skip
|
||||
} else {
|
||||
$array[$k] = $wpdb->escape($v);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Blogger API functions
|
||||
* specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/
|
||||
@@ -138,6 +148,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getUsersBlogs will make more sense once we support multiple blogs */
|
||||
function blogger_getUsersBlogs($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
|
||||
@@ -162,6 +174,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getUsersInfo gives your client some info about you, so you don't have to */
|
||||
function blogger_getUserInfo($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
|
||||
@@ -187,6 +201,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getPost ...gets a post */
|
||||
function blogger_getPost($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -220,6 +236,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1]; /* though we don't use it yet */
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -266,6 +284,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.getTemplate returns your blog_filename */
|
||||
function blogger_getTemplate($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -299,6 +319,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* blogger.setTemplate updates the content of blog_filename */
|
||||
function blogger_setTemplate($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -335,6 +357,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[1]; /* though we don't use it yet */
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -382,6 +406,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -398,6 +424,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(404, 'Sorry, no such post.');
|
||||
}
|
||||
|
||||
$this->escape($actual_post);
|
||||
|
||||
$post_author_data = get_userdata($actual_post['post_author']);
|
||||
$user_data = get_userdatabylogin($user_login);
|
||||
|
||||
@@ -406,6 +434,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
}
|
||||
|
||||
extract($actual_post);
|
||||
|
||||
$content = $newcontent;
|
||||
|
||||
$post_title = xmlrpc_getposttitle($content);
|
||||
@@ -431,6 +460,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
@@ -470,7 +501,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* metaweblog.newPost creates a post */
|
||||
function mw_newPost($args) {
|
||||
|
||||
global $wpdb;
|
||||
global $wpdb, $post_default_category;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0]; // we will support this in the near future
|
||||
$user_login = $args[1];
|
||||
@@ -507,7 +540,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
if ($post_more) {
|
||||
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
|
||||
}
|
||||
|
||||
|
||||
$to_ping = $content_struct['mt_tb_ping_urls'];
|
||||
|
||||
// Do some timestamp voodoo
|
||||
$dateCreatedd = $content_struct['dateCreated'];
|
||||
if (!empty($dateCreatedd)) {
|
||||
@@ -527,12 +562,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
foreach ($catnames as $cat) {
|
||||
$post_category[] = get_cat_ID($cat);
|
||||
}
|
||||
} else {
|
||||
$post_category[] = 1;
|
||||
}
|
||||
|
||||
// We've got all the data -- post it:
|
||||
$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status');
|
||||
$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping');
|
||||
|
||||
$post_ID = wp_insert_post($postdata);
|
||||
|
||||
@@ -543,7 +576,14 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
logIO('O', "Posted ! ID: $post_ID");
|
||||
|
||||
// FIXME: do we pingback always? pingback($content, $post_ID);
|
||||
trackback_url_list($content_struct['mt_tb_ping_urls'],$post_ID);
|
||||
// trackback_url_list($content_struct['mt_tb_ping_urls'],$post_ID);
|
||||
|
||||
if ('publish' == $post_status) {
|
||||
if ($post_pingback) pingback($content, $post_ID);
|
||||
do_enclose( $content, $post_ID );
|
||||
do_trackbacks($post_ID);
|
||||
do_action('publish_post', $post_ID);
|
||||
}
|
||||
|
||||
return strval($post_ID);
|
||||
}
|
||||
@@ -552,7 +592,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* metaweblog.editPost ...edits a post */
|
||||
function mw_editPost($args) {
|
||||
|
||||
global $wpdb;
|
||||
global $wpdb, $post_default_category;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
@@ -571,17 +613,18 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
||||
extract($postdata);
|
||||
$this->escape($postdata);
|
||||
|
||||
$post_title = $content_struct['title'];
|
||||
$post_content = apply_filters( 'content_save_pre', $content_struct['description'] );
|
||||
$catnames = $content_struct['categories'];
|
||||
|
||||
$post_category = array();
|
||||
|
||||
if (is_array($catnames)) {
|
||||
foreach ($catnames as $cat) {
|
||||
$post_category[] = get_cat_ID($cat);
|
||||
}
|
||||
} else {
|
||||
$post_category[] = 1;
|
||||
}
|
||||
|
||||
$post_excerpt = $content_struct['mt_excerpt'];
|
||||
@@ -592,6 +635,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
|
||||
}
|
||||
|
||||
$to_ping = $content_struct['mt_tb_ping_urls'];
|
||||
|
||||
$comment_status = (empty($content_struct['mt_allow_comments'])) ?
|
||||
get_settings('default_comment_status')
|
||||
: $content_struct['mt_allow_comments'];
|
||||
@@ -612,17 +657,24 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
}
|
||||
|
||||
// We've got all the data -- post it:
|
||||
$newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt');
|
||||
$newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping');
|
||||
|
||||
$post_ID = wp_update_post($newpost);
|
||||
if (!$post_ID) {
|
||||
$result = wp_update_post($newpost);
|
||||
if (!$result) {
|
||||
return new IXR_Error(500, 'Sorry, your entry could not be edited. Something wrong happened.');
|
||||
}
|
||||
|
||||
logIO('O',"(MW) Edited ! ID: $post_ID");
|
||||
|
||||
// FIXME: do we pingback always? pingback($content, $post_ID);
|
||||
trackback_url_list($content_struct['mt_tb_ping_urls'], $post_ID);
|
||||
// trackback_url_list($content_struct['mt_tb_ping_urls'], $post_ID);
|
||||
if ('publish' == $post_status) {
|
||||
if ($post_pingback) pingback($content, $post_ID);
|
||||
do_enclose( $content, $post_ID );
|
||||
do_trackbacks($post_ID);
|
||||
do_action('publish_post', $post_ID);
|
||||
}
|
||||
do_action('edit_post', $post_ID);
|
||||
|
||||
return true;
|
||||
}
|
||||
@@ -633,6 +685,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -686,6 +740,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* metaweblog.getRecentPosts ...returns recent posts */
|
||||
function mw_getRecentPosts($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -750,6 +806,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -782,9 +840,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
// adapted from a patch by Johann Richard
|
||||
// http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
global $wpdb;
|
||||
|
||||
$blog_ID = $wpdb->escape($args[0]);
|
||||
$user_login = $wpdb->escape($args[1]);
|
||||
$user_pass = $wpdb->escape($args[2]);
|
||||
$data = $args[3];
|
||||
|
||||
$name = $data['name'];
|
||||
@@ -861,6 +921,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.getRecentPostTitles ...returns recent posts' titles */
|
||||
function mt_getRecentPostTitles($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -904,6 +966,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$blog_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -931,6 +995,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.getPostCategories ...returns a post's categories */
|
||||
function mt_getPostCategories($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -959,6 +1025,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.setPostCategories ...sets a post's categories */
|
||||
function mt_setPostCategories($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -1041,6 +1109,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
/* mt.publishPost ...sets a post's publish status to 'publish' */
|
||||
function mt_publishPost($args) {
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$post_ID = $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
@@ -1061,6 +1131,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
// retain old cats
|
||||
$cats = wp_get_post_cats('',$post_ID);
|
||||
$postdata['post_category'] = $cats;
|
||||
$this->escape($postdata);
|
||||
|
||||
$result = wp_update_post($postdata);
|
||||
|
||||
@@ -1075,10 +1146,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
/* pingback.ping gets a pingback and registers it */
|
||||
function pingback_ping($args) {
|
||||
// original code by Mort (http://mort.mine.nu:8080 -- site seems dead)
|
||||
// refactored to return error codes and avoid deep ifififif headaches
|
||||
global $wpdb, $wp_version;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$pagelinkedfrom = $args[0];
|
||||
$pagelinkedto = $args[1];
|
||||
|
||||
@@ -1091,10 +1162,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
// Check if the page linked to is in our site
|
||||
$pos1 = strpos($pagelinkedto, str_replace('http://', '', str_replace('www.', '', get_settings('home'))));
|
||||
if(!$pos1) {
|
||||
return new IXR_Error(0, '');
|
||||
}
|
||||
|
||||
if( !$pos1 )
|
||||
return new IXR_Error(0, 'Is there no link to us?');
|
||||
|
||||
// let's find which post is linked to
|
||||
// FIXME: does url_to_postid() cover all these cases already?
|
||||
@@ -1124,7 +1193,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
$way = 'from the fragment (post-###)';
|
||||
} elseif (is_string($urltest['fragment'])) {
|
||||
// ...or a string #title, a little more complicated
|
||||
$title = preg_replace('/[^a-zA-Z0-9]/', '.', $urltest['fragment']);
|
||||
$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
|
||||
$sql = "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE '$title'";
|
||||
if (! ($post_ID = $wpdb->get_var($sql)) ) {
|
||||
// returning unknown error '0' is better than die()ing
|
||||
@@ -1136,27 +1205,25 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
// TODO: Attempt to extract a post ID from the given URL
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
}
|
||||
$post_ID = (int) $post_ID;
|
||||
|
||||
|
||||
logIO("O","(PB) URI='$pagelinkedto' ID='$post_ID' Found='$way'");
|
||||
|
||||
$sql = 'SELECT post_author FROM '.$wpdb->posts.' WHERE ID = '.$post_ID;
|
||||
$result = $wpdb->get_results($sql);
|
||||
$post = get_post($post_ID);
|
||||
|
||||
if (!$wpdb->num_rows) {
|
||||
// Post_ID not found
|
||||
if ( !$post ) // Post_ID not found
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
}
|
||||
|
||||
// Check if pings are on
|
||||
if ( 'closed' == $post->ping_status )
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
|
||||
// Let's check that the remote site didn't already pingback this entry
|
||||
$result = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'");
|
||||
|
||||
if ($wpdb->num_rows) {
|
||||
// We already have a Pingback from this URL
|
||||
if ( $wpdb->num_rows ) // We already have a Pingback from this URL
|
||||
return new IXR_Error(48, 'The pingback has already been registered.');
|
||||
}
|
||||
|
||||
|
||||
// very stupid, but gives time to the 'from' server to publish !
|
||||
sleep(1);
|
||||
@@ -1167,46 +1234,45 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(16, 'The source URI does not exist.');
|
||||
|
||||
// Work around bug in strip_tags():
|
||||
$linea = str_replace('<!DOCTYPE','<DOCTYPE',$linea);
|
||||
$linea = strip_tags($linea, '<title><a>');
|
||||
$linea = strip_all_but_one_link($linea, $pagelinkedto);
|
||||
// I don't think we need this? -- emc3
|
||||
//$linea = preg_replace('#&([^amp\;])#is', '&$1', $linea);
|
||||
if ( empty($matchtitle) ) {
|
||||
preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
|
||||
}
|
||||
$pos2 = strpos($linea, $pagelinkedto);
|
||||
$pos3 = strpos($linea, str_replace('http://www.', 'http://', $pagelinkedto));
|
||||
if (is_integer($pos2) || is_integer($pos3)) {
|
||||
// The page really links to us :)
|
||||
$pos4 = (is_integer($pos2)) ? $pos2 : $pos3;
|
||||
$start = $pos4-100;
|
||||
$context = substr($linea, $start, 250);
|
||||
$context = str_replace("\n", ' ', $context);
|
||||
$context = str_replace('&', '&', $context);
|
||||
}
|
||||
|
||||
if (empty($context)) {
|
||||
// URL pattern not found
|
||||
return new IXR_Error(17, 'The source URI does not contain a link to the target URI, and so cannot be used as a source.');
|
||||
}
|
||||
|
||||
|
||||
// Check if pings are on
|
||||
$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $post_ID");
|
||||
if ('closed' == $pingstatus) {
|
||||
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
|
||||
$linea = str_replace('<!DOC', '<DOC', $linea);
|
||||
$linea = preg_replace( '/[\s\r\n\t]+/', ' ', $linea ); // normalize spaces
|
||||
$linea = preg_replace( "/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea );
|
||||
|
||||
preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
|
||||
$title = $matchtitle[1];
|
||||
if ( empty( $title ) )
|
||||
return new IXR_Error(32, 'We cannot find a title on that page.');
|
||||
|
||||
$linea = strip_tags( $linea, '<a>' ); // just keep the tag we need
|
||||
|
||||
$p = explode( "\n\n", $linea );
|
||||
|
||||
$sem_regexp_pb = "/(\\/|\\\|\*|\?|\+|\.|\^|\\$|\(|\)|\[|\]|\||\{|\})/";
|
||||
$sem_regexp_fix = "\\\\$1";
|
||||
$link = preg_replace( $sem_regexp_pb, $sem_regexp_fix, $pagelinkedfrom );
|
||||
|
||||
$finished = false;
|
||||
foreach ( $p as $para ) {
|
||||
if ( $finished )
|
||||
continue;
|
||||
if ( strstr( $para, $pagelinkedto ) ) {
|
||||
$context = preg_replace( "/.*<a[^>]+".$link."[^>]*>([^>]+)<\/a>.*/", "$1", $para );
|
||||
$excerpt = strip_tags( $para );
|
||||
$excerpt = trim( $excerpt );
|
||||
$use = preg_quote( $context );
|
||||
$excerpt = preg_replace("|.*?\s(.{0,100}$use.{0,100})\s|s", "$1", $excerpt);
|
||||
$finished = true;
|
||||
}
|
||||
}
|
||||
|
||||
if ( empty($context) ) // URL pattern not found
|
||||
return new IXR_Error(17, 'The source URI does not contain a link to the target URI, and so cannot be used as a source.');
|
||||
|
||||
$pagelinkedfrom = preg_replace('#&([^amp\;])#is', '&$1', $pagelinkedfrom);
|
||||
$title = (!strlen($matchtitle[1])) ? $pagelinkedfrom : $matchtitle[1];
|
||||
$original_context = strip_tags($context);
|
||||
$context = '[...] ';
|
||||
$context .= wp_specialchars($original_context);
|
||||
$context .= ' [...]';
|
||||
|
||||
$context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
|
||||
$original_pagelinkedfrom = $pagelinkedfrom;
|
||||
$pagelinkedfrom = addslashes($pagelinkedfrom);
|
||||
$pagelinkedfrom = addslashes( $pagelinkedfrom );
|
||||
$original_title = $title;
|
||||
|
||||
$comment_post_ID = $post_ID;
|
||||
@@ -1215,11 +1281,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
$comment_content = $context;
|
||||
$comment_type = 'pingback';
|
||||
|
||||
$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $post_ID");
|
||||
|
||||
if ('open' != $pingstatus)
|
||||
die('Sorry, pingbacks are closed for this item.');
|
||||
|
||||
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');
|
||||
|
||||
wp_new_comment($commentdata);
|
||||
@@ -1236,6 +1297,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$this->escape($args);
|
||||
|
||||
$url = $args;
|
||||
|
||||
$post_ID = url_to_postid($url);
|
||||
@@ -1270,4 +1333,4 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
$wp_xmlrpc_server = new wp_xmlrpc_server();
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user