--- wp-admin/admin-db.php +++ wp-admin/admin-db.php @@ -92,16 +92,19 @@ else $update = false; - $cat_name = wp_specialchars($cat_name); - + $cat_name = apply_filters('pre_category_name', $cat_name); + if (empty ($category_nicename)) $category_nicename = sanitize_title($cat_name); else $category_nicename = sanitize_title($category_nicename); + $category_nicename = apply_filters('pre_category_nicename', $category_nicename); if (empty ($category_description)) $category_description = ''; + $category_description = apply_filters('pre_category_description', $category_description); + $category_parent = (int) $category_parent; if (empty ($category_parent)) $category_parent = 0; --- wp-admin/admin-functions.php +++ wp-admin/admin-functions.php @@ -523,7 +523,7 @@ function return_categories_list($parent = 0) { global $wpdb; - return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100"); + return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC"); } function sort_cats($cat1, $cat2) { @@ -597,9 +597,9 @@ if ( current_user_can('manage_categories') ) { $edit = "".__('Edit').""; $default_cat_id = get_option('default_category'); - + if ($category->cat_ID != $default_cat_id) - $edit .= "cat_ID, '".sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete').""; + $edit .= "cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete').""; else $edit .= "".__("Default"); } @@ -643,7 +643,7 @@ post_modified); ?> " . __('Edit') . ""; } ?> - " . __('Delete') . ""; } ?> + " . __('Delete') . ""; } ?>

+ cat_ID); ?> @@ -94,6 +96,9 @@ break; case 'editedcat': + $cat_ID = (int) $_POST['cat_ID']; + check_admin_referer('update-category_' . $cat_ID); + if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); @@ -146,7 +151,7 @@

- +



--- wp-admin/edit-comments.php +++ wp-admin/edit-comments.php @@ -39,6 +39,8 @@

|

comment_post_ID) ) { echo " | comment_ID."\">" . __('Edit Comment') . ""; - echo " | comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Delete Comment') . " — "; + echo ' | " . __('Delete Comment') . ' '; } // end if any comments to show // Get post title if ( current_user_can('edit_post', $comment->comment_post_ID) ) { $post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"); $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title; - ?> + ?> | |

@@ -124,8 +126,9 @@ } elseif ('edit' == $mode) { if ($comments) { - echo ' -
+ echo ' '; + wp_nonce_field('bulk-comments'); + echo '
@@ -148,13 +151,13 @@ + echo "comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return confirm('" . __("You are about to delete this comment.\\n \'Cancel\' to stop, \'OK\' to delete.") . "')\" class='delete'>" . __('Delete') . ""; } ?>
* ' . __('Name') . 'comment_post_ID) ) { echo "" . __('Edit') . ""; } ?> comment_post_ID) ) { - echo "comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\" class='delete'>" . __('Delete') . ""; } ?>

-

')" />

+

')" />

"; + wp_nonce_field('add-post'); } else { $form_action = 'editpost'; $form_extra = ""; + wp_nonce_field('update-post_' . $post_ID); } $form_pingback = ''; @@ -220,7 +222,7 @@ ' . __('This feature requires iframe support.') . ''; @@ -264,8 +266,8 @@ - -post_title) ) . "')\""; ?> /> + +post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> /> --- wp-admin/edit-form-ajax-cat.php +++ wp-admin/edit-form-ajax-cat.php @@ -3,16 +3,16 @@ require_once('admin-functions.php'); require_once('admin-db.php'); -get_currentuserinfo(); - if ( !current_user_can('manage_categories') ) die('-1'); +if ( !check_ajax_referer() ) + die('-1'); function get_out_now() { exit; } add_action('shutdown', 'get_out_now', -1); -$names = explode(',', rawurldecode($_GET['ajaxnewcat']) ); +$names = explode(',', rawurldecode($_POST['ajaxnewcat']) ); $ids = array(); foreach ($names as $cat_name) { @@ -34,4 +34,4 @@ die( (string) $return ); -?> \ No newline at end of file +?> --- wp-admin/edit-form-comment.php +++ wp-admin/edit-form-comment.php @@ -6,6 +6,7 @@ ?>
+comment_ID) ?>
--- wp-admin/edit-link-form.php +++ wp-admin/edit-link-form.php @@ -4,11 +4,13 @@ $heading = __('Edit a link:'); $submit_text = __('Save Changes »'); $form = ''; + $nonce_action = 'update-bookmark_' . $link_id; } else { $editing = false; $heading = __('Add a link:'); $submit_text = __('Add Link »'); $form = ''; + $nonce_action = 'add-bookmark'; } function xfn_check($class, $value = '', $type = 'check') { @@ -33,6 +35,7 @@
+

--- wp-admin/edit-page-form.php +++ wp-admin/edit-page-form.php @@ -5,11 +5,13 @@ "; } else { $form_action = 'editpost'; - $form_extra = ""; + $nonce_action = 'update-post_' . $post_ID; + $form_extra = ""; } $sendto = $_SERVER['HTTP_REFERER']; @@ -23,6 +25,8 @@ '; } @@ -186,7 +190,7 @@ ' . __('This feature requires iframe support.') . ''; --- wp-admin/edit-pages.php +++ wp-admin/edit-pages.php @@ -52,7 +52,7 @@ post_modified); ?> ID' class='edit'>" . __('Edit') . ""; } ?> - ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . ""; } ?> + ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . ""; } ?> - ID) ) { echo "" . __('Delete') . ""; } ?> + ID) ) { echo "ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . ""; } ?> ID) ) { echo "[ comment_ID."\">" . __('Edit') . ""; - echo " - ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . " "; + echo ' - " . __('Delete') . ' '; + if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { if ('approved' == wp_get_comment_status($comment->comment_ID)) { - echo " - ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . " "; + echo ' - ' . __('Unapprove') . ' '; } else { - echo " - ID."&comment=".$comment->comment_ID."\">" . __('Approve') . " "; + echo ' - ' . __('Approve') . ' '; } } echo "]"; --- wp-admin/import/mt.php +++ wp-admin/import/mt.php @@ -193,7 +193,7 @@ // We want the excerpt preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt); - $excerpt = $wpdb->escape(trim($excerpt[1])); + $post_excerpt = $wpdb->escape(trim($excerpt[1])); $post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post); // We're going to put extended body into main body with a more tag --- wp-admin/inline-uploading.php +++ wp-admin/inline-uploading.php @@ -34,16 +34,20 @@ case 'delete': +check_admin_referer('inlineuploading'); + if ( !current_user_can('edit_post', (int) $attachment) ) die(__('You are not allowed to delete this attachment.').' ".__('Go back').''); wp_delete_attachment($attachment); -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start"); +header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start"); die; case 'save': +check_admin_referer('inlineuploading'); + $overrides = array('action'=>'save'); $file = wp_handle_upload($_FILES['image'], $overrides); @@ -98,7 +102,7 @@ add_post_meta($id, '_wp_attachment_metadata', array()); } -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0"); +header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0"); die(); case 'upload': @@ -137,7 +141,7 @@ $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A); if ( count($attachments) == 0 ) { - header("Location: ".basename(__FILE__)."?post=$post&action=upload"); + header("Location: " . basename(__FILE__) ."?post=$post&action=upload" ); die; } elseif ( count($attachments) > $num ) { $next = $start + count($attachments) - $num; @@ -211,7 +215,7 @@ "; $send_delete_cancel = "$__send_to_editor -$__delete +$__delete $__close "; $uwidth_sum += 128; @@ -639,25 +643,25 @@
    -> +>"> get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?> -> +>"> get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?> -> +>">
    • -
    • -
  • «
    • +
  • " title="">|«
    • +
  • ">«
  • «
    • -
  • »
    • -
  • »|
    • +
  • ">
    • +
  • " title="">»|
  • »
  • »|
    • @@ -695,6 +699,7 @@ +
    --- wp-admin/link-categories.php +++ wp-admin/link-categories.php @@ -26,6 +26,8 @@ switch ($action) { case 'addcat': { + check_admin_referer('add-link-category'); + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); @@ -80,7 +82,9 @@ } // end addcat case 'Delete': { - $cat_id = (int) $_GET['cat_id']; + $cat_id = (int) $_GET['cat_id']; + check_admin_referer('delete-link-category_' . $cat_id); + $cat_name=get_linkcatname($cat_id); if ($cat_id=="1") @@ -112,6 +116,7 @@

    cat_name)); ?>

    + cat_id) ?>
    @@ -199,14 +204,15 @@ } // end Edit case "editedcat": { + $cat_id = (int)$_POST["cat_id"]; + check_admin_referer('update-link-category_' . $cat_id); + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $submit=$_POST["submit"]; if (isset($submit)) { - $cat_id = (int)$_POST["cat_id"]; - $cat_name= wp_specialchars($_POST["cat_name"]); $auto_toggle = $_POST["auto_toggle"]; if ($auto_toggle != 'Y') { @@ -350,7 +356,7 @@ text_after_all)?> list_limit ?> - cat_name,1)); ?>' );" class="delete"> + cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"> +

    --- wp-admin/link-import.php +++ wp-admin/link-import.php @@ -24,6 +24,7 @@

    +

    @@ -63,6 +64,8 @@ } // end case 0 case 1: { + check_admin_referer('import-bookmarks'); + include_once('admin-header.php'); if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); --- wp-admin/link-manager.php +++ wp-admin/link-manager.php @@ -39,7 +39,7 @@ switch ($action) { case 'assign': { - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if ( !current_user_can('manage_links') ) @@ -67,7 +67,7 @@ } case 'visibility': { - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if ( !current_user_can('manage_links') ) @@ -104,7 +104,7 @@ } case 'move': { - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if ( !current_user_can('manage_links') ) @@ -125,7 +125,7 @@ case 'Add': { - check_admin_referer(); + check_admin_referer('add-bookmark'); add_link(); @@ -135,8 +135,8 @@ case 'editlink': { - - check_admin_referer(); + $link_id = (int) $_POST['link_id']; + check_admin_referer('update-bookmark' . $link_id); if (isset($links_show_cat_id) && ($links_show_cat_id != '')) $cat_id = $links_show_cat_id; @@ -147,7 +147,6 @@ } $links_show_cat_id = $cat_id; - $link_id = (int) $_POST['link_id']; edit_link($link_id); setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); @@ -157,13 +156,12 @@ case 'Delete': { - check_admin_referer(); + $link_id = (int) $_GET['link_id']; + check_admin_referer('delete-bookmark' . $link_id); if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); - $link_id = (int) $_GET['link_id']; - wp_delete_link($link_id); if (isset($links_show_cat_id) && ($links_show_cat_id != '')) @@ -320,6 +318,7 @@
    + @@ -383,11 +382,12 @@ if ($show_buttons) { echo '' . __('Edit') . ''; - echo 'link_id , '" . sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . ''; + echo 'link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').''; echo ''; } else { echo "   \n"; } + echo "\n \n"; } } --- wp-admin/list-manipulation.js +++ wp-admin/list-manipulation.js @@ -33,13 +33,13 @@ ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; }; ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; }; ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); }; - ajaxDel.runAJAX('action=delete-' + what + '&id=' + id); + ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie)); return false; } function removeThisItem(id) { var response = ajaxDel.response; - if ( isNaN(response) ) { alert(response); } + if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; } response = parseInt(response, 10); if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; } else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened. Try refreshing the page? Either that or what you tried to delete never existed in the first place."; } --- wp-admin/list-manipulation.php +++ wp-admin/list-manipulation.php @@ -2,10 +2,12 @@ require_once('../wp-config.php'); require_once('admin-functions.php'); require_once('admin-db.php'); +header("Content-type: text/plain", true); -get_currentuserinfo(); if ( !is_user_logged_in() ) die('-1'); +if ( !check_ajax_referer() ) + die('-1'); function grab_results() { global $ajax_results; @@ -15,8 +17,6 @@ function get_out_now() { exit; } add_action('shutdown', 'get_out_now', -1); -// check_admin_referer(); - switch ( $_POST['action'] ) : case 'delete-link' : $id = (int) $_POST['id']; --- wp-admin/moderation.php +++ wp-admin/moderation.php @@ -32,6 +32,8 @@ case 'update': + check_admin_referer('moderate-comments'); + if ( ! current_user_can('moderate_comments') ) die('

    '.__('Your level is not high enough to moderate comments.').'

    '); @@ -130,6 +132,7 @@ ?>

    +
      comment_ID.'">' . __('Edit') . ' | ';?> | comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete just this comment') . " | "; ?> +echo " comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete just this comment') . " | "; ?> --- wp-admin/options-discussion.php +++ wp-admin/options-discussion.php @@ -21,6 +21,7 @@

      +
      (These settings may be overridden for individual articles.)') ?>
        --- wp-admin/options-general.php +++ wp-admin/options-general.php @@ -10,6 +10,7 @@

        + --- wp-admin/options-misc.php +++ wp-admin/options-misc.php @@ -11,7 +11,7 @@

        - +
        --- wp-admin/options-permalink.php +++ wp-admin/options-permalink.php @@ -57,7 +57,9 @@ $home_path = get_home_path(); -if ( isset($_POST) ) { +if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) { + check_admin_referer('update-permalink'); + if ( isset($_POST['permalink_structure']) ) { $permalink_structure = $_POST['permalink_structure']; if (! empty($permalink_structure) ) @@ -115,6 +117,7 @@ ); ?> +

        .htaccess file were writable, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your .htaccess file. Click in the field and press CTRL + a to select all.') ?>

        +

        --- wp-admin/options-reading.php +++ wp-admin/options-reading.php @@ -9,7 +9,9 @@

        - + + +
        --- wp-admin/options-writing.php +++ wp-admin/options-writing.php @@ -10,6 +10,7 @@

        +
        --- wp-admin/options.php +++ wp-admin/options.php @@ -29,7 +29,7 @@ case 'update': $any_changed = 0; - check_admin_referer(); + check_admin_referer('update-options'); if (!$_POST['page_options']) { foreach ($_POST as $key => $value) { @@ -68,8 +68,6 @@ if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) { // If home changed, write rewrite rules to new location. $wp_rewrite->flush_rules(); - // Get currently logged in user and password. - get_currentuserinfo(); // Clear cookies for old paths. wp_clearcookie(); // Set cookies for new paths. @@ -91,6 +89,7 @@

        +
        post_status = 'static'; --- wp-admin/plugin-editor.php +++ wp-admin/plugin-editor.php @@ -34,6 +34,8 @@ case 'update': + check_admin_referer('edit-plugin_' . $file); + if ( !current_user_can('edit_plugins') ) die('

        '.__('You have do not have sufficient permissions to edit templates for this blog.').'

        '); @@ -95,6 +97,7 @@ +
        --- wp-admin/plugins.php +++ wp-admin/plugins.php @@ -2,9 +2,8 @@ require_once('admin.php'); if ( isset($_GET['action']) ) { - check_admin_referer(); - if ('activate' == $_GET['action']) { + check_admin_referer('activate-plugin_' . $_GET['plugin']); $current = get_settings('active_plugins'); if (!in_array($_GET['plugin'], $current)) { $current[] = trim( $_GET['plugin'] ); @@ -15,6 +14,7 @@ } header('Location: plugins.php?activate=true'); } else if ('deactivate' == $_GET['action']) { + check_admin_referer('deactivate-plugin_' . $_GET['plugin']); $current = get_settings('active_plugins'); array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! update_option('active_plugins', $current); @@ -98,11 +98,11 @@ $style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate'; if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) { - $action = "".__('Deactivate').""; + $action = "".__('Deactivate').""; $plugin_data['Title'] = "{$plugin_data['Title']}"; $style .= $style == 'alternate' ? ' active' : 'active'; } else { - $action = "".__('Activate').""; + $action = "".__('Activate').""; } $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; if ($style != '') $style = 'class="' . $style . '"'; --- wp-admin/post.php +++ wp-admin/post.php @@ -30,7 +30,7 @@ switch($action) { case 'post': - check_admin_referer(); + check_admin_referer('add-post'); $post_ID = write_post(); @@ -87,10 +87,10 @@ break; case 'editattachment': - check_admin_referer(); - $post_id = (int) $_POST['post_ID']; + check_admin_referer('update-attachment_' . $post_id); + // Don't let these be changed unset($_POST['guid']); $_POST['post_status'] = 'attachment'; @@ -105,7 +105,8 @@ add_post_meta($post_id, '_wp_attachment_metadata', $newmeta); case 'editpost': - check_admin_referer(); + $post_ID = (int) $_POST['post_ID']; + check_admin_referer('update-post_' . $post_ID); $post_ID = edit_post(); @@ -130,9 +131,8 @@ break; case 'delete': - check_admin_referer(); - $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); + check_admin_referer('delete-post_' . $post_id); $post = & get_post($post_id); @@ -203,6 +203,7 @@ echo "\n"; echo "\n"; echo "\n"; + wp_nonce_field('delete-comment_' . $comment->comment_ID); echo ""; echo "  "; echo "\n"; @@ -212,10 +213,9 @@ break; case 'deletecomment': - - check_admin_referer(); - $comment = (int) $_GET['comment']; + check_admin_referer('delete-comment_' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -243,10 +243,9 @@ break; case 'unapprovecomment': - - check_admin_referer(); - $comment = (int) $_GET['comment']; + check_admin_referer('unapprove-comment_' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -271,8 +270,8 @@ break; case 'mailapprovecomment': - $comment = (int) $_GET['comment']; + check_admin_referer('approve-comment_' . $comment); if ( ! $comment = get_comment($comment) ) die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php')); @@ -291,8 +290,9 @@ break; case 'approvecomment': - $comment = (int) $_GET['comment']; + check_admin_referer('approve-comment_' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -322,6 +322,8 @@ case 'editedcomment': + check_admin_referer('update-comment'); + edit_comment(); $referredby = $_POST['referredby']; --- wp-admin/profile-update.php +++ wp-admin/profile-update.php @@ -2,7 +2,7 @@ require_once('admin.php'); -check_admin_referer(); +check_admin_referer('update-profile_' . $user_ID); if ( !$_POST ) die( __('No post?') ); --- wp-admin/profile.php +++ wp-admin/profile.php @@ -19,6 +19,7 @@

        +

        --- wp-admin/templates.php +++ wp-admin/templates.php @@ -36,6 +36,8 @@ case 'update': + check_admin_referer('edit-file_' . $file); + if ( ! current_user_can('edit_files') ) die('

        '.__('You have do not have sufficient permissions to edit templates for this blog.').'

        '); @@ -126,6 +128,7 @@
        +
        --- wp-admin/theme-editor.php +++ wp-admin/theme-editor.php @@ -47,6 +47,8 @@ case 'update': + check_admin_referer('edit-theme_' . $file . $theme); + if ( !current_user_can('edit_themes') ) die('

        '.__('You have do not have sufficient permissions to edit templates for this blog.').'

        '); @@ -129,6 +131,7 @@ if (!$error) { ?> +
        --- wp-admin/themes.php +++ wp-admin/themes.php @@ -2,7 +2,7 @@ require_once('admin.php'); if ( isset($_GET['action']) ) { - check_admin_referer(); + check_admin_referer('switch-theme_' . $_GET['template']); if ('activate' == $_GET['action']) { if ( isset($_GET['template']) ) @@ -69,7 +69,7 @@ $author = $themes[$theme_name]['Author']; $screenshot = $themes[$theme_name]['Screenshot']; $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir']; - $activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet"; + $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template); ?>

        --- wp-admin/upgrade-schema.php +++ wp-admin/upgrade-schema.php @@ -229,6 +229,9 @@ add_option('uploads_use_yearmonth_folders', 1); add_option('upload_path', 'wp-content/uploads'); } + + // 2.0.3 + add_option('secret', md5(uniqid(microtime()))); // Delete unused options $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog'); --- wp-admin/upgrade.php +++ wp-admin/upgrade.php @@ -75,10 +75,13 @@ break; case 1: - wp_cache_flush(); - make_db_current_silent(); - upgrade_all(); - wp_cache_flush(); + $wp_current_db_version = __get_option('db_version'); + if ( $wp_db_version != $wp_current_db_version ) { + wp_cache_flush(); + make_db_current_silent(); + upgrade_all(); + wp_cache_flush(); + } if ( empty( $_GET['backto'] ) ) $backto = __get_option('home'); --- wp-admin/user-edit.php +++ wp-admin/user-edit.php @@ -32,7 +32,7 @@ case 'update': -check_admin_referer(); +check_admin_referer('update-user_' . $user_id); $errors = array(); @@ -73,6 +73,7 @@

        +

        --- wp-admin/users.php +++ wp-admin/users.php @@ -11,7 +11,7 @@ switch ($action) { case 'promote': - check_admin_referer(); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); @@ -39,7 +39,7 @@ case 'dodelete': - check_admin_referer(); + check_admin_referer('delete-users'); if ( empty($_POST['users']) ) { header('Location: users.php'); @@ -72,7 +72,7 @@ case 'delete': - check_admin_referer(); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); @@ -86,6 +86,7 @@ include ('admin-header.php'); ?> +

        @@ -131,7 +132,7 @@ break; case 'adduser': - check_admin_referer(); + check_admin_referer('add-user'); $errors = add_user(); @@ -200,6 +201,7 @@ ?> +

        @@ -280,6 +282,7 @@

        '.sprintf(__('Users can register themselves or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'

        '; ?> +
        --- wp-comments-post.php +++ wp-comments-post.php @@ -24,11 +24,11 @@ $comment_content = trim($_POST['comment']); // If the user is logged in -get_currentuserinfo(); -if ( $user_ID ) : - $comment_author = $wpdb->escape($user_identity); - $comment_author_email = $wpdb->escape($user_email); - $comment_author_url = $wpdb->escape($user_url); +$user = wp_get_current_user(); +if ( $user->ID ) : + $comment_author = $wpdb->escape($user->display_name); + $comment_author_email = $wpdb->escape($user->user_email); + $comment_author_url = $wpdb->escape($user->user_url); else : if ( get_option('comment_registration') ) die( __('Sorry, you must be logged in to post a comment.') ); @@ -36,7 +36,7 @@ $comment_type = ''; -if ( get_settings('require_name_email') && !$user_ID ) { +if ( get_settings('require_name_email') && !$user->ID ) { if ( 6 > strlen($comment_author_email) || '' == $comment_author ) die( __('Error: please fill the required fields (name, email).') ); elseif ( !is_email($comment_author_email)) @@ -50,7 +50,7 @@ $comment_id = wp_new_comment( $commentdata ); -if ( !$user_ID ) : +if ( !$user->ID ) : $comment = get_comment($comment_id); setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); --- wp-content/plugins/akismet/akismet.php +++ wp-content/plugins/akismet/akismet.php @@ -4,12 +4,24 @@ Plugin URI: http://akismet.com/ Description: Akismet checks your comments against the Akismet web serivce to see if they look like spam or not. You need a WordPress.com API key to use this service. You can review the spam it catches under "Manage" and it automatically deletes old spam after 15 days. Hat tip: Michael Hampton and Chris J. Davis for help with the plugin. Author: Matt Mullenweg -Version: 1.14 +Version: 1.15 Author URI: http://photomatt.net/ */ add_action('admin_menu', 'ksd_config_page'); +if ( ! function_exists('wp_nonce_field') ) { + function akismet_nonce_field($action = -1) { + return; + } + $akismet_nonce = -1; +} else { + function akismet_nonce_field($action = -1) { + return wp_nonce_field($action); + } + $akismet_nonce = 'akismet-update-key'; +} + function ksd_config_page() { global $wpdb; if ( function_exists('add_submenu_page') ) @@ -17,8 +29,9 @@ } function akismet_conf() { + global $akismet_nonce; if ( isset($_POST['submit']) ) { - check_admin_referer(); + check_admin_referer($akismet_nonce); $key = preg_replace('/[^a-h0-9]/i', '', $_POST['key']); if ( akismet_verify_key( $key ) ) update_option('wordpress_api_key', $key); @@ -34,6 +47,7 @@

        Akismet will greatly reduce or even completely eliminate the comment and trackback spam you get on your site. If one does happen to get through, simply mark it as "spam" on the moderation screen and Akismet will learn from the mistakes. If you don\'t have a WordPress.com account yet, you can get one at WordPress.com.'), 'http://akismet.com/', 'http://wordpress.com/api-keys/'); ?>

        +

        @@ -72,7 +86,7 @@ $ksd_api_host = get_option('wordpress_api_key') . '.rest.akismet.com'; $ksd_api_port = 80; -$ksd_user_agent = "WordPress/$wp_version | Akismet/1.14"; +$ksd_user_agent = "WordPress/$wp_version | Akismet/1.15"; // Returns array with headers in $response[0] and entity in $response[1] function ksd_http_post($request, $host, $path, $port = 80) { @@ -87,7 +101,7 @@ $http_request .= $request; $response = ''; - if( false !== ( $fs = @fsockopen($host, $port, $errno, $errstr, 3) ) ) { + if( false !== ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { fwrite($fs, $http_request); while ( !feof($fs) ) @@ -221,7 +235,7 @@ $count = get_option('akismet_spam_count'); if ( $count ) { ?> -

        %1$s spam for you since you installed it.'), number_format($count) ); ?>

        +

        %1$s spam for you since you first installed it.'), number_format($count) ); ?>

        -

        +

        '.__('These are the latest comments identified as spam by Akismet. If you see any mistakes, simply mark the comment as "not spam" and Akismet will learn from the submission. If you wish to recover a comment from spam, simply select the comment, and click Not Spam. After 15 days we clean out the junk for you.').'

        '; ?> get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT 150"); @@ -247,7 +261,7 @@ ?> -
          +
            comment_ID' $class>"; ?> -

            comment_author_email) { ?>| comment_author_url && 'http://' != $comment->comment_author_url) { ?> | | |

            + +

            comment_author_email) { ?>| comment_author_url && 'http://' != $comment->comment_author_url) { ?> | |

            + -
        +

        - +

        +

        + +
        +

        +    +

        backup_dir = trailingslashit($this->backup_dir); $this->basename = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', __FILE__); if (isset($_POST['do_backup'])) { + if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.')); switch($_POST['do_backup']) { case 'backup': $this->perform_backup(); @@ -52,8 +52,10 @@ break; } } elseif (isset($_GET['fragment'] )) { + if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.')); add_action('init', array(&$this, 'init')); } elseif (isset($_GET['backup'] )) { + if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.')); add_action('init', array(&$this, 'init')); } else { add_action('admin_menu', array(&$this, 'admin_menu')); @@ -61,10 +63,7 @@ } function init() { - global $user_level; - get_currentuserinfo(); - - if ($user_level < 9) die(__('Need higher user level.')); + if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.')); if (isset($_GET['backup'])) { $via = isset($_GET['via']) ? $_GET['via'] : 'http'; @@ -307,7 +306,7 @@ $core_tables = $_POST['core_tables']; $this->backup_file = $this->db_backup($core_tables, $also_backup); - if (FALSE !== $backup_file) { + if (FALSE !== $this->backup_file) { if ('smtp' == $_POST['deliver']) { $this->deliver_backup ($this->backup_file, $_POST['deliver'], $_POST['backup_recipient']); } elseif ('http' == $_POST['deliver']) { @@ -884,6 +883,11 @@ } // wp_cron_db_backup } -$mywpdbbackup = new wpdbBackup(); +function wpdbBackup_init() { + global $mywpdbbackup; + $mywpdbbackup = new wpdbBackup(); +} + +add_action('plugins_loaded', 'wpdbBackup_init'); ?> --- wp-includes/cache.php +++ wp-includes/cache.php @@ -47,8 +47,8 @@ return $wp_object_cache->set($key, $data, $flag, $expire); } -define('CACHE_SERIAL_HEADER', ""); +define('CACHE_SERIAL_HEADER', ""); class WP_Object_Cache { var $cache_dir; @@ -64,6 +64,7 @@ var $cold_cache_hits = 0; var $warm_cache_hits = 0; var $cache_misses = 0; + var $secret = ''; function acquire_lock() { // Acquire a write lock. @@ -103,7 +104,7 @@ if ( ! $this->acquire_lock() ) return false; - + $this->rm_cache_dir(); $this->cache = array (); $this->dirty_objects = array (); @@ -142,7 +143,7 @@ return false; } - $cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php'; + $cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php'; if (!file_exists($cache_file)) { $this->non_existant_objects[$group][$id] = true; $this->cache_misses += 1; @@ -158,7 +159,7 @@ return false; } - $this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))); + $this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)))); if (false === $this->cache[$group][$id]) $this->cache[$group][$id] = ''; @@ -173,6 +174,14 @@ return "{$this->blog_id}/$group"; } + function hash($data) { + if ( function_exists('hash_hmac') ) { + return hash_hmac('md5', $data, $this->secret); + } else { + return md5($data . $this->secret); + } + } + function load_group_from_db($group) { global $wpdb; @@ -332,7 +341,7 @@ $ids = array_unique($ids); foreach ($ids as $id) { - $cache_file = $group_dir.md5($id.DB_PASSWORD).'.php'; + $cache_file = $group_dir.$this->hash($id).'.php'; // Remove the cache file if the key is not set. if (!isset ($this->cache[$group][$id])) { @@ -342,7 +351,7 @@ } $temp_file = tempnam($group_dir, 'tmp'); - $serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER; + $serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER; $fd = @fopen($temp_file, 'w'); if ( false === $fd ) { $errors++; @@ -400,6 +409,9 @@ if (defined('DISABLE_CACHE')) return; + if ( ! defined('ENABLE_CACHE') ) + return; + // Disable the persistent cache if safe_mode is on. if ( ini_get('safe_mode') && ! defined('ENABLE_CACHE') ) return; @@ -421,7 +433,12 @@ if (defined('CACHE_EXPIRATION_TIME')) $this->expiration_time = CACHE_EXPIRATION_TIME; - $this->blog_id = md5($blog_id); + if ( defined('WP_SECRET') ) + $this->secret = WP_SECRET; + else + $this->secret = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH; + + $this->blog_id = $this->hash($blog_id); } } ?> --- wp-includes/capabilities.php +++ wp-includes/capabilities.php @@ -309,7 +309,7 @@ // Capability checking wrapper around the global $current_user object. function current_user_can($capability) { - global $current_user; + $current_user = wp_get_current_user(); $args = array_slice(func_get_args(), 1); $args = array_merge(array($capability), $args); --- wp-includes/classes.php +++ wp-includes/classes.php @@ -616,7 +616,7 @@ $join = apply_filters('posts_join', $join); // Paging - if (empty($q['nopaging']) && ! $this->is_single) { + if (empty($q['nopaging']) && ! $this->is_single && ! $this->is_page) { $page = $q['paged']; if (empty($page)) { $page = 1; @@ -826,7 +826,7 @@ if ( empty( $word ) ) continue; $fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text); - if( strpos( $fulltext, strtolower($word) ) != FALSE ) { + if( false !== strpos( $fulltext, strtolower($word) ) ) { $this->found_comments[] = $comment->ID; break; } @@ -1604,7 +1604,6 @@ } function send_headers() { - global $current_user; @header('X-Pingback: '. get_bloginfo('pingback_url')); if ( is_user_logged_in() ) nocache_headers(); @@ -1681,7 +1680,7 @@ } function init() { - get_currentuserinfo(); + wp_get_current_user(); } function query_posts() { --- wp-includes/comment-functions.php +++ wp-includes/comment-functions.php @@ -34,8 +34,6 @@ $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date"); } - get_currentuserinfo(); - define('COMMENTS_TEMPLATE', true); $include = apply_filters('comments_template', TEMPLATEPATH . $file ); if ( file_exists( $include ) ) @@ -185,6 +183,8 @@ // Merge old and new fields with new fields overwriting old ones. $commentarr = array_merge($comment, $commentarr); + $commentarr = wp_filter_comment( $commentarr ); + // Now extract the merged array. extract($commentarr); @@ -900,6 +900,8 @@ function get_approved_comments($post_id) { global $wpdb; + + $post_id = (int) $post_id; return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date"); } --- wp-includes/default-filters.php +++ wp-includes/default-filters.php @@ -49,6 +49,40 @@ add_filter('comment_excerpt', 'convert_chars'); +// Categories +add_filter('pre_category_name', 'strip_tags'); +add_filter('pre_category_name', 'trim'); +add_filter('pre_category_name', 'wp_filter_kses'); +add_filter('pre_category_name', 'wp_specialchars', 30); +add_filter('pre_category_description', 'wp_filter_kses'); + +// Users +add_filter('pre_user_display_name', 'strip_tags'); +add_filter('pre_user_display_name', 'trim'); +add_filter('pre_user_display_name', 'wp_filter_kses'); +add_filter('pre_user_display_name', 'wp_specialchars', 30); +add_filter('pre_user_first_name', 'strip_tags'); +add_filter('pre_user_first_name', 'trim'); +add_filter('pre_user_first_name', 'wp_filter_kses'); +add_filter('pre_user_first_name', 'wp_specialchars', 30); +add_filter('pre_user_last_name', 'strip_tags'); +add_filter('pre_user_last_name', 'trim'); +add_filter('pre_user_last_name', 'wp_filter_kses'); +add_filter('pre_user_last_name', 'wp_specialchars', 30); +add_filter('pre_user_nickname', 'strip_tags'); +add_filter('pre_user_nickname', 'trim'); +add_filter('pre_user_nickname', 'wp_filter_kses'); +add_filter('pre_user_nickname', 'wp_specialchars', 30); +add_filter('pre_user_description', 'strip_tags'); +add_filter('pre_user_description', 'trim'); +add_filter('pre_user_description', 'wp_filter_kses'); +add_filter('pre_user_description', 'wp_specialchars', 30); +add_filter('pre_user_url', 'strip_tags'); +add_filter('pre_user_url', 'trim'); +add_filter('pre_user_url', 'clean_url'); +add_filter('pre_user_email', 'trim'); +add_filter('pre_user_email', 'sanitize_email'); + // Places to balance tags on input add_filter('content_save_pre', 'balanceTags', 50); add_filter('excerpt_save_pre', 'balanceTags', 50); --- wp-includes/functions-compat.php +++ wp-includes/functions-compat.php @@ -72,7 +72,7 @@ * @link http://php.net/function.array_change_key_case * @author Stephan Schmidt * @author Aidan Lister - * @version $Revision: 3471 $ + * @version $Revision: 3771 $ * @since PHP 4.2.0 * @require PHP 4.0.0 (user_error) */ @@ -97,4 +97,17 @@ } } +// From php.net +if(!function_exists('http_build_query')) { + function http_build_query( $formdata, $numeric_prefix = null, $key = null ) { + $res = array(); + foreach ((array)$formdata as $k=>$v) { + $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k); + if ($key) $tmp_key = $key.'['.$tmp_key.']'; + $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) ); + } + $separator = ini_get('arg_separator.output'); + return implode($separator, $res); + } +} ?> --- wp-includes/functions-formatting.php +++ wp-includes/functions-formatting.php @@ -41,7 +41,7 @@ } else { $next = true; } - $curl = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&$1', $curl); + $curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&$1', $curl); $output .= $curl; } return $output; @@ -274,7 +274,7 @@ // If strict, reduce to ASCII for max portability. if ( $strict ) - $username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username); + $username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username); return apply_filters('sanitize_user', $username, $raw_username, $strict); } @@ -997,10 +997,7 @@ '♦' => '♦' ); - foreach ($to_ncr as $entity => $ncr) { - $text = str_replace($entity, $ncr, $text); - } - return $text; + return str_replace( array_keys($to_ncr), array_values($to_ncr), $text ); } function wp_richedit_pre($text) { @@ -1018,4 +1015,9 @@ return apply_filters('richedit_pre', $output); } +// Escape single quotes, specialchar double quotes, and fix line endings. +function js_escape($text) { + $text = wp_specialchars($text, 'double'); + return preg_replace("/\r?\n/", "\\n", addslashes($text)); +} ?> --- wp-includes/functions-post.php +++ wp-includes/functions-post.php @@ -352,7 +352,7 @@ global $wpdb; $postid = (int) $postid; - if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") ) + if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") ) return $post; if ( 'attachment' != $post->post_status ) @@ -361,17 +361,17 @@ $meta = get_post_meta($postid, '_wp_attachment_metadata', true); $file = get_post_meta($postid, '_wp_attached_file', true); - $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid"); + $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'"); - $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid"); + $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'"); - $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid"); + $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'"); - $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid"); + $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'"); if ( ! empty($meta['thumb']) ) { // Don't delete the thumb if another attachment uses it - if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid")) + if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'")) @ unlink(str_replace(basename($file), $meta['thumb'], $file)); } @@ -456,9 +456,11 @@ function wp_get_post_cats($blogid = '1', $post_ID = 0) { global $wpdb; + $post_ID = (int) $post_ID; + $sql = "SELECT category_id FROM $wpdb->post2cat - WHERE post_id = $post_ID + WHERE post_id = '$post_ID' ORDER BY category_id"; $result = $wpdb->get_col($sql); --- wp-includes/functions.php +++ wp-includes/functions.php @@ -32,10 +32,10 @@ $dateweekday = $weekday[date('w', $i)]; $dateweekday_abbrev = $weekday_abbrev[$dateweekday]; $dateformatstring = ' '.$dateformatstring; - $dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring); - $dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring); - $dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring); - $dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring); $dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1); } @@ -305,10 +305,10 @@ } function get_user_option( $option, $user = 0 ) { - global $wpdb, $current_user; + global $wpdb; if ( empty($user) ) - $user = $current_user; + $user = wp_get_current_user(); else $user = get_userdata($user); @@ -364,6 +364,7 @@ return true; } + $_newvalue = $newvalue; if ( is_array($newvalue) || is_object($newvalue) ) $newvalue = serialize($newvalue); @@ -373,7 +374,7 @@ $option_name = $wpdb->escape($option_name); $wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'"); if ( $wpdb->rows_affected == 1 ) { - do_action("update_option_{$option_name}", $oldvalue, $newvalue); + do_action("update_option_{$option_name}", array('old'=>$oldvalue, 'new'=>$_newvalue)); return true; } return false; @@ -1090,15 +1091,13 @@ $headers["$key"] = $matches[2][$i]; } - $code = preg_replace('/.*?(\d{3}).*/i', '$1', $response); - - $headers['status_code'] = $code; - - if ( '302' == $code || '301' == $code ) - return wp_get_http_headers( $url, ++$red ); - preg_match('/.*([0-9]{3}).*/', $response, $return); $headers['response'] = $return[1]; // HTTP response code eg 204, 200, 404 + + $code = $headers['response']; + if ( ('302' == $code || '301' == $code) && isset($headers['location']) ) + return wp_get_http_headers( $headers['location'], ++$red ); + return $headers; } @@ -1146,6 +1145,28 @@ return true; } +// Setup global user vars. Used by set_current_user() for back compat. +function setup_userdata($user_id = '') { + global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity; + + if ( '' == $user_id ) + $user = wp_get_current_user(); + else + $user = new WP_User($user_id); + + if ( 0 == $user->ID ) + return; + + $userdata = $user->data; + $user_login = $user->user_login; + $user_level = $user->user_level; + $user_ID = $user->ID; + $user_email = $user->user_email; + $user_url = $user->user_url; + $user_pass_md5 = md5($user->user_pass); + $user_identity = $user->display_name; +} + function is_new_day() { global $day, $previousday; if ( $day != $previousday ) { @@ -2287,4 +2308,12 @@ return $wpdb->num_queries; } +function wp_nonce_url($actionurl, $action = -1) { + return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl); +} + +function wp_nonce_field($action = -1) { + echo ''; +} + ?> --- wp-includes/kses.php +++ wp-includes/kses.php @@ -528,16 +528,11 @@ } function kses_init() { - global $current_user; - remove_filter('pre_comment_author', 'wp_filter_kses'); remove_filter('pre_comment_content', 'wp_filter_kses'); remove_filter('content_save_pre', 'wp_filter_post_kses'); remove_filter('title_save_pre', 'wp_filter_kses'); - if (! defined('XMLRPC_REQUEST') ) - get_currentuserinfo(); - if (current_user_can('unfiltered_html') == false) kses_init_filters(); } --- wp-includes/links.php +++ wp-includes/links.php @@ -445,9 +445,10 @@ ** uses 0 */ function get_linkcatname($id = 0) { + $id = (int) $id; global $wpdb; $cat_name = ''; - if ('' != $id) { + if ( !empty($id) ) { $cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id"); } return $cat_name; @@ -562,4 +563,4 @@ } } -?> \ No newline at end of file +?> --- wp-includes/pluggable-functions.php +++ wp-includes/pluggable-functions.php @@ -5,21 +5,20 @@ if ( !function_exists('set_current_user') ) : function set_current_user($id, $name = '') { - global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; + return wp_set_current_user($id, $name); +} +endif; - $current_user = ''; +if ( !function_exists('wp_set_current_user') ) : +function wp_set_current_user($id, $name = '') { + global $current_user; - $current_user = new WP_User($id, $name); + if ( isset($current_user) && ($id == $current_user->ID) ) + return $current_user; - $userdata = get_userdatabylogin($user_login); + $current_user = new WP_User($id, $name); - $user_login = $userdata->user_login; - $user_level = $userdata->user_level; - $user_ID = $userdata->ID; - $user_email = $userdata->user_email; - $user_url = $userdata->user_url; - $user_pass_md5 = md5($userdata->user_pass); - $user_identity = $userdata->display_name; + setup_userdata($current_user->ID); do_action('set_current_user'); @@ -27,30 +26,34 @@ } endif; +if ( !function_exists('wp_get_current_user') ) : +function wp_get_current_user() { + global $current_user; + + get_currentuserinfo(); + + return $current_user; +} +endif; if ( !function_exists('get_currentuserinfo') ) : function get_currentuserinfo() { - global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; + global $current_user; if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) return false; + if ( ! empty($current_user) ) + return; + if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { - $current_user = new WP_User(0); + wp_set_current_user(0); return false; } - $user_login = $_COOKIE[USER_COOKIE]; - $userdata = get_userdatabylogin($user_login); - $user_level = $userdata->user_level; - $user_ID = $userdata->ID; - $user_email = $userdata->user_email; - $user_url = $userdata->user_url; - $user_pass_md5 = md5($userdata->user_pass); - $user_identity = $userdata->display_name; - if ( empty($current_user) ) - $current_user = new WP_User($user_ID); + $user_login = $_COOKIE[USER_COOKIE]; + wp_set_current_user(0, $user_login); } endif; @@ -201,10 +204,11 @@ if ( !function_exists('is_user_logged_in') ) : function is_user_logged_in() { - global $current_user; + $user = wp_get_current_user(); - if ( $current_user->id == 0 ) + if ( $user->id == 0 ) return false; + return true; } endif; @@ -224,12 +228,49 @@ endif; if ( !function_exists('check_admin_referer') ) : -function check_admin_referer() { +function check_admin_referer($action = -1) { + global $pagenow; $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; $referer = strtolower($_SERVER['HTTP_REFERER']); - if (!strstr($referer, $adminurl)) - die(__('Sorry, you need to enable sending referrers for this feature to work.')); + if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && + !(-1 == $action && strstr($referer, $adminurl)) ) { + + $html = "\n\n\n"; + $html .= "\n\t" . __('WordPress Confirmation') . "\n"; + $html .= "\n\n"; + if ( $_POST ) { + $q = http_build_query($_POST); + $q = explode( ini_get('arg_separator.output'), $q); + $html .= "\t
        \n"; + foreach ( (array) $q as $a ) { + $v = substr(strstr($a, '='), 1); + $k = substr($a, 0, -(strlen($v)+1)); + $html .= "\t\t\n"; + } + $html .= "\t\t\n"; + $html .= "\t\t

        " . __('Are you sure you want to do this?') . "

        \n\t\t

        No

        \n\t
        \n"; + } else { + $html .= "\t

        " . __('Are you sure you want to do this?') . "

        \n\t\t

        No " . __('Yes') . "

        \n"; + } + $html .= "\n"; + + die($html); + } do_action('check_admin_referer'); +}endif; + +if ( !function_exists('check_ajax_referer') ) : +function check_ajax_referer() { + $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie + foreach ( $cookie as $tasty ) { + if ( false !== strpos($tasty, USER_COOKIE) ) + $user = substr(strstr($tasty, '='), 1); + if ( false !== strpos($tasty, PASS_COOKIE) ) + $pass = substr(strstr($tasty, '='), 1); + } + if ( wp_login( $user, $pass, true ) ) + return true; + return false; } endif; @@ -248,6 +289,16 @@ } endif; +if ( !function_exists('wp_get_cookie_login') ): +function wp_get_cookie_login() { + if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ) + return false; + + return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]); +} + +endif; + if ( !function_exists('wp_setcookie') ) : function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) { if ( !$already_md5 ) @@ -429,4 +480,51 @@ } endif; +if ( !function_exists('wp_verify_nonce') ) : +function wp_verify_nonce($nonce, $action = -1) { + $user = wp_get_current_user(); + $uid = $user->id; + + $i = ceil(time() / 43200); + + //Allow for expanding range, but only do one check if we can + if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce ) + return true; + return false; +} +endif; + +if ( !function_exists('wp_create_nonce') ) : +function wp_create_nonce($action = -1) { + $user = wp_get_current_user(); + $uid = $user->id; + + $i = ceil(time() / 43200); + + return substr(wp_hash($i . $action . $uid), -12, 10); +} +endif; + +if ( !function_exists('wp_salt') ) : +function wp_salt() { + $salt = get_option('secret'); + if ( empty($salt) ) + $salt = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH; + + return $salt; +} +endif; + +if ( !function_exists('wp_hash') ) : +function wp_hash($data) { + $salt = wp_salt(); + + if ( function_exists('hash_hmac') ) { + return hash_hmac('md5', $data, $salt); + } else { + return md5($data . $salt); + } +} +endif; + ?> --- wp-includes/registration-functions.php +++ wp-includes/registration-functions.php @@ -27,6 +27,7 @@ // Are we updating or creating? if ( !empty($ID) ) { + $ID = (int) $ID; $update = true; } else { $update = false; @@ -35,16 +36,40 @@ } $user_login = sanitize_user($user_login, true); + $user_login = apply_filters('pre_user_login', $user_login); if ( empty($user_nicename) ) $user_nicename = sanitize_title( $user_login ); + $user_nicename = apply_filters('pre_user_nicename', $user_nicename); + + if ( empty($user_url) ) + $user_url = ''; + $user_url = apply_filters('pre_user_url', $user_url); + + if ( empty($user_email) ) + $user_email = ''; + $user_email = apply_filters('pre_user_email', $user_email); if ( empty($display_name) ) $display_name = $user_login; - + $display_name = apply_filters('pre_user_display_name', $display_name); + if ( empty($nickname) ) $nickname = $user_login; - + $nickname = apply_filters('pre_user_nickname', $nickname); + + if ( empty($first_name) ) + $first_name = ''; + $first_name = apply_filters('pre_user_first_name', $first_name); + + if ( empty($last_name) ) + $last_name = ''; + $last_name = apply_filters('pre_user_last_name', $last_name); + + if ( empty($description) ) + $description = ''; + $description = apply_filters('pre_user_description', $description); + if ( empty($user_registered) ) $user_registered = gmdate('Y-m-d H:i:s'); @@ -93,7 +118,7 @@ } function wp_update_user($userdata) { - global $wpdb, $current_user; + global $wpdb; $ID = (int) $userdata['ID']; @@ -114,6 +139,7 @@ $user_id = wp_insert_user($userdata); // Update the cookies if the password changed. + $current_user = wp_get_current_user(); if( $current_user->id == $ID ) { if ( isset($plaintext_pass) ) { wp_clearcookie(); --- wp-includes/template-functions-general.php +++ wp-includes/template-functions-general.php @@ -27,10 +27,7 @@ function wp_loginout() { - global $user_ID; - get_currentuserinfo(); - - if ('' == $user_ID) + if ( ! is_user_logged_in() ) $link = '' . __('Login') . ''; else $link = '' . __('Logout') . ''; @@ -40,16 +37,15 @@ function wp_register( $before = '
      • ', $after = '
        • ' ) { - global $user_ID; - - get_currentuserinfo(); - if ( '' == $user_ID && get_settings('users_can_register') ) - $link = $before . '' . __('Register') . '' . $after; - elseif ( '' == $user_ID && !get_settings('users_can_register') ) - $link = ''; - else + if ( ! is_user_logged_in() ) { + if ( get_settings('users_can_register') ) + $link = $before . '' . __('Register') . '' . $after; + else + $link = ''; + } else { $link = $before . '' . __('Site Admin') . '' . $after; + } echo apply_filters('register', $link); } @@ -62,7 +58,9 @@ function bloginfo($show='') { $info = get_bloginfo($show); - if ( ! (strstr($info, 'url') || strstr($info, 'directory')) ) { + if (!strstr($show, 'url') && //don't filter URLs + !strstr($show, 'directory') && + !strstr($show, 'home')) { $info = apply_filters('bloginfo', $info, $show); $info = convert_chars($info); } @@ -507,8 +505,8 @@ // Get days with posts $dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date) - FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth - AND YEAR(post_date) = $thisyear + FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth' + AND YEAR(post_date) = '$thisyear' AND post_status = 'publish' AND post_date < '" . current_time('mysql') . '\'', ARRAY_N); if ( $dayswithposts ) { --- wp-includes/template-functions-links.php +++ wp-includes/template-functions-links.php @@ -62,14 +62,15 @@ $authordata = get_userdata($post->post_author); $author = $authordata->user_nicename; + $date = explode(" ",date('Y m d H i s', $unixtime)); $rewritereplace = array( - date('Y', $unixtime), - date('m', $unixtime), - date('d', $unixtime), - date('H', $unixtime), - date('i', $unixtime), - date('s', $unixtime), + $date[0], + $date[1], + $date[2], + $date[3], + $date[4], + $date[5], $post->post_name, $post->ID, $category, --- wp-includes/vars.php +++ wp-includes/vars.php @@ -92,16 +92,6 @@ ); } -// sorts the smilies' array -if (!function_exists('smiliescmp')) { -function smiliescmp ($a, $b) { - if (strlen($a) == strlen($b)) { - return strcmp($a, $b); - } - return (strlen($a) > strlen($b)) ? -1 : 1; - } -} -uksort($wpsmiliestrans, 'smiliescmp'); // generates smilies' search & replace arrays foreach($wpsmiliestrans as $smiley => $img) { --- wp-includes/version.php +++ wp-includes/version.php @@ -2,7 +2,7 @@ // This just holds the version number, in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.0.2'; -$wp_db_version = 3437; +$wp_version = '2.0.3'; +$wp_db_version = 3440; ?> --- wp-login.php +++ wp-login.php @@ -177,12 +177,12 @@ $user_login = sanitize_user( $user_login ); $user_pass = $_POST['pwd']; $rememberme = $_POST['rememberme']; - } elseif ( !empty($_COOKIE) ) { - if ( !empty($_COOKIE[USER_COOKIE]) ) - $user_login = $_COOKIE[USER_COOKIE]; - if ( !empty($_COOKIE[PASS_COOKIE]) ) { - $user_pass = $_COOKIE[PASS_COOKIE]; + } else { + $cookie_login = wp_get_cookie_login(); + if ( ! empty($cookie_login) ) { $using_cookie = true; + $user_login = $cookie_login['login']; + $user_pass = $cookie_login['password']; } }