Index: wp-login.php
===================================================================
--- wp-login.php (.../2.1.2) (revision 5183)
+++ wp-login.php (.../2.1.3) (revision 5183)
@@ -286,7 +286,7 @@
$user_pass = '';
$using_cookie = FALSE;
- if ( !isset( $_REQUEST['redirect_to'] ) )
+ if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() )
$redirect_to = 'wp-admin/';
else
$redirect_to = $_REQUEST['redirect_to'];
Index: wp-comments-post.php
===================================================================
--- wp-comments-post.php (.../2.1.2) (revision 5183)
+++ wp-comments-post.php (.../2.1.3) (revision 5183)
@@ -25,14 +25,20 @@
// If the user is logged in
$user = wp_get_current_user();
-if ( $user->ID ) :
+if ( $user->ID ) {
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
-else :
+ if ( current_user_can('unfiltered_html') ) {
+ if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
+ kses_remove_filters(); // start with a clean slate
+ kses_init_filters(); // set up the filters
+ }
+ }
+} else {
if ( get_option('comment_registration') )
wp_die( __('Sorry, you must be logged in to post a comment.') );
-endif;
+}
$comment_type = '';
Index: wp-includes/default-filters.php
===================================================================
--- wp-includes/default-filters.php (.../2.1.2) (revision 5183)
+++ wp-includes/default-filters.php (.../2.1.3) (revision 5183)
@@ -31,6 +31,8 @@
add_filter('pre_comment_author_email', 'wp_filter_kses');
add_filter('pre_comment_author_url', 'wp_filter_kses');
+add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
+
// Default filters for these functions
add_filter('comment_author', 'wptexturize');
add_filter('comment_author', 'convert_chars');
Index: wp-includes/bookmark.php
===================================================================
--- wp-includes/bookmark.php (.../2.1.2) (revision 5183)
+++ wp-includes/bookmark.php (.../2.1.3) (revision 5183)
@@ -3,6 +3,7 @@
function get_bookmark($bookmark_id, $output = OBJECT) {
global $wpdb;
+ $bookmark_id = (int) $bookmark_id;
$link = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = '$bookmark_id'");
$link->link_category = wp_get_link_cats($bookmark_id);
Index: wp-includes/query.php
===================================================================
--- wp-includes/query.php (.../2.1.2) (revision 5183)
+++ wp-includes/query.php (.../2.1.3) (revision 5183)
@@ -931,9 +931,9 @@
if ( is_user_logged_in() ) {
if ( 'post' == $post_type )
- $cap = 'edit_private_posts';
+ $cap = 'read_private_posts';
else
- $cap = 'edit_private_pages';
+ $cap = 'read_private_pages';
if ( current_user_can($cap) )
$where .= " OR post_status = 'private'";
Index: wp-includes/link-template.php
===================================================================
--- wp-includes/link-template.php (.../2.1.2) (revision 5183)
+++ wp-includes/link-template.php (.../2.1.3) (revision 5183)
@@ -93,8 +93,9 @@
function get_page_link($id = false) {
global $post;
+ $id = (int) $id;
if ( !$id )
- $id = $post->ID;
+ $id = (int) $post->ID;
if ( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') )
$link = get_option('home');
@@ -109,7 +110,7 @@
global $post, $wp_rewrite;
if ( !$id )
- $id = $post->ID;
+ $id = (int) $post->ID;
$pagestruct = $wp_rewrite->get_page_permastruct();
@@ -130,7 +131,7 @@
$link = false;
if (! $id) {
- $id = $post->ID;
+ $id = (int) $post->ID;
}
$object = get_post($id);
@@ -379,7 +380,7 @@
function get_pagenum_link($pagenum = 1) {
global $wp_rewrite;
- $qstr = wp_specialchars($_SERVER['REQUEST_URI']);
+ $qstr = $_SERVER['REQUEST_URI'];
$page_querystring = "paged";
$page_modstring = "page/";
@@ -446,7 +447,7 @@
return $qstr;
}
-function next_posts($max_page = 0) { // original by cfactor at cooltux.org
+function get_next_posts_page_link($max_page = 0) {
global $paged, $pagenow;
if ( !is_single() ) {
@@ -454,10 +455,14 @@
$paged = 1;
$nextpage = intval($paged) + 1;
if ( !$max_page || $max_page >= $nextpage )
- echo get_pagenum_link($nextpage);
+ return get_pagenum_link($nextpage);
}
}
+function next_posts($max_page = 0) {
+ echo clean_url(get_next_posts_page_link($max_page));
+}
+
function next_posts_link($label='Next Page »', $max_page=0) {
global $paged, $wpdb, $wp_query;
if ( !$max_page ) {
@@ -473,18 +478,20 @@
}
}
-
-function previous_posts() { // original by cfactor at cooltux.org
+function get_previous_posts_page_link() {
global $paged, $pagenow;
if ( !is_single() ) {
$nextpage = intval($paged) - 1;
if ( $nextpage < 1 )
$nextpage = 1;
- echo get_pagenum_link($nextpage);
+ return get_pagenum_link($nextpage);
}
}
+function previous_posts() {
+ echo clean_url(get_previous_posts_page_link());
+}
function previous_posts_link($label='« Previous Page') {
global $paged;
Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php (.../2.1.2) (revision 5183)
+++ wp-includes/formatting.php (.../2.1.3) (revision 5183)
@@ -1072,7 +1072,11 @@
$strip = array('%0d', '%0a');
$url = str_replace($strip, '', $url);
$url = str_replace(';//', '://', $url);
- $url = (!strstr($url, '://')) ? 'http://'.$url : $url;
+ // Append http unless a relative link starting with / or a php file.
+ if ( strpos($url, '://') === false &&
+ substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9]+?\.php/i', $url) )
+ $url = 'http://' . $url;
+
$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
if ( !is_array($protocols) )
$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
Index: wp-includes/author-template.php
===================================================================
--- wp-includes/author-template.php (.../2.1.2) (revision 5183)
+++ wp-includes/author-template.php (.../2.1.3) (revision 5183)
@@ -144,7 +144,7 @@
function get_author_posts_url($author_id, $author_nicename = '') {
global $wpdb, $wp_rewrite, $post, $cache_userdata;
- $auth_ID = $author_id;
+ $auth_ID = (int) $author_id;
$link = $wp_rewrite->get_author_permastruct();
if ( empty($link) ) {
Index: wp-includes/category.php
===================================================================
--- wp-includes/category.php (.../2.1.2) (revision 5183)
+++ wp-includes/category.php (.../2.1.3) (revision 5183)
@@ -146,6 +146,7 @@
wp_cache_add($category->cat_ID, $category, 'category');
$_category = $category;
} else {
+ $category = (int) $category;
if ( ! $_category = wp_cache_get($category, 'category') ) {
$_category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$category' LIMIT 1");
wp_cache_set($category, $_category, 'category');
Index: wp-includes/post.php
===================================================================
--- wp-includes/post.php (.../2.1.2) (revision 5183)
+++ wp-includes/post.php (.../2.1.3) (revision 5183)
@@ -105,6 +105,7 @@
$post_cache[$blog_id][$post->ID] = &$post;
$_post = & $post_cache[$blog_id][$post->ID];
} else {
+ $post = (int) $post;
if ( $_post = wp_cache_get($post, 'pages') )
return get_page($_post, $output);
elseif ( isset($post_cache[$blog_id][$post]) )
@@ -374,7 +375,7 @@
global $id, $post_meta_cache, $wpdb, $blog_id;
if ( !$post_id )
- $post_id = $id;
+ $post_id = (int) $id;
$post_id = (int) $post_id;
@@ -446,6 +447,8 @@
}
function wp_get_post_categories($post_id = 0) {
+ $post_id = (int) $post_id;
+
$cats = &get_the_category($post_id);
$cat_ids = array();
foreach ( $cats as $cat )
@@ -457,6 +460,7 @@
global $wpdb;
// Set the limit clause, if we got a limit
+ $num = (int) $num;
if ($num) {
$limit = "LIMIT $num";
}
@@ -470,6 +474,8 @@
function wp_get_single_post($postid = 0, $mode = OBJECT) {
global $wpdb;
+ $postid = (int) $postid;
+
$post = get_post($postid, $mode);
// Set categories
@@ -533,7 +539,7 @@
// Get the post ID.
if ( $update )
- $post_ID = $ID;
+ $post_ID = (int) $ID;
// Create a valid post name. Drafts are allowed to have an empty
// post name.
@@ -637,7 +643,7 @@
(post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type)
VALUES
('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type')");
- $post_ID = $wpdb->insert_id;
+ $post_ID = (int) $wpdb->insert_id;
}
if ( empty($post_name) && 'draft' != $post_status ) {
@@ -763,6 +769,8 @@
function wp_set_post_categories($post_ID = 0, $post_categories = array()) {
global $wpdb;
+
+ $post_ID = (int) $post_ID;
// If $post_categories isn't already an array, make it one:
if (!is_array($post_categories) || 0 == count($post_categories) || empty($post_categories))
$post_categories = array(get_option('default_category'));
@@ -773,7 +781,7 @@
$old_categories = $wpdb->get_col("
SELECT category_id
FROM $wpdb->post2cat
- WHERE post_id = $post_ID");
+ WHERE post_id = '$post_ID'");
if (!$old_categories) {
$old_categories = array();
@@ -788,8 +796,8 @@
foreach ($delete_cats as $del) {
$wpdb->query("
DELETE FROM $wpdb->post2cat
- WHERE category_id = $del
- AND post_id = $post_ID
+ WHERE category_id = '$del'
+ AND post_id = '$post_ID'
");
}
}
@@ -799,10 +807,11 @@
if ($add_cats) {
foreach ($add_cats as $new_cat) {
+ $new_cat = (int) $new_cat;
if ( !empty($new_cat) )
$wpdb->query("
INSERT INTO $wpdb->post2cat (post_id, category_id)
- VALUES ($post_ID, $new_cat)");
+ VALUES ('$post_ID', '$new_cat')");
}
}
@@ -928,6 +937,7 @@
wp_cache_add($page->ID, $page, 'pages');
$_page = $page;
} else {
+ $page = (int) $page;
// first, check the cache
if ( ! ( $_page = wp_cache_get($page, 'pages') ) ) {
// not in the page cache?
@@ -1244,7 +1254,7 @@
$update = false;
if ( !empty($ID) ) {
$update = true;
- $post_ID = $ID;
+ $post_ID = (int) $ID;
}
// Create a valid post name.
@@ -1339,7 +1349,7 @@
(post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
VALUES
('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
- $post_ID = $wpdb->insert_id;
+ $post_ID = (int) $wpdb->insert_id;
}
if ( empty($post_name) ) {
@@ -1494,7 +1504,7 @@
$mime = (int) $mime;
if ( !$post =& get_post( $mime ) )
return false;
- $post_id = $post->ID;
+ $post_id = (int) $post->ID;
$mime = $post->post_mime_type;
}
Index: wp-includes/version.php
===================================================================
--- wp-includes/version.php (.../2.1.2) (revision 5183)
+++ wp-includes/version.php (.../2.1.3) (revision 5183)
@@ -2,7 +2,7 @@
// This holds the version number in a separate file so we can bump it without cluttering the SVN
-$wp_version = '2.1.2';
+$wp_version = '2.1.3';
$wp_db_version = 4773;
?>
Index: wp-includes/general-template.php
===================================================================
--- wp-includes/general-template.php (.../2.1.2) (revision 5183)
+++ wp-includes/general-template.php (.../2.1.3) (revision 5183)
@@ -147,8 +147,7 @@
function wp_title($sep = '»', $display = true) {
- global $wpdb;
- global $m, $year, $monthnum, $day, $category_name, $wp_locale, $posts;
+ global $wpdb, $wp_locale, $wp_query;
$cat = get_query_var('cat');
$p = get_query_var('p');
@@ -156,6 +155,10 @@
$category_name = get_query_var('category_name');
$author = get_query_var('author');
$author_name = get_query_var('author_name');
+ $m = (int) get_query_var('m');
+ $year = (int) get_query_var('year');
+ $monthnum = (int)get_query_var('monthnum');
+ $day = (int) get_query_var('day');
$title = '';
// If there's a category
@@ -196,14 +199,15 @@
if ( !empty($year) ) {
$title = $year;
if ( !empty($monthnum) )
- $title .= " $sep ".$wp_locale->get_month($monthnum);
+ $title .= " $sep " . $wp_locale->get_month($monthnum);
if ( !empty($day) )
- $title .= " $sep ".zeroise($day, 2);
+ $title .= " $sep " . zeroise($day, 2);
}
// If there is a post
if ( is_single() || is_page() ) {
- $title = strip_tags($posts[0]->post_title);
+ $queried = $wp_query->get_queried_object();
+ $title = strip_tags($queried->post_title);
$title = apply_filters('single_post_title', $title);
}
@@ -256,7 +260,12 @@
function single_month_title($prefix = '', $display = true ) {
- global $m, $monthnum, $wp_locale, $year;
+ global $wp_locale;
+
+ $m = (int) get_query_var('m');
+ $year = (int) get_query_var('year');
+ $monthnum = (int) get_query_var('monthnum');
+
if ( !empty($monthnum) && !empty($year) ) {
$my_year = $year;
$my_month = $wp_locale->get_month($monthnum);
@@ -280,6 +289,7 @@
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
$text = wptexturize($text);
$title_text = attribute_escape($text);
+ $url = clean_url($url);
if ('link' == $format)
return "\t\n";
@@ -962,7 +972,7 @@
$link = str_replace('%#%', $current - 1, $link);
if ( $add_args )
$link = add_query_arg( $add_args, $link );
- $page_links[] = "$prev_text";
+ $page_links[] = "$prev_text";
endif;
for ( $n = 1; $n <= $total; $n++ ) :
if ( $n == $current ) :
@@ -974,7 +984,7 @@
$link = str_replace('%#%', $n, $link);
if ( $add_args )
$link = add_query_arg( $add_args, $link );
- $page_links[] = "$n";
+ $page_links[] = "$n";
$dots = true;
elseif ( $dots && !$show_all ) :
$page_links[] = "...";
@@ -987,7 +997,7 @@
$link = str_replace('%#%', $current + 1, $link);
if ( $add_args )
$link = add_query_arg( $add_args, $link );
- $page_links[] = "$next_text";
+ $page_links[] = "$next_text";
endif;
switch ( $type ) :
case 'array' :
Index: wp-includes/classes.php
===================================================================
--- wp-includes/classes.php (.../2.1.2) (revision 5183)
+++ wp-includes/classes.php (.../2.1.3) (revision 5183)
@@ -148,6 +148,9 @@
$this->query_vars[$wpvar] = $_GET[$wpvar];
elseif (!empty($perma_query_vars[$wpvar]))
$this->query_vars[$wpvar] = $perma_query_vars[$wpvar];
+
+ if ( !empty( $this->query_vars[$wpvar] ) )
+ $this->query_vars[$wpvar] = (string) $this->query_vars[$wpvar];
}
foreach ($this->private_query_vars as $var) {
Index: wp-includes/pluggable.php
===================================================================
--- wp-includes/pluggable.php (.../2.1.2) (revision 5183)
+++ wp-includes/pluggable.php (.../2.1.3) (revision 5183)
@@ -473,7 +473,7 @@
if ( !function_exists('wp_verify_nonce') ) :
function wp_verify_nonce($nonce, $action = -1) {
$user = wp_get_current_user();
- $uid = $user->id;
+ $uid = (int) $user->id;
$i = ceil(time() / 43200);
@@ -487,7 +487,7 @@
if ( !function_exists('wp_create_nonce') ) :
function wp_create_nonce($action = -1) {
$user = wp_get_current_user();
- $uid = $user->id;
+ $uid = (int) $user->id;
$i = ceil(time() / 43200);
Index: wp-includes/comment.php
===================================================================
--- wp-includes/comment.php (.../2.1.2) (revision 5183)
+++ wp-includes/comment.php (.../2.1.3) (revision 5183)
@@ -81,6 +81,7 @@
$comment_cache[$comment->comment_ID] = &$comment;
$_comment = & $comment_cache[$comment->comment_ID];
} else {
+ $comment = (int) $comment;
if ( !isset($comment_cache[$comment]) ) {
$_comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");
$comment_cache[$comment->comment_ID] = & $_comment;
@@ -169,7 +170,7 @@
if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
$comment_author_url = stripslashes($comment_author_url);
- $comment_author_url = attribute_escape($comment_author_url);
+ $comment_author_url = clean_url($comment_author_url);
$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
}
}
@@ -345,7 +346,7 @@
('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
");
- $id = $wpdb->insert_id;
+ $id = (int) $wpdb->insert_id;
if ( $comment_approved == 1)
wp_update_comment_count($comment_post_ID);
Index: wp-includes/theme.php
===================================================================
--- wp-includes/theme.php (.../2.1.2) (revision 5183)
+++ wp-includes/theme.php (.../2.1.3) (revision 5183)
@@ -345,7 +345,7 @@
function get_page_template() {
global $wp_query;
- $id = $wp_query->post->ID;
+ $id = (int) $wp_query->post->ID;
$template = get_post_meta($id, '_wp_page_template', true);
if ( 'default' == $template )
Index: wp-includes/feed.php
===================================================================
--- wp-includes/feed.php (.../2.1.2) (revision 5183)
+++ wp-includes/feed.php (.../2.1.3) (revision 5183)
@@ -108,7 +108,7 @@
function get_author_rss_link($echo = false, $author_id, $author_nicename) {
- $auth_ID = $author_id;
+ $auth_ID = (int) $author_id;
$permalink_structure = get_option('permalink_structure');
if ( '' == $permalink_structure ) {
Index: wp-includes/rss.php
===================================================================
--- wp-includes/rss.php (.../2.1.2) (revision 5183)
+++ wp-includes/rss.php (.../2.1.3) (revision 5183)
@@ -782,13 +782,13 @@
if ( preg_match( $pat, $date_str, $match ) ) {
list( $year, $month, $day, $hours, $minutes, $seconds) =
- array( $match[1], $match[2], $match[3], $match[4], $match[5], $match[6]);
+ array( $match[1], $match[2], $match[3], $match[4], $match[5], $match[7]);
# calc epoch for current date assuming GMT
$epoch = gmmktime( $hours, $minutes, $seconds, $month, $day, $year);
$offset = 0;
- if ( $match[10] == 'Z' ) {
+ if ( $match[11] == 'Z' ) {
# zulu time, aka GMT
}
else {
Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php (.../2.1.2) (revision 5183)
+++ wp-includes/functions.php (.../2.1.3) (revision 5183)
@@ -566,7 +566,7 @@
$post_id_array = (array) explode(',', $post_ids);
$count = count( $post_id_array);
for ( $i = 0; $i < $count; $i++ ) {
- $post_id = $post_id_array[ $i ];
+ $post_id = (int) $post_id_array[ $i ];
if ( isset( $category_cache[$blog_id][$post_id] ) ) {
unset( $post_id_array[ $i ] );
continue;
@@ -620,7 +620,7 @@
$post_id_array = (array) explode(',', $post_id_list);
$count = count( $post_id_array);
for ( $i = 0; $i < $count; $i++ ) {
- $post_id = $post_id_array[ $i ];
+ $post_id = (int) $post_id_array[ $i ];
if ( isset( $post_meta_cache[$blog_id][$post_id] ) ) { // If the meta is already cached
unset( $post_id_array[ $i ] );
continue;
@@ -920,9 +920,11 @@
return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
}
-function wp_nonce_field($action = -1) {
- echo '';
- wp_referer_field();
+function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
+ $name = attribute_escape($name);
+ echo '';
+ if ( $referer )
+ wp_referer_field();
}
function wp_referer_field() {
@@ -1190,7 +1192,7 @@
$adminurl = get_option('siteurl') . '/wp-admin';
if ( wp_get_referer() )
- $adminurl = attribute_escape(wp_get_referer());
+ $adminurl = clean_url(wp_get_referer());
$title = __('WordPress Confirmation');
// Remove extra layer of slashes.
@@ -1198,7 +1200,7 @@
if ( $_POST ) {
$q = http_build_query($_POST);
$q = explode( ini_get('arg_separator.output'), $q);
- $html .= "\t\n";
} else {
- $html .= "\t\n";
+ $html .= "\t\n";
}
$html .= " \n