diff -Nru wordpress-3.0.1/debian/changelog wordpress-3.0.5+dfsg/debian/changelog --- wordpress-3.0.1/debian/changelog 2010-10-20 23:30:26.000000000 +0000 +++ wordpress-3.0.5+dfsg/debian/changelog 2012-01-03 18:12:42.000000000 +0000 @@ -1,8 +1,104 @@ -wordpress (3.0.1-2ubuntu1~ppa1~maverick1) maverick; urgency=low +wordpress (3.0.5+dfsg-1ubuntu1~ppa1~maverick1) maverick; urgency=low * Backport to Maverickbleed ppa. - -- Nicola Ferralis Wed, 20 Oct 2010 16:29:35 -0700 + -- Nicola Ferralis Tue, 03 Jan 2012 13:11:00 -0500 + +wordpress (3.0.5+dfsg-1ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/apache.conf: + + Changed to use /var/www instead of /srv/www for virtual webroot. + - debian/setup-mysql: + + Changed to use /var/www instead of /srv/www. + + -- Bhavani Shankar Sat, 12 Feb 2011 13:24:08 +0530 + +wordpress (3.0.5+dfsg-1) unstable; urgency=medium + + * [077b77b] Imported Upstream version 3.0.5+dfsg + * [8d1ce17] Refreshed patches + + -- Giuseppe Iuculano Fri, 11 Feb 2011 17:50:40 +0100 + +wordpress (3.0.4+dfsg-1ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/apache.conf: + + Changed to use /var/www instead of /srv/www for virtual webroot. + - debian/setup-mysql: + + Changed to use /var/www instead of /srv/www. + * debian/patches/kses-security.patch: Dropped, applied upstream. + * This upload fixes hello dolly copyright issue. (LP: #692252) + + -- Artur Rona Sun, 02 Jan 2011 03:56:33 +0100 + +wordpress (3.0.4+dfsg-1) unstable; urgency=high + + * [9d62499] Imported Upstream version 3.0.4+dfsg + - This is critical security update, more info: http://wp.me/pZhYe-qt + + -- Giuseppe Iuculano Thu, 30 Dec 2010 14:47:40 +0100 + +wordpress (3.0.3.dfsg-1) unstable; urgency=high + + * [e113893] Imported Upstream version 3.0.3.dfsg + - Re-packaged without the hello dolly plugin (Closes: #607240) + * [9d62cfd] Removed hello.patch + + -- Giuseppe Iuculano Tue, 28 Dec 2010 17:22:34 +0100 + +wordpress (3.0.3-1ubuntu2) natty; urgency=low + + * SECURITY UPDATE: this can be dropped in 3.0.4 + - debian/patches/kses-security.patch: fix several issues in the KSES HTML + sanitization library + - LP: #695646 + - CVE-XXXX-XXXX + + -- Jamie Strandboge Fri, 31 Dec 2010 10:44:07 -0600 + +wordpress (3.0.3-1ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/apache.conf: + + Changed to use /var/www instead of /srv/www for virtual webroot. + - debian/setup-mysql: + + Changed to use /var/www instead of /srv/www. + + -- Artur Rona Sun, 19 Dec 2010 00:04:25 +0100 + +wordpress (3.0.3-1) unstable; urgency=high + + * [014c926] Imported Upstream version 3.0.3 (Closes: #606657) + * [f29b6ac] Use GPL-compliant lyrics in the hello dolly plugin. + (Closes: #607240) + + -- Giuseppe Iuculano Fri, 17 Dec 2010 11:03:55 +0100 + +wordpress (3.0.2-1ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/apache.conf: + + Changed to use /var/www instead of /srv/www for virtual webroot. + - debian/setup-mysql: + + Changed to use /var/www instead of /srv/www. + + -- Artur Rona Sat, 11 Dec 2010 14:57:22 +0100 + +wordpress (3.0.2-1) unstable; urgency=high + + [ Raphaƫl Hertzog ] + * [9d6922c] Improve wp-config.php to support sites on subdomains and + htaccess by providing directives ready to uncomment + + [ Giuseppe Iuculano ] + * [1dc32d3] Imported Upstream version 3.0.2 (Closes: #605880) + - Author level SQL injection vulnerability fixed (Closes: #605603) + * [b4f2869] Refreshed debian/patches/001readme.patch + * [612c23f] Remove flv_player.swf from manifest.php (Closes: #602732) + + -- Giuseppe Iuculano Tue, 07 Dec 2010 08:43:38 +0100 wordpress (3.0.1-2ubuntu1) natty; urgency=low diff -Nru wordpress-3.0.1/debian/htaccess wordpress-3.0.5+dfsg/debian/htaccess --- wordpress-3.0.1/debian/htaccess 2010-09-02 08:34:46.000000000 +0000 +++ wordpress-3.0.5+dfsg/debian/htaccess 2011-02-12 02:23:28.000000000 +0000 @@ -1,3 +1,32 @@ # For rewrite rules needed for making Wordpress URL friendly # See Options -> Permalinks for details and please use the defaults, # especially in mind when hosting several blogs on one machine! + +## +## Configuration for a single blog hosted on / (root of the website) +## +# +#RewriteEngine On +#RewriteBase / +#RewriteCond %{REQUEST_FILENAME} !-f +#RewriteCond %{REQUEST_FILENAME} !-d +#RewriteRule . /index.php [L] +# + +## +## Configuration for a multi-site wordpress installation using subdomains +## +# +#RewriteEngine On +#RewriteBase / +#RewriteRule ^index\.php$ - [L] +## uploaded files +#RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L] +## real files dealt directly +#RewriteCond %{REQUEST_FILENAME} -f [OR] +#RewriteCond %{REQUEST_FILENAME} -d +#RewriteRule ^ - [L] +## other go through index.php +#RewriteRule . index.php [L] +# + diff -Nru wordpress-3.0.1/debian/patches/001readme.patch wordpress-3.0.5+dfsg/debian/patches/001readme.patch --- wordpress-3.0.1/debian/patches/001readme.patch 2010-09-02 08:34:46.000000000 +0000 +++ wordpress-3.0.5+dfsg/debian/patches/001readme.patch 2011-02-12 02:23:29.000000000 +0000 @@ -6,8 +6,8 @@

WordPress is the official continuation of b2/cafélog, which came from Michel V. The work has been continued by the WordPress developers. If you would like to support WordPress, please consider donating.

Copyright

--

WordPress is released under the GPLv2 (see license.txt).

-+

WordPress is released under the GPLv2 (see license.txt).

+-

WordPress is free software, and is released under the terms of the GPL version 2 or (at your option) any later version. See license.txt.

++

WordPress is free software, and is released under the terms of the GPL version 2 or (at your option) any later version. See license.txt.

diff -Nru wordpress-3.0.1/debian/patches/flv_player.patch wordpress-3.0.5+dfsg/debian/patches/flv_player.patch --- wordpress-3.0.1/debian/patches/flv_player.patch 1970-01-01 00:00:00.000000000 +0000 +++ wordpress-3.0.5+dfsg/debian/patches/flv_player.patch 2011-02-12 02:23:29.000000000 +0000 @@ -0,0 +1,11 @@ +Remove flv_player.swf from manifest.php +--- a/wp-admin/includes/manifest.php ++++ b/wp-admin/includes/manifest.php +@@ -174,7 +174,6 @@ function &get_manifest() { + array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/confirm.gif'), + array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/vertical.gif'), + array('../wp-includes/js/tinymce/plugins/media/img/flash.gif'), +- array('../wp-includes/js/tinymce/plugins/media/img/flv_player.swf'), + array('../wp-includes/js/tinymce/plugins/media/img/quicktime.gif'), + array('../wp-includes/js/tinymce/plugins/media/img/realmedia.gif'), + array('../wp-includes/js/tinymce/plugins/media/img/shockwave.gif'), diff -Nru wordpress-3.0.1/debian/patches/series wordpress-3.0.5+dfsg/debian/patches/series --- wordpress-3.0.1/debian/patches/series 2010-09-02 08:34:46.000000000 +0000 +++ wordpress-3.0.5+dfsg/debian/patches/series 2011-02-12 02:23:29.000000000 +0000 @@ -7,3 +7,4 @@ 010disabling_update_note.patch manifest.patch mu.patch +flv_player.patch diff -Nru wordpress-3.0.1/debian/wp-config.php wordpress-3.0.5+dfsg/debian/wp-config.php --- wordpress-3.0.1/debian/wp-config.php 2010-09-02 08:34:46.000000000 +0000 +++ wordpress-3.0.5+dfsg/debian/wp-config.php 2011-02-12 02:23:28.000000000 +0000 @@ -1,27 +1,49 @@ $debian_file could not be found. The file is either not readable by this process or does not exist.
- Please check if $debian_file exists and contains the right password/username."; - exit(1); - } +/* Look up a host-specific config file in + * /etc/wordpress/config-.php or /etc/wordpress/config-.php + */ +$debian_server = preg_replace('/:.*/', "", $_SERVER['HTTP_HOST']); +$debian_server = preg_replace("/[^a-zA-Z0-9.\-]/", "", $debian_server); +$debian_file = '/etc/wordpress/config-'.strtolower($debian_server).'.php'; +/* Main site in case of multisite with subdomains */ +$debian_main_server = preg_replace("/^[^.]*\./", "", $debian_server); +$debian_main_file = '/etc/wordpress/config-'.strtolower($debian_main_server).'.php'; +if (file_exists($debian_file)) { require_once($debian_file); + define('DEBIAN_FILE', $debian_file); +} elseif (file_exists($debian_main_file)) { + require_once($debian_main_file); + define('DEBIAN_FILE', $debian_main_file); +} elseif (file_exists("/etc/wordpress/config-default.php")) { + require_once("/etc/wordpress/config-default.php"); + define('DEBIAN_FILE', "/etc/wordpress/config-default.php"); +} else { + header("HTTP/1.0 404 Not Found"); + echo "Neither $debian_file nor $debian_main_file could be found.
Ensure one of them exists, is readable by the webserver and contains the right password/username."; + exit(1); +} +/* Default value for some constants if they have not yet been set + by the host-specific config files */ define('ABSPATH', '/usr/share/wordpress/'); define('WP_CORE_UPDATE', false); define('WP_ALLOW_MULTISITE', true); -define('DEBIAN_FILE', $debian_file); +define('DB_NAME', 'wordpress'); +define('DB_USER', 'wordpress'); +define('DB_HOST', 'localhost'); + +/* Default value for the table_prefix variable so that it doesn't need to + be put in every host-specific config file */ +if (!isset($table_prefix)) { + $table_prefix = 'wp_'; +} -require_once(ABSPATH.'wp-settings.php'); +require_once(ABSPATH . 'wp-settings.php'); ?> diff -Nru wordpress-3.0.1/readme.html wordpress-3.0.5+dfsg/readme.html --- wordpress-3.0.1/readme.html 2010-07-22 13:47:43.000000000 +0000 +++ wordpress-3.0.5+dfsg/readme.html 2011-02-06 19:18:44.000000000 +0000 @@ -8,7 +8,7 @@

WordPress -
Version 3.0.1 +
Version 3.0.5

Semantic Personal Publishing Platform

@@ -102,7 +102,7 @@

WordPress is the official continuation of b2/cafélog, which came from Michel V. The work has been continued by the WordPress developers. If you would like to support WordPress, please consider donating.

Copyright

-

WordPress is released under the GPLv2 (see license.txt).

+

WordPress is free software, and is released under the terms of the GPL version 2 or (at your option) any later version. See license.txt.

diff -Nru wordpress-3.0.1/wp-admin/async-upload.php wordpress-3.0.5+dfsg/wp-admin/async-upload.php --- wordpress-3.0.1/wp-admin/async-upload.php 2010-05-23 10:59:52.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-admin/async-upload.php 2011-02-05 18:24:55.000000000 +0000 @@ -30,6 +30,13 @@ // just fetch the detail form for that attachment if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) { + $post = get_post( $id ); + if ( 'attachment' != $post->post_type ) + wp_die( __( 'Unknown post type.' ) ); + $post_type_object = get_post_type_object( 'attachment' ); + if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) ) + wp_die( __( 'You are not allowed to edit this item.' ) ); + if ( 2 == $_REQUEST['fetch'] ) { add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); echo get_media_item($id, array( 'send' => false, 'delete' => true )); diff -Nru wordpress-3.0.1/wp-admin/includes/file.php wordpress-3.0.5+dfsg/wp-admin/includes/file.php --- wordpress-3.0.1/wp-admin/includes/file.php 2010-06-07 11:19:51.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-admin/includes/file.php 2010-11-14 17:33:34.000000000 +0000 @@ -937,7 +937,7 @@ $error_string = __('Error: There was an error connecting to the server, Please verify the settings are correct.'); if ( is_wp_error($error) ) $error_string = $error->get_error_message(); - echo '

' . $error_string . '

'; + echo '

' . esc_html( $error_string ) . '

'; } $types = array(); diff -Nru wordpress-3.0.1/wp-admin/includes/plugin.php wordpress-3.0.5+dfsg/wp-admin/includes/plugin.php --- wordpress-3.0.1/wp-admin/includes/plugin.php 2010-06-16 20:08:58.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-admin/includes/plugin.php 2010-10-07 18:14:53.000000000 +0000 @@ -483,6 +483,7 @@ ob_start(); include(WP_PLUGIN_DIR . '/' . $plugin); do_action( 'activate_plugin', trim( $plugin) ); + do_action( 'activate_' . trim( $plugin ) ); if ( $network_wide ) { $current[$plugin] = time(); update_site_option( 'active_sitewide_plugins', $current ); @@ -491,7 +492,6 @@ sort($current); update_option('active_plugins', $current); } - do_action( 'activate_' . trim( $plugin ) ); do_action( 'activated_plugin', trim( $plugin) ); if ( ob_get_length() > 0 ) { $output = ob_get_clean(); diff -Nru wordpress-3.0.1/wp-admin/includes/post.php wordpress-3.0.5+dfsg/wp-admin/includes/post.php --- wordpress-3.0.1/wp-admin/includes/post.php 2010-07-21 20:10:22.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-admin/includes/post.php 2011-02-05 18:34:01.000000000 +0000 @@ -689,6 +689,8 @@ $mid = (int) $mid; $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); + if ( empty($meta) ) + return false; if ( is_serialized_string( $meta->meta_value ) ) $meta->meta_value = maybe_unserialize( $meta->meta_value ); return $meta; diff -Nru wordpress-3.0.1/wp-admin/includes/template.php wordpress-3.0.5+dfsg/wp-admin/includes/template.php --- wordpress-3.0.1/wp-admin/includes/template.php 2010-07-21 20:10:22.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-admin/includes/template.php 2011-02-07 19:12:00.000000000 +0000 @@ -1185,16 +1185,16 @@ if ( ! current_user_can($post_type_object->cap->edit_post, $post->ID) ) return; - $title = esc_attr( get_the_title( $post->ID ) ); + $title = htmlspecialchars( trim( $post->post_title ), ENT_QUOTES ); echo ' diff -Nru wordpress-3.0.1/wp-content/plugins/akismet/admin.php wordpress-3.0.5+dfsg/wp-content/plugins/akismet/admin.php --- wordpress-3.0.1/wp-content/plugins/akismet/admin.php 1970-01-01 00:00:00.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-content/plugins/akismet/admin.php 2010-09-24 06:48:14.000000000 +0000 @@ -0,0 +1,584 @@ +

".sprintf(__('Akismet %s required WordPress 3.0 or higher.'), AKISMET_VERSION) ." ".sprintf(__('Please upgrade WordPress to a current version, or downgrade to version 2.4 of the Akismet plugin.'), 'http://codex.wordpress.org/Upgrading_WordPress', 'http://wordpress.org/extend/plugins/akismet/download/'). "

+ "; + } + add_action('admin_notices', 'akismet_version_warning'); + + return; + } + + if ( function_exists( 'get_plugin_page_hook' ) ) + $hook = get_plugin_page_hook( 'akismet-stats-display', 'index.php' ); + else + $hook = 'dashboard_page_akismet-stats-display'; + add_action('admin_head-'.$hook, 'akismet_stats_script'); + add_meta_box('akismet-status', __('Akismet Status'), 'akismet_comment_status_meta_box', 'comment', 'normal'); +} +add_action('admin_init', 'akismet_admin_init'); + +function akismet_nonce_field($action = -1) { return wp_nonce_field($action); } +$akismet_nonce = 'akismet-update-key'; + +function akismet_config_page() { + if ( function_exists('add_submenu_page') ) + add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 'manage_options', 'akismet-key-config', 'akismet_conf'); + +} + +function akismet_conf() { + global $akismet_nonce, $wpcom_api_key; + + if ( isset($_POST['submit']) ) { + if ( function_exists('current_user_can') && !current_user_can('manage_options') ) + die(__('Cheatin’ uh?')); + + check_admin_referer( $akismet_nonce ); + $key = preg_replace( '/[^a-h0-9]/i', '', $_POST['key'] ); + + if ( empty($key) ) { + $key_status = 'empty'; + $ms[] = 'new_key_empty'; + delete_option('wordpress_api_key'); + } else { + $key_status = akismet_verify_key( $key ); + } + + if ( $key_status == 'valid' ) { + update_option('wordpress_api_key', $key); + $ms[] = 'new_key_valid'; + } else if ( $key_status == 'invalid' ) { + $ms[] = 'new_key_invalid'; + } else if ( $key_status == 'failed' ) { + $ms[] = 'new_key_failed'; + } + + if ( isset( $_POST['akismet_discard_month'] ) ) + update_option( 'akismet_discard_month', 'true' ); + else + update_option( 'akismet_discard_month', 'false' ); + } elseif ( isset($_POST['check']) ) { + akismet_get_server_connectivity(0); + } + + if ( empty( $key_status) || $key_status != 'valid' ) { + $key = get_option('wordpress_api_key'); + if ( empty( $key ) ) { + if ( empty( $key_status ) || $key_status != 'failed' ) { + if ( akismet_verify_key( '1234567890ab' ) == 'failed' ) + $ms[] = 'no_connection'; + else + $ms[] = 'key_empty'; + } + $key_status = 'empty'; + } else { + $key_status = akismet_verify_key( $key ); + } + if ( $key_status == 'valid' ) { + $ms[] = 'key_valid'; + } else if ( $key_status == 'invalid' ) { + delete_option('wordpress_api_key'); + $ms[] = 'key_empty'; + } else if ( !empty($key) && $key_status == 'failed' ) { + $ms[] = 'key_failed'; + } + } + + $messages = array( + 'new_key_empty' => array('color' => 'aa0', 'text' => __('Your key has been cleared.')), + 'new_key_valid' => array('color' => '2d2', 'text' => __('Your key has been verified. Happy blogging!')), + 'new_key_invalid' => array('color' => 'd22', 'text' => __('The key you entered is invalid. Please double-check it.')), + 'new_key_failed' => array('color' => 'd22', 'text' => __('The key you entered could not be verified because a connection to akismet.com could not be established. Please check your server configuration.')), + 'no_connection' => array('color' => 'd22', 'text' => __('There was a problem connecting to the Akismet server. Please check your server configuration.')), + 'key_empty' => array('color' => 'aa0', 'text' => sprintf(__('Please enter an API key. (Get your key.)'), 'http://akismet.com/get/')), + 'key_valid' => array('color' => '2d2', 'text' => __('This key is valid.')), + 'key_failed' => array('color' => 'aa0', 'text' => __('The key below was previously validated but a connection to akismet.com can not be established at this time. Please check your server configuration.'))); +?> + +

+ +
+

+
+
+ +

Akismet will greatly reduce or even completely eliminate the comment and trackback spam you get on your site. If one does happen to get through, simply mark it as "spam" on the moderation screen and Akismet will learn from the mistakes. If you don\'t have an API key yet, you can get one at Akismet.com.'), 'http://akismet.com/', 'http://akismet.com/get/'); ?>

+ +

+ +

+ +

(What is this?'); ?>)

+ +

+

+ + + +

+

+
+ +
+ +

+ +

+

fsockopen or gethostbynamel functions. Akismet cannot work correctly until this is fixed. Please contact your web host or firewall administrator and give them this information about Akismet\'s system requirements.'), 'http://blog.akismet.com/akismet-hosting-faq/'); ?>

+ 0 ) { + // some connections work, some fail + if ( $fail_count > 0 && $fail_count < count($servers) ) { ?> +

+

this information about Akismet and firewalls.'), 'http://blog.akismet.com/akismet-hosting-faq/'); ?>

+ 0 ) { ?> +

+

Akismet cannot work correctly until this is fixed. Please contact your web host or firewall administrator and give them this information about Akismet and firewalls.'), 'http://blog.akismet.com/akismet-hosting-faq/'); ?>

+ +

+

+ +

+

Akismet cannot work correctly until this is fixed. Please contact your web host or firewall administrator and give them this information about Akismet and firewalls.'), 'http://blog.akismet.com/akismet-hosting-faq/'); ?>

+ + + + + $status ) { + $color = ( $status ? '#2d2' : '#d22'); + ?> + + + + + + +
+

+

+
+ +
+
+ + +
+ +
+ '.__('Spam').''; + global $submenu; + if ( isset( $submenu['edit-comments.php'] ) ) + $link = 'edit-comments.php'; + else + $link = 'edit.php'; + echo '

'.sprintf(__('Akismet has protected your site from %3$s spam comments.'), 'http://akismet.com/', clean_url("$link?page=akismet-admin"), number_format_i18n($count) ).'

'; +} +add_action('activity_box_end', 'akismet_stats'); + +function akismet_admin_warnings() { + global $wpcom_api_key; + if ( !get_option('wordpress_api_key') && !$wpcom_api_key && !isset($_POST['submit']) ) { + function akismet_warning() { + echo " +

".__('Akismet is almost ready.')." ".sprintf(__('You must enter your Akismet API key for it to work.'), "plugins.php?page=akismet-key-config")."

+ "; + } + add_action('admin_notices', 'akismet_warning'); + return; + } elseif ( get_option('akismet_connectivity_time') && empty($_POST) && is_admin() && !akismet_server_connectivity_ok() ) { + function akismet_warning() { + echo " +

".__('Akismet has detected a problem.')." ".sprintf(__('A server or network problem is preventing Akismet from working correctly. Click here for more information about how to fix the problem.'), "plugins.php?page=akismet-key-config")."

+ "; + } + add_action('admin_notices', 'akismet_warning'); + return; + } +} + +// FIXME placeholder + +function akismet_comment_row_action( $a, $comment ) { + + + $akismet_result = get_comment_meta( $comment->comment_ID, 'akismet_result', true ); + $user_result = get_comment_meta( $comment->comment_ID, 'akismet_user_result', true); + $desc = null; + if ( !$user_result || $user_result == $akismet_result ) { + // Show the original Akismet result if the user hasn't overridden it, or if their decision was the same + if ( $akismet_result == 'true' ) + $desc = 'Flagged as spam by Akismet'; + elseif ( $akismet_result == 'false' ) + $desc = 'Cleared by Akismet'; + } else { + $who = get_comment_meta( $comment->comment_ID, 'akismet_user', true ); + if ( $user_result == 'true' ) + $desc = sprintf( __('Flagged as spam by %s'), $who ); + else + $desc = sprintf( __('Un-spammed by %s'), $who ); + } + + if ( $desc ) + echo ''.htmlspecialchars($desc).''; + + return $a; +} + +add_filter( 'comment_row_actions', 'akismet_comment_row_action', 10, 2 ); + + +function akismet_comment_status_meta_box($comment) { + $history = akismet_get_comment_history( $comment->comment_ID ); + + if ( $history ) { + echo '
'; + foreach ( $history as $row ) { + $time = date( 'D d M Y @ h:i:m a', $row['time'] ) . ' GMT'; + echo '
' . sprintf( __('%s ago'), human_time_diff( $row['time'] ) ) . ' - '; + echo htmlspecialchars( $row['message'] ) . '
'; + } + + echo '
'; + + } +} + + +// add an extra column header to the comments screen +function akismet_comments_columns( $columns ) { + $columns[ 'akismet' ] = __( 'Akismet' ); + return $columns; +} + +#add_filter( 'manage_edit-comments_columns', 'akismet_comments_columns' ); + +// Show stuff in the extra column +function akismet_comment_column_row( $column, $comment_id ) { + if ( $column != 'akismet' ) + return; + + $history = akismet_get_comment_history( $comment_id ); + + if ( $history ) { + echo '
'; + foreach ( $history as $row ) { + echo '
' . sprintf( __('%s ago'), human_time_diff( $row['time'] ) ) . '
'; + echo '
' . htmlspecialchars( $row['message'] ) . '
'; + } + + echo '
'; + } +} + +#add_action( 'manage_comments_custom_column', 'akismet_comment_column_row', 10, 2 ); + +// END FIXME + +// WP 2.5+ +function akismet_rightnow() { + global $submenu, $wp_db_version; + + $plural_func = '__ngettext'; + if ( function_exists( '_n' ) ) + $plural_func = '_n'; + + // clean_url was deprecated in WP 3.0 + $esc_url = 'clean_url'; + if ( function_exists( 'esc_url' ) ) + $esc_url = 'esc_url'; + + if ( 8645 < $wp_db_version ) // 2.7 + $link = 'edit-comments.php?comment_status=spam'; + elseif ( isset( $submenu['edit-comments.php'] ) ) + $link = 'edit-comments.php?page=akismet-admin'; + else + $link = 'edit.php?page=akismet-admin'; + + if ( $count = get_option('akismet_spam_count') ) { + $intro = sprintf( $plural_func( + 'Akismet has protected your site from %2$s spam comment already,', + 'Akismet has protected your site from %2$s spam comments already,', + $count + ), 'http://akismet.com/', number_format_i18n( $count ) ); + } else { + $intro = sprintf( __('Akismet blocks spam from getting to your blog,'), 'http://akismet.com/' ); + } + + if ( $queue_count = akismet_spam_count() ) { + $queue_text = sprintf( $plural_func( + 'and there\'s %1$s comment in your spam queue right now.', + 'and there are %1$s comments in your spam queue right now.', + $queue_count + ), number_format_i18n( $queue_count ), $esc_url($link) ); + } else { + $queue_text = sprintf( __( " but there's nothing in your spam queue at the moment." ), $esc_url($link) ); + } + + // _c was deprecated in WP 2.9.0 + if ( function_exists( '_x' ) ) + $text = sprintf( _x( '%1$s%2$s', 'akismet_rightnow' ), $intro, $queue_text ); + else + $text = sprintf( _c( '%1$s%2$s|akismet_rightnow' ), $intro, $queue_text ); + + echo "

$text

\n"; +} + +add_action('rightnow_end', 'akismet_rightnow'); + + +// For WP >= 2.5 +function akismet_check_for_spam_button($comment_status) { + if ( 'approved' == $comment_status ) + return; + if ( function_exists('plugins_url') ) + $link = 'admin.php?action=akismet_recheck_queue'; + else + $link = 'edit-comments.php?page=akismet-admin&recheckqueue=true&noheader=true'; + echo "
" . __('Check for Spam') . ""; +} +add_action('manage_comments_nav', 'akismet_check_for_spam_button'); + +function akismet_submit_nonspam_comment ( $comment_id ) { + global $wpdb, $akismet_api_host, $akismet_api_port, $current_user, $current_site; + $comment_id = (int) $comment_id; + + $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'"); + if ( !$comment ) // it was deleted + return; + $comment->blog = get_option('home'); + $comment->blog_lang = get_locale(); + $comment->blog_charset = get_option('blog_charset'); + $comment->permalink = get_permalink($comment->comment_post_ID); + if ( is_object($current_user) ) { + $comment->reporter = $current_user->user_login; + } + if ( is_object($current_site) ) { + $comment->site_domain = $current_site->domain; + } + + $comment->user_role = ''; + if ( isset( $comment->user_ID ) ) + $comment->user_role = akismet_get_user_roles($comment->user_ID); + + $query_string = ''; + foreach ( $comment as $key => $data ) + $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; + + $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-ham", $akismet_api_port); + if ( $comment->reporter ) { + akismet_update_comment_history( $comment_id, sprintf( __('%s un-spammed this comment'), $comment->reporter ), 'report-ham' ); + update_comment_meta( $comment_id, 'akismet_user_result', 'false' ); + update_comment_meta( $comment_id, 'akismet_user', $comment->reporter ); + } else { + akismet_update_comment_history( $comment_id, 'A plugin un-spammed this comment', 'report-ham' ); + } + + do_action('akismet_submit_nonspam_comment', $comment_id, $response[1]); +} + +function akismet_submit_spam_comment ( $comment_id ) { + global $wpdb, $akismet_api_host, $akismet_api_port, $current_user, $current_site; + $comment_id = (int) $comment_id; + + $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'"); + if ( !$comment ) // it was deleted + return; + if ( 'spam' != $comment->comment_approved ) + return; + $comment->blog = get_option('home'); + $comment->blog_lang = get_locale(); + $comment->blog_charset = get_option('blog_charset'); + $comment->permalink = get_permalink($comment->comment_post_ID); + if ( is_object($current_user) ) { + $comment->reporter = $current_user->user_login; + } + if ( is_object($current_site) ) { + $comment->site_domain = $current_site->domain; + } + + $comment->user_role = ''; + if ( !isset( $comment->user_id ) ) + $comment->user_role = akismet_get_user_roles($comment->user_ID); + + $query_string = ''; + foreach ( $comment as $key => $data ) + $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; + + $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-spam", $akismet_api_port); + if ( $comment->reporter ) { + akismet_update_comment_history( $comment_id, sprintf( __('%s spammed this comment'), $comment->reporter ), 'report-spam' ); + update_comment_meta( $comment_id, 'akismet_user_result', 'true' ); + update_comment_meta( $comment_id, 'akismet_user', $comment->reporter ); + } else + akismet_update_comment_history( $comment_id, 'A plugin spammed this comment', 'report-ham' ); + do_action('akismet_submit_spam_comment', $comment_id, $response[1]); +} + +// For WP 2.7+ +function akismet_transition_comment_status( $new_status, $old_status, $comment ) { + if ( $new_status == $old_status ) + return; + + if ( $new_status == 'spam' ) { + akismet_submit_spam_comment( $comment->comment_ID ); + } elseif ( $old_status == 'spam' && ( $new_status == 'approved' || $new_status == 'unapproved' ) ) { + akismet_submit_nonspam_comment( $comment->comment_ID ); + } +} + +add_action( 'transition_comment_status', 'akismet_transition_comment_status', 10, 3 ); + +// Total spam in queue +// get_option( 'akismet_spam_count' ) is the total caught ever +function akismet_spam_count( $type = false ) { + global $wpdb; + + if ( !$type ) { // total + $count = wp_cache_get( 'akismet_spam_count', 'widget' ); + if ( false === $count ) { + if ( function_exists('wp_count_comments') ) { + $count = wp_count_comments(); + $count = $count->spam; + } else { + $count = (int) $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam'"); + } + wp_cache_set( 'akismet_spam_count', $count, 'widget', 3600 ); + } + return $count; + } elseif ( 'comments' == $type || 'comment' == $type ) { // comments + $type = ''; + } else { // pingback, trackback, ... + $type = $wpdb->escape( $type ); + } + + return (int) $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam' AND comment_type='$type'"); +} + + +function akismet_recheck_queue() { + global $wpdb, $akismet_api_host, $akismet_api_port; + + if ( ! ( isset( $_GET['recheckqueue'] ) || ( isset( $_REQUEST['action'] ) && 'akismet_recheck_queue' == $_REQUEST['action'] ) ) ) + return; + + $moderation = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = '0'", ARRAY_A ); + foreach ( (array) $moderation as $c ) { + $c['user_ip'] = $c['comment_author_IP']; + $c['user_agent'] = $c['comment_agent']; + $c['referrer'] = ''; + $c['blog'] = get_option('home'); + $c['blog_lang'] = get_locale(); + $c['blog_charset'] = get_option('blog_charset'); + $c['permalink'] = get_permalink($c['comment_post_ID']); + + $c['user_role'] = ''; + if ( isset( $c['user_ID'] ) ) + $c['user_role'] = akismet_get_user_roles($c['user_ID']); + + $id = (int) $c['comment_ID']; + + $query_string = ''; + foreach ( $c as $key => $data ) + $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; + + $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port); + if ( 'true' == $response[1] ) { + wp_set_comment_status($c['comment_ID'], 'spam'); + update_comment_meta( $c['comment_ID'], 'akismet_result', 'true' ); + akismet_update_comment_history( $c['comment_ID'], __('Akismet re-checked and caught this comment as spam'), 'check-spam' ); + + } elseif ( 'false' == $response[1] ) { + update_comment_meta( $c['comment_ID'], 'akismet_result', 'false' ); + akismet_update_comment_history( $c['comment_ID'], __('Akismet re-checked and cleared this comment'), 'check-ham' ); + // abnormal result: error + } else { + update_comment_meta( $c['comment_ID'], 'akismet_result', 'error' ); + akismet_update_comment_history( $c['comment_ID'], sprintf( __('Akismet was unable to re-check this comment (response: %s)'), $response[1]), 'check-error' ); + } + + } + wp_redirect( $_SERVER['HTTP_REFERER'] ); + exit; +} + +add_action('admin_action_akismet_recheck_queue', 'akismet_recheck_queue'); diff -Nru wordpress-3.0.1/wp-content/plugins/akismet/akismet.php wordpress-3.0.5+dfsg/wp-content/plugins/akismet/akismet.php --- wordpress-3.0.1/wp-content/plugins/akismet/akismet.php 2010-07-26 23:19:15.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-content/plugins/akismet/akismet.php 2010-08-23 07:15:08.000000000 +0000 @@ -1,21 +1,49 @@ API key to use it. You can review the spam it catches under "Comments." To show off your Akismet stats just put <?php akismet_counter(); ?> in your template. See also: WP Stats plugin. -Version: 2.3.0 +Version: 2.4.0 Author: Automattic Author URI: http://automattic.com/wordpress-plugins/ +License: GPLv2 */ -define('AKISMET_VERSION', '2.3.0'); +/* +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +define('AKISMET_VERSION', '2.4.0'); -// If you hardcode a WP.com API key here, all key config screens will be hidden +/** If you hardcode a WP.com API key here, all key config screens will be hidden */ if ( defined('WPCOM_API_KEY') ) $wpcom_api_key = constant('WPCOM_API_KEY'); else $wpcom_api_key = ''; +// Make sure we don't expose any info if called directly +if ( !function_exists( 'add_action' ) ) { + echo "Hi there! I'm just a plugin, not much I can do when called directly."; + exit; +} + +if ( $wp_db_version <= 9872 ) + include_once( dirname(__FILE__) . '/legacy.php' ); + function akismet_init() { global $wpcom_api_key, $akismet_api_host, $akismet_api_port; @@ -93,10 +121,10 @@ akismet_get_server_connectivity(0); } - if ( $key_status != 'valid' ) { + if ( empty( $key_status) || $key_status != 'valid' ) { $key = get_option('wordpress_api_key'); if ( empty( $key ) ) { - if ( $key_status != 'failed' ) { + if ( empty( $key_status ) || $key_status != 'failed' ) { if ( akismet_verify_key( '1234567890ab' ) == 'failed' ) $ms[] = 'no_connection'; else @@ -141,7 +169,7 @@

(What is this?'); ?>)

- +

@@ -254,6 +282,22 @@ '.__('Spam').''; + global $submenu; + if ( isset( $submenu['edit-comments.php'] ) ) + $link = 'edit-comments.php'; + else + $link = 'edit.php'; + echo '

'.sprintf(__('Akismet has protected your site from %3$s spam comments.'), 'http://akismet.com/', clean_url("$link?page=akismet-admin"), number_format_i18n($count) ).'

'; +} +add_action('activity_box_end', 'akismet_stats'); + function akismet_get_key() { global $wpcom_api_key; if ( !empty($wpcom_api_key) ) @@ -430,9 +474,10 @@ return 'spam'; } -function akismet_auto_check_comment( $comment ) { +function akismet_auto_check_comment( $commentdata ) { global $akismet_api_host, $akismet_api_port; + $comment = $commentdata; $comment['user_ip'] = $_SERVER['REMOTE_ADDR']; $comment['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $comment['referrer'] = $_SERVER['HTTP_REFERER']; @@ -443,17 +488,20 @@ $comment['user_role'] = akismet_get_user_roles($comment['user_ID']); - $ignore = array( 'HTTP_COOKIE' ); + $ignore = array( 'HTTP_COOKIE', 'HTTP_COOKIE2', 'PHP_AUTH_PW' ); foreach ( $_SERVER as $key => $value ) if ( !in_array( $key, $ignore ) && is_string($value) ) $comment["$key"] = $value; + else + $comment["$key"] = ''; $query_string = ''; foreach ( $comment as $key => $data ) $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port); + $commentdata['akismet_result'] = $response[1]; if ( 'true' == $response[1] ) { // akismet_spam_count will be incremented later by akismet_result_spam() add_filter('pre_comment_approved', 'akismet_result_spam'); @@ -481,16 +529,22 @@ // WP 2.0: run this one time in ten akismet_delete_old(); } - return $comment; + return $commentdata; } function akismet_delete_old() { global $wpdb; $now_gmt = current_time('mysql', 1); - $wpdb->query("DELETE FROM $wpdb->comments WHERE DATE_SUB('$now_gmt', INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam'"); + $comment_ids = $wpdb->get_col("SELECT comment_id FROM $wpdb->comments WHERE DATE_SUB('$now_gmt', INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam'"); + if ( empty( $comment_ids ) ) + return; + + do_action( 'delete_comment', $comment_ids ); + $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_id IN ( " . implode( ', ', $comment_ids ) . " )"); $n = mt_rand(1, 5000); if ( apply_filters('akismet_optimize_table', ($n == 11)) ) // lucky number $wpdb->query("OPTIMIZE TABLE $wpdb->comments"); + } add_action('akismet_scheduled_delete', 'akismet_delete_old'); @@ -512,13 +566,17 @@ if ( is_object($current_site) ) { $comment->site_domain = $current_site->domain; } - $comment->user_role = akismet_get_user_roles($comment->user_ID); + + $comment->user_role = ''; + if ( isset( $comment->user_ID ) ) + $comment->user_role = akismet_get_user_roles($comment->user_ID); $query_string = ''; foreach ( $comment as $key => $data ) $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-ham", $akismet_api_port); + do_action('akismet_submit_nonspam_comment', $comment_id, $response[1]); } function akismet_submit_spam_comment ( $comment_id ) { @@ -540,12 +598,17 @@ if ( is_object($current_site) ) { $comment->site_domain = $current_site->domain; } - $comment->user_role = akismet_get_user_roles($comment->user_ID); + + $comment->user_role = ''; + if ( !isset( $comment->user_id ) ) + $comment->user_role = akismet_get_user_roles($comment->user_ID); + $query_string = ''; foreach ( $comment as $key => $data ) $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-spam", $akismet_api_port); + do_action('akismet_submit_spam_comment', $comment_id, $response[1]); } add_action('preprocess_comment', 'akismet_auto_check_comment', 1); @@ -607,379 +670,16 @@ return (int) $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam' AND comment_type='$type'"); } -function akismet_spam_comments( $type = false, $page = 1, $per_page = 50 ) { - global $wpdb; - - $page = (int) $page; - if ( $page < 2 ) - $page = 1; - - $per_page = (int) $per_page; - if ( $per_page < 1 ) - $per_page = 50; - - $start = ( $page - 1 ) * $per_page; - $end = $start + $per_page; - - if ( $type ) { - if ( 'comments' == $type || 'comment' == $type ) - $type = ''; - else - $type = $wpdb->escape( $type ); - return $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' AND comment_type='$type' ORDER BY comment_date DESC LIMIT $start, $end"); - } - - // All - return $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT $start, $end"); -} - -// Totals for each comment type -// returns array( type => count, ... ) -function akismet_spam_totals() { - global $wpdb; - $totals = $wpdb->get_results( "SELECT comment_type, COUNT(*) AS cc FROM $wpdb->comments WHERE comment_approved = 'spam' GROUP BY comment_type" ); - $return = array(); - foreach ( $totals as $total ) - $return[$total->comment_type ? $total->comment_type : 'comment'] = $total->cc; - return $return; -} - -function akismet_manage_page() { - global $wpdb, $submenu, $wp_db_version; - - // WP 2.7 has its own spam management page - if ( 8645 <= $wp_db_version ) - return; - - $count = sprintf(__('Akismet Spam (%s)'), akismet_spam_count()); - if ( isset( $submenu['edit-comments.php'] ) ) - add_submenu_page('edit-comments.php', __('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught' ); - elseif ( function_exists('add_management_page') ) - add_management_page(__('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught'); -} - -function akismet_caught() { - global $wpdb, $comment, $akismet_caught, $akismet_nonce; - - akismet_recheck_queue(); - if (isset($_POST['submit']) && 'recover' == $_POST['action'] && ! empty($_POST['not_spam'])) { - check_admin_referer( $akismet_nonce ); - if ( function_exists('current_user_can') && !current_user_can('moderate_comments') ) - die(__('You do not have sufficient permission to moderate comments.')); - - $i = 0; - foreach ($_POST['not_spam'] as $comment): - $comment = (int) $comment; - if ( function_exists('wp_set_comment_status') ) - wp_set_comment_status($comment, 'approve'); - else - $wpdb->query("UPDATE $wpdb->comments SET comment_approved = '1' WHERE comment_ID = '$comment'"); - akismet_submit_nonspam_comment($comment); - ++$i; - endforeach; - $to = add_query_arg( 'recovered', $i, $_SERVER['HTTP_REFERER'] ); - wp_redirect( $to ); - exit; - } - if ('delete' == $_POST['action']) { - check_admin_referer( $akismet_nonce ); - if ( function_exists('current_user_can') && !current_user_can('moderate_comments') ) - die(__('You do not have sufficient permission to moderate comments.')); - - $delete_time = $wpdb->escape( $_POST['display_time'] ); - $nuked = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); - wp_cache_delete( 'akismet_spam_count', 'widget' ); - $to = add_query_arg( 'deleted', 'all', $_SERVER['HTTP_REFERER'] ); - wp_redirect( $to ); - exit; - } - -if ( isset( $_GET['recovered'] ) ) { - $i = (int) $_GET['recovered']; - echo '

' . sprintf(__('%1$s comments recovered.'), $i) . "

"; -} - -if (isset( $_GET['deleted'] ) ) - echo '

' . __('All spam deleted.') . '

'; - -if ( isset( $GLOBALS['submenu']['edit-comments.php'] ) ) - $link = 'edit-comments.php'; -else - $link = 'edit.php'; -?> - -
-

- -

%1$s spam for you since you first installed it.'), number_format_i18n($count) ); ?>

-'.__('You have no spam currently in the queue. Must be your lucky day. :)').'

'; - echo '
'; -} else { - echo '

'.__('You can delete all of the spam from your database with a single click. This operation cannot be undone, so you may wish to check to ensure that no legitimate comments got through first. Spam is automatically deleted after 15 days, so don’t sweat it.').'

'; -?> - -
- - -    - -
- -
-
- -

- -'.__('These are the latest comments identified as spam by Akismet. If you see any mistakes, simply mark the comment as "not spam" and Akismet will learn from the submission. If you wish to recover a comment from spam, simply select the comment, and click Not Spam. After 15 days we clean out the junk for you.').'

'; ?> - -escape($_POST['s']); - $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE - (comment_author LIKE '%$s%' OR - comment_author_email LIKE '%$s%' OR - comment_author_url LIKE ('%$s%') OR - comment_author_IP LIKE ('%$s%') OR - comment_content LIKE ('%$s%') ) AND - comment_approved = 'spam' - ORDER BY comment_date DESC"); -} else { - if ( isset( $_GET['apage'] ) ) - $page = (int) $_GET['apage']; - else - $page = 1; - - if ( $page < 2 ) - $page = 1; - - $current_type = false; - if ( isset( $_GET['ctype'] ) ) - $current_type = preg_replace( '|[^a-z]|', '', $_GET['ctype'] ); - - $comments = akismet_spam_comments( $current_type, $page ); - $total = akismet_spam_count( $current_type ); - $totals = akismet_spam_totals(); -?> -
    -
  • >
    • - $type_count ) { - if ( 'comment' == $type ) { - $type = 'comments'; - $show = __('Comments'); - } else { - $show = ucwords( $type ); - } - $type_count = number_format_i18n( $type_count ); - $extra = $current_type === $type ? ' class="active"' : ''; - echo "
  • $show ($type_count)
    • "; -} -do_action( 'akismet_tabs' ); // so plugins can add more tabs easily -?> -
- -
" id="akismetsearch"> -

-

-
- 50 ) { -$total_pages = ceil( $total / 50 ); -$r = ''; -if ( 1 < $page ) { - $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1; - $r .= '' . "\n"; -} -if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) { - for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : - if ( $page == $page_num ) : - $r .= "$page_num\n"; - else : - $p = false; - if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : - $args['apage'] = ( 1 == $page_num ) ? '' : $page_num; - $r .= '' . ( $page_num ) . "\n"; - $in = true; - elseif ( $in == true ) : - $r .= "...\n"; - $in = false; - endif; - endif; - endfor; -} -if ( ( $page ) * 50 < $total || -1 == $total ) { - $args['apage'] = $page + 1; - $r .= '' . "\n"; -} -echo "

$r

"; -?> - - -
- - -
    -comment_date); - $post = get_post($comment->comment_post_ID); - $post_title = $post->post_title; - if ($i % 2) $class = 'class="alternate"'; - else $class = ''; - echo "\n\t
  • "; - ?> - -

    comment_author_email) { ?>| comment_author_url && 'http://' != $comment->comment_author_url) { ?> | |

    - - - -

    — [ -comment_post_ID); -$post_title = wp_specialchars( $post->post_title, 'double' ); -$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title; -?> - ]

    - - - -
- 50 ) { -$total_pages = ceil( $total / 50 ); -$r = ''; -if ( 1 < $page ) { - $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1; - $r .= '' . "\n"; -} -if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) { - for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : - if ( $page == $page_num ) : - $r .= "$page_num\n"; - else : - $p = false; - if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : - $args['apage'] = ( 1 == $page_num ) ? '' : $page_num; - $r .= '' . ( $page_num ) . "\n"; - $in = true; - elseif ( $in == true ) : - $r .= "...\n"; - $in = false; - endif; - endif; - endfor; -} -if ( ( $page ) * 50 < $total || -1 == $total ) { - $args['apage'] = $page + 1; - $r .= '' . "\n"; -} -echo "

$r

"; -} -?> -

- -

-

-
- -

- - - -
- -

-    -

-
- -
-'.__('Spam').''; - global $submenu; - if ( isset( $submenu['edit-comments.php'] ) ) - $link = 'edit-comments.php'; - else - $link = 'edit.php'; - echo '

'.sprintf(__('Akismet has protected your site from %3$s spam comments.'), 'http://akismet.com/', clean_url("$link?page=akismet-admin"), number_format_i18n($count) ).'

'; -} - -add_action('activity_box_end', 'akismet_stats'); // WP 2.5+ function akismet_rightnow() { global $submenu, $wp_db_version; + // clean_url was deprecated in WP 3.0 + $esc_url = 'clean_url'; + if ( function_exists( 'esc_url' ) ) + $esc_url = 'esc_url'; + if ( 8645 < $wp_db_version ) // 2.7 $link = 'edit-comments.php?comment_status=spam'; elseif ( isset( $submenu['edit-comments.php'] ) ) @@ -1004,34 +704,20 @@ $queue_count ), number_format_i18n( $queue_count ), clean_url($link) ); } else { - $queue_text = sprintf( __( "but there's nothing in your spam queue at the moment." ), clean_url($link) ); + $queue_text = sprintf( __( "but there's nothing in your spam queue at the moment." ), $esc_url($link) ); } - $text = sprintf( _c( '%1$s %2$s|akismet_rightnow' ), $intro, $queue_text ); + // _c was deprecated in WP 2.9.0 + if ( function_exists( '_x' ) ) + $text = sprintf( _x( '%1$s %2$s', 'akismet_rightnow' ), $intro, $queue_text ); + else + $text = sprintf( _c( '%1$s %2$s|akismet_rightnow' ), $intro, $queue_text ); echo "

$text

\n"; } add_action('rightnow_end', 'akismet_rightnow'); -// For WP <= 2.3.x -global $pagenow; - -if ( 'moderation.php' == $pagenow ) { - function akismet_recheck_button( $page ) { - global $submenu; - if ( isset( $submenu['edit-comments.php'] ) ) - $link = 'edit-comments.php'; - else - $link = 'edit.php'; - $button = "" . __('Recheck Queue for Spam') . ""; - $page = str_replace( '
', '
' . $button, $page ); - return $page; - } - - if ( $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" ) ) - ob_start( 'akismet_recheck_button' ); -} // For WP >= 2.5 function akismet_check_for_spam_button($comment_status) { @@ -1060,7 +746,11 @@ $c['blog_lang'] = get_locale(); $c['blog_charset'] = get_option('blog_charset'); $c['permalink'] = get_permalink($c['comment_post_ID']); - $c['user_role'] = akismet_get_user_roles($c['user_ID']); + + $c['user_role'] = ''; + if ( isset( $c['user_ID'] ) ) + $c['user_role'] = akismet_get_user_roles($c['user_ID']); + $id = (int) $c['comment_ID']; $query_string = ''; @@ -1069,7 +759,11 @@ $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port); if ( 'true' == $response[1] ) { - $wpdb->query( "UPDATE $wpdb->comments SET comment_approved = 'spam' WHERE comment_ID = $id" ); + if ( function_exists('wp_set_comment_status') ) + wp_set_comment_status($id, 'spam'); + else + $wpdb->query("UPDATE $wpdb->comments SET comment_approved = 'spam' WHERE comment_ID = $id"); + } } wp_redirect( $_SERVER['HTTP_REFERER'] ); @@ -1103,10 +797,6 @@ return $response[1]; } -// This option causes tons of FPs, was removed in 2.1 -function akismet_kill_proxy_check( $option ) { return 0; } -add_filter('option_open_proxy_check', 'akismet_kill_proxy_check'); - // Widget stuff function widget_akismet_register() { if ( function_exists('register_sidebar_widget') ) : @@ -1123,6 +813,10 @@ } function widget_akismet_style() { + $plugin_dir = '/wp-content/plugins'; + if ( defined( 'PLUGINDIR' ) ) + $plugin_dir = '/' . PLUGINDIR; + ?> escape( $type ); + return $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' AND comment_type='$type' ORDER BY comment_date DESC LIMIT $start, $end"); + } + + // All + return $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT $start, $end"); +} + +// Totals for each comment type +// returns array( type => count, ... ) +function akismet_spam_totals() { + global $wpdb; + $totals = $wpdb->get_results( "SELECT comment_type, COUNT(*) AS cc FROM $wpdb->comments WHERE comment_approved = 'spam' GROUP BY comment_type" ); + $return = array(); + foreach ( $totals as $total ) + $return[$total->comment_type ? $total->comment_type : 'comment'] = $total->cc; + return $return; +} + +function akismet_manage_page() { + global $wpdb, $submenu, $wp_db_version; + + // WP 2.7 has its own spam management page + if ( 8645 <= $wp_db_version ) + return; + + $count = sprintf(__('Akismet Spam (%s)'), akismet_spam_count()); + if ( isset( $submenu['edit-comments.php'] ) ) + add_submenu_page('edit-comments.php', __('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught' ); + elseif ( function_exists('add_management_page') ) + add_management_page(__('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught'); +} + +function akismet_caught() { + global $wpdb, $comment, $akismet_caught, $akismet_nonce; + + akismet_recheck_queue(); + if (isset($_POST['submit']) && 'recover' == $_POST['action'] && ! empty($_POST['not_spam'])) { + check_admin_referer( $akismet_nonce ); + if ( function_exists('current_user_can') && !current_user_can('moderate_comments') ) + die(__('You do not have sufficient permission to moderate comments.')); + + $i = 0; + foreach ($_POST['not_spam'] as $comment): + $comment = (int) $comment; + if ( function_exists('wp_set_comment_status') ) + wp_set_comment_status($comment, 'approve'); + else + $wpdb->query("UPDATE $wpdb->comments SET comment_approved = '1' WHERE comment_ID = '$comment'"); + akismet_submit_nonspam_comment($comment); + ++$i; + endforeach; + $to = add_query_arg( 'recovered', $i, $_SERVER['HTTP_REFERER'] ); + wp_redirect( $to ); + exit; + } + if ('delete' == $_POST['action']) { + check_admin_referer( $akismet_nonce ); + if ( function_exists('current_user_can') && !current_user_can('moderate_comments') ) + die(__('You do not have sufficient permission to moderate comments.')); + + $delete_time = $wpdb->escape( $_POST['display_time'] ); + $comment_ids = $wpdb->get_col( "SELECT comment_id FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); + if ( !empty( $comment_ids ) ) { + do_action( 'delete_comment', $comment_ids ); + $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_id IN ( " . implode( ', ', $comment_ids ) . " )"); + wp_cache_delete( 'akismet_spam_count', 'widget' ); + } + $to = add_query_arg( 'deleted', 'all', $_SERVER['HTTP_REFERER'] ); + wp_redirect( $to ); + exit; + } + +if ( isset( $_GET['recovered'] ) ) { + $i = (int) $_GET['recovered']; + echo '

' . sprintf(__('%1$s comments recovered.'), $i) . "

"; +} + +if (isset( $_GET['deleted'] ) ) + echo '

' . __('All spam deleted.') . '

'; + +if ( isset( $GLOBALS['submenu']['edit-comments.php'] ) ) + $link = 'edit-comments.php'; +else + $link = 'edit.php'; +?> + +
+

+ +

%1$s spam for you since you first installed it.'), number_format_i18n($count) ); ?>

+'.__('You have no spam currently in the queue. Must be your lucky day. :)').'

'; + echo '
'; +} else { + echo '

'.__('You can delete all of the spam from your database with a single click. This operation cannot be undone, so you may wish to check to ensure that no legitimate comments got through first. Spam is automatically deleted after 15 days, so don’t sweat it.').'

'; +?> + +
+ + +    + +
+ +
+
+ +

+ +'.__('These are the latest comments identified as spam by Akismet. If you see any mistakes, simply mark the comment as "not spam" and Akismet will learn from the submission. If you wish to recover a comment from spam, simply select the comment, and click Not Spam. After 15 days we clean out the junk for you.').'

'; ?> + +escape($_POST['s']); + $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE + (comment_author LIKE '%$s%' OR + comment_author_email LIKE '%$s%' OR + comment_author_url LIKE ('%$s%') OR + comment_author_IP LIKE ('%$s%') OR + comment_content LIKE ('%$s%') ) AND + comment_approved = 'spam' + ORDER BY comment_date DESC"); +} else { + if ( isset( $_GET['apage'] ) ) + $page = (int) $_GET['apage']; + else + $page = 1; + + if ( $page < 2 ) + $page = 1; + + $current_type = false; + if ( isset( $_GET['ctype'] ) ) + $current_type = preg_replace( '|[^a-z]|', '', $_GET['ctype'] ); + + $comments = akismet_spam_comments( $current_type, $page ); + $total = akismet_spam_count( $current_type ); + $totals = akismet_spam_totals(); +?> +
    +
  • >
    • + $type_count ) { + if ( 'comment' == $type ) { + $type = 'comments'; + $show = __('Comments'); + } else { + $show = ucwords( $type ); + } + $type_count = number_format_i18n( $type_count ); + $extra = $current_type === $type ? ' class="active"' : ''; + echo "
  • $show ($type_count)
    • "; +} +do_action( 'akismet_tabs' ); // so plugins can add more tabs easily +?> +
+ +
" id="akismetsearch"> +

+

+
+ 50 ) { +$total_pages = ceil( $total / 50 ); +$r = ''; +if ( 1 < $page ) { + $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1; + $r .= '' . "\n"; +} +if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) { + for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : + if ( $page == $page_num ) : + $r .= "$page_num\n"; + else : + $p = false; + if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : + $args['apage'] = ( 1 == $page_num ) ? '' : $page_num; + $r .= '' . ( $page_num ) . "\n"; + $in = true; + elseif ( $in == true ) : + $r .= "...\n"; + $in = false; + endif; + endif; + endfor; +} +if ( ( $page ) * 50 < $total || -1 == $total ) { + $args['apage'] = $page + 1; + $r .= '' . "\n"; +} +echo "

$r

"; +?> + + +
+ + +
    +comment_date); + $post = get_post($comment->comment_post_ID); + $post_title = $post->post_title; + if ($i % 2) $class = 'class="alternate"'; + else $class = ''; + echo "\n\t
  • "; + ?> + +

    comment_author_email) { ?>| comment_author_url && 'http://' != $comment->comment_author_url) { ?> | |

    + + + +

    — [ +comment_post_ID); +$post_title = wp_specialchars( $post->post_title, 'double' ); +$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title; +?> + ]

    + + + +
+ 50 ) { +$total_pages = ceil( $total / 50 ); +$r = ''; +if ( 1 < $page ) { + $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1; + $r .= '' . "\n"; +} +if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) { + for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : + if ( $page == $page_num ) : + $r .= "$page_num\n"; + else : + $p = false; + if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : + $args['apage'] = ( 1 == $page_num ) ? '' : $page_num; + $r .= '' . ( $page_num ) . "\n"; + $in = true; + elseif ( $in == true ) : + $r .= "...\n"; + $in = false; + endif; + endif; + endfor; +} +if ( ( $page ) * 50 < $total || -1 == $total ) { + $args['apage'] = $page + 1; + $r .= '' . "\n"; +} +echo "

$r

"; +} +?> +

+ +

+

+
+ +

+ + + +
+ +

+    +

+
+ +
+" . __('Recheck Queue for Spam') . ""; + $page = str_replace( '
', '
' . $button, $page ); + return $page; + } + + if ( $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" ) ) + ob_start( 'akismet_recheck_button' ); +} + +// This option causes tons of FPs, was removed in 2.1 +function akismet_kill_proxy_check( $option ) { return 0; } +add_filter('option_open_proxy_check', 'akismet_kill_proxy_check'); diff -Nru wordpress-3.0.1/wp-content/plugins/akismet/readme.txt wordpress-3.0.5+dfsg/wp-content/plugins/akismet/readme.txt --- wordpress-3.0.1/wp-content/plugins/akismet/readme.txt 2010-06-15 12:43:58.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-content/plugins/akismet/readme.txt 2010-08-23 07:15:08.000000000 +0000 @@ -3,7 +3,8 @@ Tags: akismet, comments, spam Requires at least: 2.0 Tested up to: 3.0 -Stable tag: 2.3.0 +Stable tag: 2.4.0 +License: GPLv2 Akismet checks your comments against the Akismet web service to see if they look like spam or not. @@ -26,6 +27,17 @@ == Changelog == += 2.4.0 = + +* Spell out that the license is GPLv2 +* Fix PHP warnings +* Fix WordPress deprecated function calls +* Fire the delete_comment action when deleting comments +* Move code specific for older WP versions to legacy.php +* General code clean up + += 2.3.0 = + * Fix "Are you sure" nonce message on config screen in WPMU * Fix XHTML compliance issue in sidebar widget * Change author link; remove some old references to WordPress.com accounts diff -Nru wordpress-3.0.1/wp-content/plugins/hello.php wordpress-3.0.5+dfsg/wp-content/plugins/hello.php --- wordpress-3.0.1/wp-content/plugins/hello.php 2010-05-03 05:49:19.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-content/plugins/hello.php 1970-01-01 00:00:00.000000000 +0000 @@ -1,83 +0,0 @@ -Hello, Dolly in the upper right of your admin screen on every page. -Author: Matt Mullenweg -Version: 1.5.1 -Author URI: http://ma.tt/ -*/ - -function hello_dolly_get_lyric() { - /** These are the lyrics to Hello Dolly */ - $lyrics = "Hello, Dolly -Well, hello, Dolly -It's so nice to have you back where you belong -You're lookin' swell, Dolly -I can tell, Dolly -You're still glowin', you're still crowin' -You're still goin' strong -We feel the room swayin' -While the band's playin' -One of your old favourite songs from way back when -So, take her wrap, fellas -Find her an empty lap, fellas -Dolly'll never go away again -Hello, Dolly -Well, hello, Dolly -It's so nice to have you back where you belong -You're lookin' swell, Dolly -I can tell, Dolly -You're still glowin', you're still crowin' -You're still goin' strong -We feel the room swayin' -While the band's playin' -One of your old favourite songs from way back when -Golly, gee, fellas -Find her a vacant knee, fellas -Dolly'll never go away -Dolly'll never go away -Dolly'll never go away again"; - - // Here we split it into lines - $lyrics = explode("\n", $lyrics); - - // And then randomly choose a line - return wptexturize( $lyrics[ mt_rand(0, count($lyrics) - 1) ] ); -} - -// This just echoes the chosen line, we'll position it later -function hello_dolly() { - $chosen = hello_dolly_get_lyric(); - echo "

$chosen

"; -} - -// Now we set that function up to execute when the admin_footer action is called -add_action('admin_footer', 'hello_dolly'); - -// We need some CSS to position the paragraph -function dolly_css() { - // This makes sure that the posinioning is also good for right-to-left languages - $x = ( is_rtl() ) ? 'left' : 'right'; - - echo " - - "; -} - -add_action('admin_head', 'dolly_css'); - -?> diff -Nru wordpress-3.0.1/wp-content/themes/twentyten/languages/twentyten.pot wordpress-3.0.5+dfsg/wp-content/themes/twentyten/languages/twentyten.pot --- wordpress-3.0.1/wp-content/themes/twentyten/languages/twentyten.pot 2010-07-14 16:21:39.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-content/themes/twentyten/languages/twentyten.pot 2011-01-01 21:26:53.000000000 +0000 @@ -1,200 +1,191 @@ -# Translation of the WordPress theme Twenty Ten 1.1 by the WordPress team. -# Copyright (C) 2010 the WordPress team +# Copyright (C) 2010 Twenty Ten # This file is distributed under the same license as the Twenty Ten package. -# FIRST AUTHOR , 2010. -# -#, fuzzy msgid "" msgstr "" "Project-Id-Version: Twenty Ten 1.1\n" "Report-Msgid-Bugs-To: http://wordpress.org/tag/twentyten\n" -"POT-Creation-Date: 2010-07-14 16:21+0000\n" +"POT-Creation-Date: 2011-01-01 21:26:51+00:00\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" "PO-Revision-Date: 2010-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" -#: 404.php:16 loop.php:33 -msgid "Not Found" +#. #-#-#-#-# twentyten.pot (Twenty Ten 1.1) #-#-#-#-# +#. Theme URI of the plugin/theme +#: footer.php:33 +msgid "http://wordpress.org/" msgstr "" -#: 404.php:18 -msgid "" -"Apologies, but the page you requested could not be found. Perhaps searching " -"will help." +#: footer.php:34 +msgid "Semantic Personal Publishing Platform" msgstr "" -#: archive.php:33 -#, php-format -msgid "Daily Archives: %s" +#: footer.php:35 +msgid "Proudly powered by %s." msgstr "" -#: archive.php:35 -#, php-format -msgid "Monthly Archives: %s" +#: category.php:16 +msgid "Category Archives: %s" msgstr "" -#: archive.php:37 -#, php-format -msgid "Yearly Archives: %s" +#: sidebar.php:27 +msgid "Archives" msgstr "" -#: archive.php:39 -msgid "Blog Archives" +#: sidebar.php:34 +msgid "Meta" msgstr "" -#: attachment.php:18 -#, php-format -msgid "Return to %s" +#: tag.php:16 +msgid "Tag Archives: %s" msgstr "" -#. translators: %s - title of parent post -#: attachment.php:20 -#, php-format -msgid " %s" +#: comments.php:18 +msgid "" +"This post is password protected. Enter the password to view any comments." msgstr "" -#: attachment.php:29 -#, php-format -msgid "By %2$s" +#: comments.php:35 +msgid "One Response to %2$s" +msgid_plural "%1$s Responses to %2$s" +msgstr[0] "" +msgstr[1] "" + +#: comments.php:41 comments.php:60 +msgid " Older Comments" msgstr "" -#: attachment.php:33 functions.php:451 -#, php-format -msgid "View all posts by %s" +#: comments.php:42 comments.php:61 +msgid "Newer Comments " msgstr "" -#: attachment.php:40 -#, php-format -msgid "Published %2$s" +#: comments.php:72 +msgid "Comments are closed." msgstr "" -#: attachment.php:50 -#, php-format -msgid "Full size is %s pixels" +#: 404.php:16 loop.php:33 +msgid "Not Found" msgstr "" -#: attachment.php:53 -msgid "Link to full-size image" +#: 404.php:18 +msgid "" +"Apologies, but the page you requested could not be found. Perhaps searching " +"will help." msgstr "" -#: attachment.php:60 attachment.php:107 loop.php:95 loop.php:118 loop.php:160 -#: onecolumn-page.php:27 page.php:32 single.php:53 -msgid "Edit" +#: loop.php:25 loop.php:173 +msgid " Older posts" msgstr "" -#: attachment.php:100 functions.php:241 loop.php:110 loop.php:138 -msgid "Continue reading " +#: loop.php:26 loop.php:174 +msgid "Newer posts " msgstr "" -#: attachment.php:101 loop.php:139 onecolumn-page.php:26 page.php:31 -#: single.php:31 -msgid "Pages:" +#: loop.php:35 +msgid "" +"Apologies, but no results were found for the requested archive. Perhaps " +"searching will help find a related post." msgstr "" -#: author.php:27 -#, php-format -msgid "Author Archives: %s" +#: loop.php:60 loop.php:92 +msgctxt "gallery category slug" +msgid "gallery" msgstr "" -#: author.php:37 single.php:40 -#, php-format -msgid "About %s" +#: loop.php:62 loop.php:83 loop.php:126 +msgid "Permalink to %s" msgstr "" -#: category.php:16 -#, php-format -msgid "Category Archives: %s" +#: loop.php:82 +msgid "This gallery contains %2$s photos." msgstr "" -#: comments.php:18 -msgid "" -"This post is password protected. Enter the password to view any comments." +#: loop.php:92 +msgid "View posts in the Gallery category" msgstr "" -#: comments.php:35 -#, php-format -msgid "One Response to %2$s" -msgid_plural "%1$s Responses to %2$s" -msgstr[0] "" -msgstr[1] "" +#: loop.php:92 +msgid "More Galleries" +msgstr "" -#: comments.php:41 comments.php:60 -msgid " Older Comments" +#: loop.php:94 loop.php:117 loop.php:159 +msgid "Leave a comment" msgstr "" -#: comments.php:42 comments.php:61 -msgid "Newer Comments " +#: loop.php:94 loop.php:117 loop.php:159 +msgid "1 Comment" msgstr "" -#: comments.php:72 -msgid "Comments are closed." +#: loop.php:94 loop.php:117 loop.php:159 +msgid "% Comments" msgstr "" -#. #-#-#-#-# twentyten.pot (Twenty Ten 1.1) #-#-#-#-# -#. Theme URI of the plugin/theme -#: footer.php:33 -msgid "http://wordpress.org/" +#: loop.php:95 loop.php:118 loop.php:160 page.php:32 attachment.php:60 +#: attachment.php:107 onecolumn-page.php:27 single.php:53 +msgid "Edit" msgstr "" -#: footer.php:34 -msgid "Semantic Personal Publishing Platform" +#: loop.php:101 +msgctxt "asides category slug" +msgid "asides" msgstr "" -#: footer.php:35 -#, php-format -msgid "Proudly powered by %s." +#: loop.php:110 loop.php:138 functions.php:241 attachment.php:100 +msgid "Continue reading " +msgstr "" + +#: loop.php:139 page.php:31 attachment.php:101 onecolumn-page.php:26 +#: single.php:31 +msgid "Pages:" +msgstr "" + +#: loop.php:146 +msgid "Posted in %2$s" +msgstr "" + +#: loop.php:155 +msgid "Tagged %2$s" msgstr "" #: functions.php:97 msgid "Primary Navigation" msgstr "" -#. translators: header image description #: functions.php:133 msgid "Berries" msgstr "" -#. translators: header image description #: functions.php:139 msgid "Cherry Blossoms" msgstr "" -#. translators: header image description #: functions.php:145 msgid "Concave" msgstr "" -#. translators: header image description #: functions.php:151 msgid "Fern" msgstr "" -#. translators: header image description #: functions.php:157 msgid "Forest Floor" msgstr "" -#. translators: header image description #: functions.php:163 msgid "Inkwell" msgstr "" -#. translators: header image description #: functions.php:169 msgid "Path" msgstr "" -#. translators: header image description #: functions.php:175 msgid "Sunset" msgstr "" #: functions.php:308 -#, php-format msgid "%s says:" msgstr "" @@ -202,9 +193,7 @@ msgid "Your comment is awaiting moderation." msgstr "" -#. translators: 1: date, 2: time #: functions.php:318 -#, php-format msgid "%1$s at %2$s" msgstr "" @@ -265,35 +254,34 @@ msgstr "" #: functions.php:442 -#, php-format msgid "" "Posted on %2$s by %3$s" msgstr "" +#: functions.php:451 attachment.php:33 +msgid "View all posts by %s" +msgstr "" + #: functions.php:468 -#, php-format msgid "" "This entry was posted in %1$s and tagged %2$s. Bookmark the permalink." msgstr "" #: functions.php:470 -#, php-format msgid "" "This entry was posted in %1$s. Bookmark the permalink." msgstr "" #: functions.php:472 -#, php-format msgid "" "Bookmark the permalink." msgstr "" #: header.php:33 -#, php-format msgid "Page %s" msgstr "" @@ -301,72 +289,39 @@ msgid "Skip to content" msgstr "" -#: loop.php:25 loop.php:173 -msgid " Older posts" -msgstr "" - -#: loop.php:26 loop.php:174 -msgid "Newer posts " -msgstr "" - -#: loop.php:35 -msgid "" -"Apologies, but no results were found for the requested archive. Perhaps " -"searching will help find a related post." -msgstr "" - -#: loop.php:60 loop.php:92 -msgctxt "gallery category slug" -msgid "gallery" -msgstr "" - -#: loop.php:62 loop.php:83 loop.php:126 -#, php-format -msgid "Permalink to %s" -msgstr "" - -#: loop.php:82 -#, php-format -msgid "This gallery contains %2$s photos." -msgstr "" - -#: loop.php:92 -msgid "View posts in the Gallery category" +#: author.php:27 +msgid "Author Archives: %s" msgstr "" -#: loop.php:92 -msgid "More Galleries" +#: author.php:37 single.php:40 +msgid "About %s" msgstr "" -#: loop.php:94 loop.php:117 loop.php:159 -msgid "Leave a comment" +#: attachment.php:18 +msgid "Return to %s" msgstr "" -#: loop.php:94 loop.php:117 loop.php:159 -msgid "1 Comment" +#: attachment.php:20 +msgid " %s" msgstr "" -#: loop.php:94 loop.php:117 loop.php:159 -msgid "% Comments" +#: attachment.php:29 +msgid "By %2$s" msgstr "" -#: loop.php:101 -msgctxt "asides category slug" -msgid "asides" +#: attachment.php:40 +msgid "Published %2$s" msgstr "" -#: loop.php:146 -#, php-format -msgid "Posted in %2$s" +#: attachment.php:50 +msgid "Full size is %s pixels" msgstr "" -#: loop.php:155 -#, php-format -msgid "Tagged %2$s" +#: attachment.php:53 +msgid "Link to full-size image" msgstr "" #: search.php:16 -#, php-format msgid "Search Results for: %s" msgstr "" @@ -380,12 +335,20 @@ "different keywords." msgstr "" -#: sidebar.php:27 -msgid "Archives" +#: archive.php:33 +msgid "Daily Archives: %s" msgstr "" -#: sidebar.php:34 -msgid "Meta" +#: archive.php:35 +msgid "Monthly Archives: %s" +msgstr "" + +#: archive.php:37 +msgid "Yearly Archives: %s" +msgstr "" + +#: archive.php:39 +msgid "Blog Archives" msgstr "" #: single.php:18 single.php:58 @@ -399,15 +362,9 @@ msgstr "" #: single.php:44 -#, php-format msgid "View all posts by %s " msgstr "" -#: tag.php:16 -#, php-format -msgid "Tag Archives: %s" -msgstr "" - #. Theme Name of the plugin/theme msgid "Twenty Ten" msgstr "" diff -Nru wordpress-3.0.1/wp-includes/canonical.php wordpress-3.0.5+dfsg/wp-includes/canonical.php --- wordpress-3.0.1/wp-includes/canonical.php 2010-07-22 20:08:45.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/canonical.php 2010-10-04 11:32:25.000000000 +0000 @@ -103,10 +103,6 @@ } elseif ( is_single() && !empty($_GET['p']) && ! $redirect_url ) { if ( $redirect_url = get_permalink(get_query_var('p')) ) $redirect['query'] = remove_query_arg(array('p', 'post_type'), $redirect['query']); - if ( get_query_var( 'page' ) ) { - $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' ); - $redirect['query'] = remove_query_arg( 'page', $redirect['query'] ); - } } elseif ( is_single() && !empty($_GET['name']) && ! $redirect_url ) { if ( $redirect_url = get_permalink( $wp_query->get_queried_object_id() ) ) $redirect['query'] = remove_query_arg('name', $redirect['query']); @@ -180,12 +176,18 @@ } } elseif ( is_single() && strpos($wp_rewrite->permalink_structure, '%category%') !== false ) { - $category = get_term_by('slug', get_query_var('category_name'), 'category'); + $category = get_category_by_path(get_query_var('category_name')); $post_terms = wp_get_object_terms($wp_query->get_queried_object_id(), 'category', array('fields' => 'tt_ids')); if ( (!$category || is_wp_error($category)) || ( !is_wp_error($post_terms) && !empty($post_terms) && !in_array($category->term_taxonomy_id, $post_terms) ) ) $redirect_url = get_permalink($wp_query->get_queried_object_id()); } + // Post Paging + if ( is_singular() && get_query_var('page') && $redirect_url ) { + $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' ); + $redirect['query'] = remove_query_arg( 'page', $redirect['query'] ); + } + // paging and feeds if ( get_query_var('paged') || is_feed() || get_query_var('cpage') ) { if ( !$redirect_url ) diff -Nru wordpress-3.0.1/wp-includes/capabilities.php wordpress-3.0.5+dfsg/wp-includes/capabilities.php --- wordpress-3.0.1/wp-includes/capabilities.php 2010-07-29 21:54:41.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/capabilities.php 2010-11-30 20:40:25.000000000 +0000 @@ -799,9 +799,6 @@ case 'remove_user': $caps[] = 'remove_users'; break; - case 'delete_user': - $caps[] = 'delete_users'; - break; case 'promote_user': $caps[] = 'promote_users'; break; @@ -1028,10 +1025,13 @@ case 'delete_user': case 'delete_users': // If multisite these caps are allowed only for super admins. - if ( is_multisite() && !is_super_admin( $user_id ) ) + if ( is_multisite() && !is_super_admin( $user_id ) ) { $caps[] = 'do_not_allow'; - else + } else { + if ( 'delete_user' == $cap ) + $cap = 'delete_users'; $caps[] = $cap; + } break; case 'create_users': if ( is_multisite() && !get_site_option( 'add_new_users' ) ) @@ -1079,9 +1079,6 @@ function current_user_can_for_blog( $blog_id, $capability ) { $current_user = wp_get_current_user(); - if ( is_multisite() && is_super_admin() ) - return true; - if ( empty( $current_user ) ) return false; diff -Nru wordpress-3.0.1/wp-includes/comment.php wordpress-3.0.5+dfsg/wp-includes/comment.php --- wordpress-3.0.1/wp-includes/comment.php 2010-04-04 12:20:19.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/comment.php 2010-11-30 22:49:56.000000000 +0000 @@ -18,9 +18,8 @@ * check fails. If any of the parameter contents match the blacklist of words, * then the check fails. * - * If the comment is a trackback and part of the blogroll, then the trackback is - * automatically whitelisted. If the comment author was approved before, then - * the comment is automatically whitelisted. + * If the comment author was approved before, then the comment is + * automatically whitelisted. * * If none of the checks fail, then the failback is to set the check to pass * (return true). @@ -80,16 +79,7 @@ // Comment whitelisting: if ( 1 == get_option('comment_whitelist')) { - if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll - $uri = parse_url($url); - $domain = $uri['host']; - $uri = parse_url( home_url() ); - $home_domain = $uri['host']; - if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) - return true; - else - return false; - } elseif ( $author != '' && $email != '' ) { + if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) { // expected_slashed ($author, $email) $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); if ( ( 1 == $ok_to_comment ) && @@ -1654,7 +1644,7 @@ trackback($tb_ping, $post_title, $excerpt, $post_id); $pinged[] = $tb_ping; } else { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) ); } } } diff -Nru wordpress-3.0.1/wp-includes/default-filters.php wordpress-3.0.5+dfsg/wp-includes/default-filters.php --- wordpress-3.0.1/wp-includes/default-filters.php 2010-07-08 19:43:04.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/default-filters.php 2011-02-06 18:38:41.000000000 +0000 @@ -31,8 +31,8 @@ add_filter( $filter, 'wp_filter_kses' ); } -// Kses only for textarea saves displays -foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) { +// Kses only for textarea admin displays +foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { add_filter( $filter, 'wp_kses_data' ); } @@ -73,6 +73,9 @@ foreach ( array( 'pre_post_type' ) as $filter ) { add_filter( $filter, 'sanitize_user' ); } +foreach ( array( 'pre_post_status', 'pre_post_comment_status', 'pre_post_ping_status' ) as $filter ) { + add_filter( $filter, 'sanitize_key' ); +} // Places to balance tags on input foreach ( array( 'content_save_pre', 'excerpt_save_pre', 'comment_save_pre', 'pre_comment_content' ) as $filter ) { diff -Nru wordpress-3.0.1/wp-includes/formatting.php wordpress-3.0.5+dfsg/wp-includes/formatting.php --- wordpress-3.0.1/wp-includes/formatting.php 2010-07-08 19:43:04.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/formatting.php 2010-12-29 20:49:02.000000000 +0000 @@ -2236,7 +2236,8 @@ // Replace ampersands and single quotes only when displaying. if ( 'display' == $_context ) { - $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); + $url = wp_kses_normalize_entities( $url ); + $url = str_replace( '&', '&', $url ); $url = str_replace( "'", ''', $url ); } diff -Nru wordpress-3.0.1/wp-includes/functions.php wordpress-3.0.5+dfsg/wp-includes/functions.php --- wordpress-3.0.1/wp-includes/functions.php 2010-06-10 19:37:51.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/functions.php 2010-10-27 01:58:17.000000000 +0000 @@ -2125,7 +2125,7 @@ $siteurl = get_option( 'siteurl' ); $upload_path = get_option( 'upload_path' ); $upload_path = trim($upload_path); - $main_override = defined( 'MULTISITE' ) && is_main_site(); + $main_override = is_multisite() && defined( 'MULTISITE' ) && is_main_site(); if ( empty($upload_path) ) { $dir = WP_CONTENT_DIR . '/uploads'; } else { diff -Nru wordpress-3.0.1/wp-includes/kses.php wordpress-3.0.5+dfsg/wp-includes/kses.php --- wordpress-3.0.1/wp-includes/kses.php 2010-07-12 14:31:22.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/kses.php 2010-12-30 20:07:47.000000000 +0000 @@ -1,26 +1,33 @@ + * @author Ulf Harnhammar * * @package External * @subpackage KSES - * - * @internal - * *** CONTACT INFORMATION *** - * E-mail: metaur at users dot sourceforge dot net - * Web page: http://sourceforge.net/projects/kses - * Paper mail: Ulf Harnhammar - * Ymergatan 17 C - * 753 25 Uppsala - * SWEDEN - * - * [kses strips evil scripts!] */ /** @@ -670,7 +677,7 @@ break; } - if ( $arreach['name'] == 'style' ) { + if ( strtolower($arreach['name']) == 'style' ) { $orig_value = $arreach['value']; $value = safecss_filter_attr($orig_value); @@ -762,7 +769,7 @@ # "value" { $thisval = $match[1]; - if ( in_array($attrname, $uris) ) + if ( in_array(strtolower($attrname), $uris) ) $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); if(FALSE === array_key_exists($attrname, $attrarr)) { @@ -778,7 +785,7 @@ # 'value' { $thisval = $match[1]; - if ( in_array($attrname, $uris) ) + if ( in_array(strtolower($attrname), $uris) ) $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); if(FALSE === array_key_exists($attrname, $attrarr)) { @@ -794,7 +801,7 @@ # value { $thisval = $match[1]; - if ( in_array($attrname, $uris) ) + if ( in_array(strtolower($attrname), $uris) ) $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); if(FALSE === array_key_exists($attrname, $attrarr)) { @@ -1017,14 +1024,9 @@ * @return string Sanitized content */ function wp_kses_bad_protocol_once($string, $allowed_protocols) { - global $_kses_allowed_protocols; - $_kses_allowed_protocols = $allowed_protocols; - - $string2 = preg_split('/:|:|:/i', $string, 2); - if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) ) - $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]); - else - $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string); + $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); + if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) + $string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] ); return $string; } @@ -1038,29 +1040,19 @@ * @access private * @since 1.0.0 * - * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols + * @param string $string URI scheme to check against the whitelist + * @param string $allowed_protocols Allowed protocols * @return string Sanitized content */ -function wp_kses_bad_protocol_once2($matches) { - global $_kses_allowed_protocols; - - if ( is_array($matches) ) { - if ( empty($matches[1]) ) - return ''; - - $string = $matches[1]; - } else { - $string = $matches; - } - +function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) { $string2 = wp_kses_decode_entities($string); $string2 = preg_replace('/\s/', '', $string2); $string2 = wp_kses_no_null($string2); $string2 = strtolower($string2); $allowed = false; - foreach ( (array) $_kses_allowed_protocols as $one_protocol) - if (strtolower($one_protocol) == $string2) { + foreach ( (array) $allowed_protocols as $one_protocol ) + if ( strtolower($one_protocol) == $string2 ) { $allowed = true; break; } diff -Nru wordpress-3.0.1/wp-includes/load.php wordpress-3.0.5+dfsg/wp-includes/load.php --- wordpress-3.0.1/wp-includes/load.php 2010-06-12 21:00:08.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/load.php 2010-10-26 03:44:56.000000000 +0000 @@ -579,7 +579,7 @@ if ( defined( 'MULTISITE' ) ) return MULTISITE; - if ( defined( 'VHOST' ) || defined( 'SUNRISE' ) ) + if ( defined( 'SUBDOMAIN_INSTALL' ) || defined( 'VHOST' ) || defined( 'SUNRISE' ) ) return true; return false; diff -Nru wordpress-3.0.1/wp-includes/ms-files.php wordpress-3.0.5+dfsg/wp-includes/ms-files.php --- wordpress-3.0.1/wp-includes/ms-files.php 2010-05-13 21:40:42.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/ms-files.php 2010-11-30 20:44:08.000000000 +0000 @@ -29,14 +29,14 @@ die( '404 — File not found.' ); } -$mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] ); +$mime = wp_check_filetype( $file ); if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) ) $mime[ 'type' ] = mime_content_type( $file ); if( $mime[ 'type' ] ) $mimetype = $mime[ 'type' ]; else - $mimetype = 'image/' . substr( $_SERVER[ 'REQUEST_URI' ], strrpos( $_SERVER[ 'REQUEST_URI' ], '.' ) + 1 ); + $mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 ); header( 'Content-type: ' . $mimetype ); // always send this if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) diff -Nru wordpress-3.0.1/wp-includes/pluggable.php wordpress-3.0.5+dfsg/wp-includes/pluggable.php --- wordpress-3.0.1/wp-includes/pluggable.php 2010-06-06 14:44:48.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/pluggable.php 2011-02-03 20:42:18.000000000 +0000 @@ -825,7 +825,7 @@ $adminurl = strtolower(admin_url()); $referer = strtolower(wp_get_referer()); $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false; - if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) { + if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) { wp_nonce_ays($action); die(); } diff -Nru wordpress-3.0.1/wp-includes/script-loader.php wordpress-3.0.5+dfsg/wp-includes/script-loader.php --- wordpress-3.0.1/wp-includes/script-loader.php 2010-06-14 20:48:24.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/script-loader.php 2011-02-05 18:34:01.000000000 +0000 @@ -275,7 +275,7 @@ $scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array('jquery-ui-sortable'), '20091012' ); $scripts->add_data( 'postbox', 'group', 1 ); - $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array('suggest', 'wp-lists', 'postbox'), '20100526' ); + $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array('suggest', 'wp-lists', 'postbox'), '20110203' ); $scripts->add_data( 'post', 'group', 1 ); $scripts->localize( 'post', 'postL10n', array( 'tagsUsed' => __('Tags used on this post:'), diff -Nru wordpress-3.0.1/wp-includes/version.php wordpress-3.0.5+dfsg/wp-includes/version.php --- wordpress-3.0.1/wp-includes/version.php 2010-07-29 21:54:41.000000000 +0000 +++ wordpress-3.0.5+dfsg/wp-includes/version.php 2011-02-07 23:01:56.000000000 +0000 @@ -1,14 +1,28 @@ comment_post_ID ) ) + return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + return wp_delete_comment($comment_ID); } @@ -1185,11 +1188,14 @@ if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.editComment'); - - if ( ! get_comment($comment_ID) ) + if ( !$comment = get_comment( $comment_ID ) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); + if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) + return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + + do_action('xmlrpc_call', 'wp.editComment'); + if ( isset($content_struct['status']) ) { $statuses = get_comment_statuses(); $statuses = array_keys($statuses); @@ -1417,7 +1423,7 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'edit_posts' ) ) + if ( !current_user_can( 'edit_pages' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); do_action('xmlrpc_call', 'wp.getPageStatusList'); @@ -1957,7 +1963,7 @@ if ( !$actual_post || $actual_post['post_type'] != 'post' ) return new IXR_Error(404, __('Sorry, no such post.')); - if ( !current_user_can('edit_post', $post_ID) ) + if ( !current_user_can('delete_post', $post_ID) ) return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); $result = wp_delete_post($post_ID); @@ -1987,30 +1993,42 @@ $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; - $publish = $args[4]; + $publish = isset( $args[4] ) ? $args[4] : 0; if ( !$user = $this->login($username, $password) ) return $this->error; do_action('xmlrpc_call', 'metaWeblog.newPost'); - $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; - $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); - $post_type = 'post'; $page_template = ''; if ( !empty( $content_struct['post_type'] ) ) { if ( $content_struct['post_type'] == 'page' ) { - $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; + if ( $publish || 'publish' == $content_struct['page_status']) + $cap = 'publish_pages'; + else + $cap = 'edit_pages'; $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' ); $post_type = 'page'; if ( !empty( $content_struct['wp_page_template'] ) ) $page_template = $content_struct['wp_page_template']; } elseif ( $content_struct['post_type'] == 'post' ) { - // This is the default, no changes needed + if ( $publish || 'publish' == $content_struct['post_status']) + $cap = 'publish_posts'; + else + $cap = 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); + $post_type = 'post'; } else { // No other post_type values are allowed here return new IXR_Error( 401, __( 'Invalid post type.' ) ); } + } else { + if ( $publish || 'publish' == $content_struct['post_status']) + $cap = 'publish_posts'; + else + $cap = 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); + $post_type = 'post'; } if ( !current_user_can( $cap ) ) @@ -2275,17 +2293,32 @@ $page_template = ''; if ( !empty( $content_struct['post_type'] ) ) { if ( $content_struct['post_type'] == 'page' ) { - $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; + if ( $publish || 'publish' == $content_struct['page_status'] ) + $cap = 'publish_pages'; + else + $cap = 'edit_pages'; $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' ); $post_type = 'page'; if ( !empty( $content_struct['wp_page_template'] ) ) $page_template = $content_struct['wp_page_template']; } elseif ( $content_struct['post_type'] == 'post' ) { - // This is the default, no changes needed + if ( $publish || 'publish' == $content_struct['post_status'] ) + $cap = 'publish_posts'; + else + $cap = 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); + $post_type = 'post'; } else { // No other post_type values are allowed here return new IXR_Error( 401, __( 'Invalid post type.' ) ); } + } else { + if ( $publish || 'publish' == $content_struct['post_status'] ) + $cap = 'publish_posts'; + else + $cap = 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); + $post_type = 'post'; } if ( !current_user_can( $cap ) ) @@ -3101,7 +3134,7 @@ do_action('xmlrpc_call', 'mt.publishPost'); - if ( !current_user_can('edit_post', $post_ID) ) + if ( !current_user_can('publish_posts') || !current_user_can('edit_post', $post_ID) ) return new IXR_Error(401, __('Sorry, you cannot edit this post.')); $postdata = wp_get_single_post($post_ID,ARRAY_A); @@ -3339,4 +3372,4 @@ $wp_xmlrpc_server = new wp_xmlrpc_server(); $wp_xmlrpc_server->serve_request(); -?> +?> \ No newline at end of file