<?php @@ -63,7 +64,7 @@ </author> - <id><?php comment_link(); ?></id> + <id><?php comment_guid(); ?></id> <updated><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></updated> <published><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></published> <?php if ( post_password_required($comment_post) ) : ?> @@ -78,7 +79,7 @@ $parent_comment = get_comment($comment->comment_parent); // The rel attribute below and the id tag above should be GUIDs, but WP doesn't create them for comments (unlike posts). Either way, its more important that they both use the same system ?> - <thr:in-reply-to ref="<?php echo get_comment_link($parent_comment) ?>" href="<?php echo get_comment_link($parent_comment) ?>" type="<?php bloginfo_rss('html_type'); ?>" /> + <thr:in-reply-to ref="<?php comment_guid($parent_comment) ?>" href="<?php echo get_comment_link($parent_comment) ?>" type="<?php bloginfo_rss('html_type'); ?>" /> <?php endif; do_action('comment_atom_entry', $comment->comment_ID, $comment_post->ID); ?> diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/feed.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/feed.php --- wordpress-2.7/wp-includes/feed.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/feed.php 2009-01-20 20:56:40.000000000 +0000 @@ -223,9 +223,11 @@ * @package WordPress * @subpackage Feed * @since unknown + * + * @param int|object $comment_id Optional comment object or id. Defaults to global comment object. */ -function comment_guid() { - echo get_comment_guid(); +function comment_guid($comment_id = null) { + echo get_comment_guid($comment_id); } /** @@ -235,10 +237,11 @@ * @subpackage Feed * @since unknown * + * @param int|object $comment_id Optional comment object or id. Defaults to global comment object. * @return bool|string false on failure or guid for comment on success. */ -function get_comment_guid() { - global $comment; +function get_comment_guid($comment_id = null) { + $comment = get_comment($comment_id); if ( !is_object($comment) ) return false; @@ -252,7 +255,7 @@ * @since 1.5.0 */ function comment_link() { - echo get_comment_link(); + echo clean_url( get_comment_link() ); } /** diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/formatting.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/formatting.php --- wordpress-2.7/wp-includes/formatting.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/formatting.php 2009-01-29 17:46:48.000000000 +0000 @@ -186,34 +186,192 @@ /** * Converts a number of special characters into their HTML entities. * - * Differs from htmlspecialchars as existing HTML entities will not be encoded. - * Specifically changes: & to &, < to < and > to >. + * Specifically deals with: &, <, >, ", and '. * - * $quotes can be set to 'single' to encode ' to ', 'double' to encode " to - * ", or '1' to do both. Default is 0 where no quotes are encoded. + * $quote_style can be set to ENT_COMPAT to encode " to + * ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded. * * @since 1.2.2 * - * @param string $text The text which is to be encoded. - * @param mixed $quotes Optional. Converts single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default 0. + * @param string $string The text which is to be encoded. + * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. + * @param string $charset Optional. The character encoding of the string. Default is false. + * @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false. * @return string The encoded text with HTML entities. */ -function wp_specialchars( $text, $quotes = 0 ) { - // Like htmlspecialchars except don't double-encode HTML entities - $text = str_replace('&&', '&&', $text); - $text = str_replace('&&', '&&', $text); - $text = preg_replace('/&(?:$|([^#])(?![a-z1-4]{1,8};))/', '&$1', $text); - $text = str_replace('<', '<', $text); - $text = str_replace('>', '>', $text); - if ( 'double' === $quotes ) { - $text = str_replace('"', '"', $text); - } elseif ( 'single' === $quotes ) { - $text = str_replace("'", ''', $text); - } elseif ( $quotes ) { - $text = str_replace('"', '"', $text); - $text = str_replace("'", ''', $text); +function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) +{ + $string = (string) $string; + + if ( 0 === strlen( $string ) ) { + return ''; } - return $text; + + // Don't bother if there are no specialchars - saves some processing + if ( !preg_match( '/[&<>"\']/', $string ) ) { + return $string; + } + + // Account for the previous behaviour of the function when the $quote_style is not an accepted value + if ( empty( $quote_style ) ) { + $quote_style = ENT_NOQUOTES; + } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { + $quote_style = ENT_QUOTES; + } + + // Store the site charset as a static to avoid multiple calls to wp_load_alloptions() + if ( !$charset ) { + static $_charset; + if ( !isset( $_charset ) ) { + $alloptions = wp_load_alloptions(); + $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : ''; + } + $charset = $_charset; + } + if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) { + $charset = 'UTF-8'; + } + + $_quote_style = $quote_style; + + if ( $quote_style === 'double' ) { + $quote_style = ENT_COMPAT; + $_quote_style = ENT_COMPAT; + } elseif ( $quote_style === 'single' ) { + $quote_style = ENT_NOQUOTES; + } + + // Handle double encoding ourselves + if ( !$double_encode ) { + $string = wp_specialchars_decode( $string, $_quote_style ); + $string = preg_replace( '/&(#?x?[0-9]+|[a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string ); + } + + $string = @htmlspecialchars( $string, $quote_style, $charset ); + + // Handle double encoding ourselves + if ( !$double_encode ) { + $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string ); + } + + // Backwards compatibility + if ( 'single' === $_quote_style ) { + $string = str_replace( "'", ''', $string ); + } + + return $string; +} + +/** + * Converts a number of HTML entities into their special characters. + * + * Specifically deals with: &, <, >, ", and '. + * + * $quote_style can be set to ENT_COMPAT to decode " entities, + * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. + * + * @since 2.8 + * + * @param string $string The text which is to be decoded. + * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. + * @return string The decoded text without HTML entities. + */ +function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) +{ + $string = (string) $string; + + if ( 0 === strlen( $string ) ) { + return ''; + } + + // Don't bother if there are no entities - saves a lot of processing + if ( strpos( $string, '&' ) === false ) { + return $string; + } + + // Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value + if ( empty( $quote_style ) ) { + $quote_style = ENT_NOQUOTES; + } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { + $quote_style = ENT_QUOTES; + } + + // More complete than get_html_translation_table( HTML_SPECIALCHARS ) + $single = array( ''' => '\'', ''' => '\'' ); + $single_preg = array( '/�*39;/' => ''', '/�*27;/i' => ''' ); + $double = array( '"' => '"', '"' => '"', '"' => '"' ); + $double_preg = array( '/�*34;/' => '"', '/�*22;/i' => '"' ); + $others = array( '<' => '<', '<' => '<', '>' => '>', '>' => '>', '&' => '&', '&' => '&', '&' => '&' ); + $others_preg = array( '/�*60;/' => '<', '/�*62;/' => '>', '/�*38;/' => '&', '/�*26;/i' => '&' ); + + if ( $quote_style === ENT_QUOTES ) { + $translation = array_merge( $single, $double, $others ); + $translation_preg = array_merge( $single_preg, $double_preg, $others_preg ); + } elseif ( $quote_style === ENT_COMPAT || $quote_style === 'double' ) { + $translation = array_merge( $double, $others ); + $translation_preg = array_merge( $double_preg, $others_preg ); + } elseif ( $quote_style === 'single' ) { + $translation = array_merge( $single, $others ); + $translation_preg = array_merge( $single_preg, $others_preg ); + } elseif ( $quote_style === ENT_NOQUOTES ) { + $translation = $others; + $translation_preg = $others_preg; + } + + // Remove zero padding on numeric entities + $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string ); + + // Replace characters according to translation table + return strtr( $string, $translation ); +} + +/** + * Checks for invalid UTF8 in a string. + * + * @since 2.8 + * + * @param string $string The text which is to be checked. + * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. + * @return string The checked text. + */ +function wp_check_invalid_utf8( $string, $strip = false ) +{ + $string = (string) $string; + + if ( 0 === strlen( $string ) ) { + return ''; + } + + // Store the site charset as a static to avoid multiple calls to get_option() + static $is_utf8; + if ( !isset( $is_utf8 ) ) { + $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ); + } + if ( !$is_utf8 ) { + return $string; + } + + // Check for support for utf8 in the installed PCRE library once and store the result in a static + static $utf8_pcre; + if ( !isset( $utf8_pcre ) ) { + $utf8_pcre = @preg_match( '/^./u', 'a' ); + } + // We can't demand utf8 in the PCRE installation, so just return the string in those cases + if ( !$utf8_pcre ) { + return $string; + } + + // preg_match fails when it encounters invalid UTF8 in $string + if ( 1 === @preg_match( '/^./us', $string ) ) { + return $string; + } + + // Attempt to strip the bad chars if requested (not recommended) + if ( $strip && function_exists( 'iconv' ) ) { + return iconv( 'utf-8', 'utf-8', $string ); + } + + return ''; } /** @@ -1147,8 +1305,7 @@ return $string; } else { $subject = str_replace('_', ' ', $matches[2]); - /** @todo use preg_replace_callback() */ - $subject = preg_replace('#\=([0-9a-f]{2})#ei', "chr(hexdec(strtolower('$1')))", $subject); + $subject = preg_replace_callback('#\=([0-9a-f]{2})#i', create_function('$match', 'return chr(hexdec(strtolower($match[1])));'), $subject); return $subject; } } @@ -1157,10 +1314,11 @@ * Returns a date in the GMT equivalent. * * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the - * value of gmt_offset. + * value of the 'gmt_offset' option. * * @since 1.2.0 * + * @uses get_option() to retrieve the the value of 'gmt_offset'. * @param string $string The date to be converted. * @return string GMT version of the date provided. */ @@ -1742,10 +1900,11 @@ * @return string Escaped text. */ function js_escape($text) { - $safe_text = wp_specialchars($text, 'double'); - $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text)); - $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text)); - return apply_filters('js_escape', $safe_text, $text); + $safe_text = wp_check_invalid_utf8( $text ); + $safe_text = wp_specialchars( $safe_text, ENT_COMPAT ); + $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) ); + $safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) ); + return apply_filters( 'js_escape', $safe_text, $text ); } /** @@ -1756,9 +1915,10 @@ * @param string $text * @return string */ -function attribute_escape($text) { - $safe_text = wp_specialchars($text, true); - return apply_filters('attribute_escape', $safe_text, $text); +function attribute_escape( $text ) { + $safe_text = wp_check_invalid_utf8( $text ); + $safe_text = wp_specialchars( $safe_text, ENT_QUOTES ); + return apply_filters( 'attribute_escape', $safe_text, $text ); } /** @@ -1770,7 +1930,7 @@ * @return string */ function tag_escape($tag_name) { - $safe_tag = strtolower( preg_replace('[^a-zA-Z_:]', '', $tag_name) ); + $safe_tag = strtolower( preg_replace('/[^a-zA-Z_:]/', '', $tag_name) ); return apply_filters('tag_escape', $safe_tag, $tag_name); } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/functions.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/functions.php --- wordpress-2.7/wp-includes/functions.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/functions.php 2009-02-03 23:06:17.000000000 +0000 @@ -79,13 +79,13 @@ * The 'mysql' type will return the time in the format for MySQL DATETIME field. * The 'timestamp' type will return the current timestamp. * - * If the $gmt is set to either '1' or 'true', then both types will use the - * GMT offset in the WordPress option to add the GMT offset to the time. + * If $gmt is set to either '1' or 'true', then both types will use GMT time. + * if $gmt is false, the output is adjusted with the GMT offset in the WordPress option. * * @since 1.0.0 * * @param string $type Either 'mysql' or 'timestamp'. - * @param int|bool $gmt Optional. Whether to use $gmt offset. Default is false. + * @param int|bool $gmt Optional. Whether to use GMT timezone. Default is false. * @return int|string String if $type is 'gmt', int if $type is 'timestamp'. */ function current_time( $type, $gmt = 0 ) { @@ -2804,7 +2804,15 @@ * @return bool True if SSL, false if not used. */ function is_ssl() { - return ( isset($_SERVER['HTTPS']) && 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false; + if ( isset($_SERVER['HTTPS']) ) { + if ( 'on' == strtolower($_SERVER['HTTPS']) ) + return true; + if ( '1' == $_SERVER['HTTPS'] ) + return true; + } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { + return true; + } + return false; } /** @@ -2897,8 +2905,12 @@ * @param object $object The object to clone * @return object The cloned object */ -function wp_clone($object) { - return version_compare(phpversion(), '5.0') < 0 ? $object : clone($object); +function wp_clone( $object ) { + static $can_clone; + if ( !isset( $can_clone ) ) { + $can_clone = version_compare( phpversion(), '5.0', '>=' ); + } + return $can_clone ? clone( $object ) : $object; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/general-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/general-template.php --- wordpress-2.7/wp-includes/general-template.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/general-template.php 2008-12-30 18:35:45.000000000 +0000 @@ -1592,7 +1592,7 @@ $attributes[] = "dir=\"$dir\""; if ( $lang = get_bloginfo('language') ) { - if ( get_option('html_type') == 'text/html' || $doctype == 'xhtml' ) + if ( get_option('html_type') == 'text/html' || $doctype == 'html' ) $attributes[] = "lang=\"$lang\""; if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' ) diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/http.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/http.php --- wordpress-2.7/wp-includes/http.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/http.php 2009-01-06 17:30:41.000000000 +0000 @@ -242,6 +242,9 @@ } if ( is_null($r['body']) ) { + // Some servers fail when sending content without the content-length + // header being set. + $r['headers']['Content-Length'] = 0; $transports = WP_Http::_getTransport($r); } else { if ( is_array( $r['body'] ) || is_object( $r['body'] ) ) { @@ -390,7 +393,7 @@ * @static * * @param string $body Body content - * @return bool|string|WP_Error False if not chunked encoded. WP_Error on failure. Chunked decoded body on success. + * @return string Chunked decoded body on success or raw body on failure. */ function chunkTransferDecode($body) { $body = str_replace(array("\r\n", "\r"), "\n", $body); @@ -401,15 +404,12 @@ $parsedBody = ''; //$parsedHeaders = array(); Unsupported - $done = false; - - do { + while ( true ) { $hasChunk = (bool) preg_match( '/^([0-9a-f]+)(\s|\n)+/mi', $body, $match ); if ( $hasChunk ) { - if ( empty($match[1]) ) { - return new WP_Error('http_chunked_decode', __('Does not appear to be chunked encoded or body is malformed.') ); - } + if ( empty($match[1]) ) + return $body; $length = hexdec( $match[1] ); $chunkLength = strlen( $match[0] ); @@ -419,15 +419,12 @@ $body = ltrim(str_replace(array($match[0], $strBody), '', $body), "\n"); - if( "0" == trim($body) ) { - $done = true; + if( "0" == trim($body) ) return $parsedBody; // Ignore footer headers. - break; - } } else { - return new WP_Error('http_chunked_decode', __('Does not appear to be chunked encoded or body is malformed.') ); + return $body; } - } while ( false === $done ); + } } } @@ -644,7 +641,7 @@ if ( false === $arrURL ) return new WP_Error('http_request_failed', sprintf(__('Malformed URL: %s'), $url)); - if ( 'http' != $arrURL['scheme'] || 'https' != $arrURL['scheme'] ) + if ( 'http' != $arrURL['scheme'] && 'https' != $arrURL['scheme'] ) $url = str_replace($arrURL['scheme'], 'http', $url); if ( !defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) ) @@ -750,7 +747,7 @@ if ( false === $arrURL ) return new WP_Error('http_request_failed', sprintf(__('Malformed URL: %s'), $url)); - if ( 'http' != $arrURL['scheme'] || 'https' != $arrURL['scheme'] ) + if ( 'http' != $arrURL['scheme'] && 'https' != $arrURL['scheme'] ) $url = str_replace($arrURL['scheme'], 'http', $url); // Convert Header array to string. @@ -777,7 +774,7 @@ $context = stream_context_create($arrContext); - if ( !defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) ) + if ( ! defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) ) $handle = @fopen($url, 'r', false, $context); else $handle = fopen($url, 'r', false, $context); @@ -982,13 +979,16 @@ unset($r['headers']['user-agent']); } - // If timeout is a float less than 1, round it up to 1. + // cURL extension will sometimes fail when the timeout is less than 1 as + // it may round down to 0, which gives it unlimited timeout. if ( $r['timeout'] > 0 && $r['timeout'] < 1 ) $r['timeout'] = 1; $handle = curl_init(); curl_setopt( $handle, CURLOPT_URL, $url); + // The cURL extension requires that the option be set for the HEAD to + // work properly. if ( 'HEAD' === $r['method'] ) { curl_setopt( $handle, CURLOPT_NOBODY, true ); } @@ -1007,6 +1007,7 @@ curl_setopt( $handle, CURLOPT_TIMEOUT, $r['timeout'] ); curl_setopt( $handle, CURLOPT_MAXREDIRS, $r['redirection'] ); + // The option doesn't work with safe mode or when open_basedir is set. if ( !ini_get('safe_mode') && !ini_get('open_basedir') ) curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, true ); @@ -1062,7 +1063,7 @@ * @return boolean False means this class can not be used, true means it can. */ function test() { - if ( function_exists('curl_init') ) + if ( function_exists('curl_init') && function_exists('curl_exec') ) return true; return false; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/autosave.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/autosave.js --- wordpress-2.7/wp-includes/js/autosave.js 2008-11-10 18:54:18.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/autosave.js 2008-12-24 02:12:17.000000000 +0000 @@ -114,11 +114,11 @@ } function autosave_enable_buttons() { - jQuery("#submitpost :button:disabled, #submitpost :submit:disabled").attr('disabled', ''); + jQuery(".submitbox :button:disabled, .submitbox :submit:disabled").attr('disabled', ''); } function autosave_disable_buttons() { - jQuery("#submitpost :button:enabled, #submitpost :submit:enabled").attr('disabled', 'disabled'); + jQuery(".submitbox :button:enabled, .submitbox :submit:enabled").attr('disabled', 'disabled'); setTimeout(autosave_enable_buttons, 5000); // Re-enable 5 sec later. Just gives autosave a head start to avoid collisions. } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/thickbox/thickbox.css /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/thickbox/thickbox.css --- wordpress-2.7/wp-includes/js/thickbox/thickbox.css 2008-11-22 08:03:25.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/thickbox/thickbox.css 2009-01-24 11:57:15.000000000 +0000 @@ -33,6 +33,7 @@ .TB_overlayMacFFBGHack {background: url(macFFBgHack.png) repeat;} .TB_overlayBG { background-color:#000; + -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=75)"; filter:alpha(opacity=75); -moz-opacity: 0.75; opacity: 0.75; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/thickbox/thickbox.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/thickbox/thickbox.js --- wordpress-2.7/wp-includes/js/thickbox/thickbox.js 2008-03-15 22:57:47.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/thickbox/thickbox.js 2009-01-24 11:57:15.000000000 +0000 @@ -281,8 +281,9 @@ } function tb_position() { +var isIE6 = typeof document.body.style.maxHeight === "undefined"; jQuery("#TB_window").css({marginLeft: '-' + parseInt((TB_WIDTH / 2),10) + 'px', width: TB_WIDTH + 'px'}); - if ( !(jQuery.browser.msie && jQuery.browser.version < 7)) { // take away IE6 + if ( ! isIE6 ) { // take away IE6 jQuery("#TB_window").css({marginTop: '-' + parseInt((TB_HEIGHT / 2),10) + 'px'}); } } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/wp-ajax-response.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/wp-ajax-response.js --- wordpress-2.7/wp-includes/js/wp-ajax-response.js 2008-03-21 03:03:38.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/wp-ajax-response.js 2008-12-19 20:30:37.000000000 +0000 @@ -1,4 +1,4 @@ -wpAjax = jQuery.extend( { +var wpAjax = jQuery.extend( { unserialize: function( s ) { var r = {}; if ( !s ) { return r; } var q = s.split('?'); if ( q[1] ) { s = q[1]; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/kses.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/kses.php --- wordpress-2.7/wp-includes/kses.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/kses.php 2009-01-21 18:51:48.000000000 +0000 @@ -394,8 +394,11 @@ * @return string Content with fixed HTML tags */ function wp_kses_split($string, $allowed_html, $allowed_protocols) { - return preg_replace('%((|$))|(<[^>]*(>|$)|>))%e', - "wp_kses_split2('\\1', \$allowed_html, ".'$allowed_protocols)', $string); + global $pass_allowed_html, $pass_allowed_protocols; + $pass_allowed_html = $allowed_html; + $pass_allowed_protocols = $allowed_protocols; + return preg_replace_callback('%((|$))|(<[^>]*(>|$)|>))%', + create_function('$match', 'global $pass_allowed_html, $pass_allowed_protocols; return wp_kses_split2($match[1], $pass_allowed_html, $pass_allowed_protocols);'), $string); } /** @@ -999,8 +1002,8 @@ * @return string Content after decoded entities */ function wp_kses_decode_entities($string) { - $string = preg_replace('/&#([0-9]+);/e', 'chr("\\1")', $string); - $string = preg_replace('/&#[Xx]([0-9A-Fa-f]+);/e', 'chr(hexdec("\\1"))', $string); + $string = preg_replace_callback('/&#([0-9]+);/', create_function('$match', 'return chr($match[1]);'), $string); + $string = preg_replace_callback('/&#[Xx]([0-9A-Fa-f]+);/', create_function('$match', 'return chr(hexdec($match[1]));'), $string); return $string; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/link-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/link-template.php --- wordpress-2.7/wp-includes/link-template.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/link-template.php 2009-01-24 09:33:37.000000000 +0000 @@ -92,7 +92,10 @@ $leavename? '' : '%pagename%', ); - $post = &get_post($id); + if ( is_object($id) && isset($id->filter) && 'sample' == $id->filter ) + $post = $id; + else + $post = &get_post($id); if ( empty($post->ID) ) return false; @@ -722,7 +725,7 @@ return; } - $link = '<a href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>'; + $link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>'; echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after; } @@ -772,7 +775,7 @@ return; } - $link = '<a href="' . get_edit_comment_link( $comment->comment_ID ) . '" title="' . __( 'Edit comment' ) . '">' . $link . '</a>'; + $link = '<a class="comment-edit-link" href="' . get_edit_comment_link( $comment->comment_ID ) . '" title="' . __( 'Edit comment' ) . '">' . $link . '</a>'; echo $before . apply_filters( 'edit_comment_link', $link, $comment->comment_ID ) . $after; } @@ -1242,14 +1245,15 @@ } /** - * Display link to next comments pages. + * Return the link to next comments pages. * - * @since 2.7.0 + * @since 2.7.1 * * @param string $label Optional. Label for link text. * @param int $max_page Optional. Max page. + * @return string|null */ -function next_comments_link($label='', $max_page = 0) { +function get_next_comments_link( $label = '', $max_page = 0 ) { global $wp_query; if ( !is_singular() ) @@ -1257,9 +1261,6 @@ $page = get_query_var('cpage'); - if ( !$page ) - $page = 1; - $nextpage = intval($page) + 1; if ( empty($max_page) ) @@ -1274,29 +1275,36 @@ if ( empty($label) ) $label = __('Newer Comments »'); - echo '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ); - $attr = apply_filters( 'next_comments_link_attributes', '' ); - echo "\" $attr>". preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; + return '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; } /** - * Display the previous comments page link. + * Display the link to next comments pages. * * @since 2.7.0 * - * @param string $label Optional. Label for comments link text. + * @param string $label Optional. Label for link text. + * @param int $max_page Optional. Max page. */ -function previous_comments_link($label='') { +function next_comments_link( $label = '', $max_page = 0 ) { + echo get_next_comments_link( $label, $max_page ); +} +/** + * Return the previous comments page link. + * + * @since 2.7.1 + * + * @param string $label Optional. Label for comments link text. + * @return string|null + */ +function get_previous_comments_link( $label = '' ) { if ( !is_singular() ) return; $page = get_query_var('cpage'); - if ( !$page ) - $page = 1; - - if ( $page <= 1 ) + if ( intval($page) <= 1 ) return; $prevpage = intval($page) - 1; @@ -1304,9 +1312,18 @@ if ( empty($label) ) $label = __('« Older Comments'); - echo '<a href="' . clean_url(get_comments_pagenum_link($prevpage)); - $attr = apply_filters( 'previous_comments_link_attributes', '' ); - echo "\" $attr>". preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; + return '<a href="' . clean_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; +} + +/** + * Display the previous comments page link. + * + * @since 2.7.0 + * + * @param string $label Optional. Label for comments link text. + */ +function previous_comments_link( $label = '' ) { + echo get_previous_comments_link( $label ); } /** @@ -1337,7 +1354,7 @@ 'add_fragment' => '#comments' ); if ( $wp_rewrite->using_permalinks() ) - $defaults['base'] = user_trailingslashit(get_permalink() . 'comment-page-%#%', 'commentpaged'); + $defaults['base'] = user_trailingslashit(trailingslashit(get_permalink()) . 'comment-page-%#%', 'commentpaged'); $args = wp_parse_args( $args, $defaults ); $page_links = paginate_links( $args ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/pluggable.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/pluggable.php --- wordpress-2.7/wp-includes/pluggable.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/pluggable.php 2009-01-29 17:59:03.000000000 +0000 @@ -1210,7 +1210,7 @@ * Below is an example of how the SECRET_KEY constant is defined with a value. * You must not copy the below example and paste into your wp-config.php. If you * need an example, then you can have a - * {@link http://api.wordpress.org/secret-key/1.0/ secret key created} for you. + * {@link https://api.wordpress.org/secret-key/1.1/ secret key created} for you. * * <code> * define('SECRET_KEY', 'mAry1HadA15|\/|b17w55w1t3asSn09w'); @@ -1221,7 +1221,7 @@ * salt string is not weak. * * @since 2.5 - * @link http://api.wordpress.org/secret-key/1.0/ Create a Secret Key for wp-config.php + * @link https://api.wordpress.org/secret-key/1.1/ Create a Secret Key for wp-config.php * * @return string Salt value from either 'SECRET_KEY' or 'secret' option */ @@ -1394,6 +1394,8 @@ * * @since 2.5 * + * @param int $length The length of password to generate + * @param bool $special_chars Whether to include standard special characters * @return string The random password **/ function wp_generate_password($length = 12, $special_chars = true) { @@ -1527,21 +1529,26 @@ $default = $avatar_default; } + if ( is_ssl() ) + $host = 'https://secure.gravatar.com'; + else + $host = 'http://www.gravatar.com'; + if ( 'mystery' == $default ) - $default = "http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') + $default = "$host/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') elseif ( 'blank' == $default ) $default = includes_url('images/blank.gif'); elseif ( !empty($email) && 'gravatar_default' == $default ) $default = ''; elseif ( 'gravatar_default' == $default ) - $default = "http://www.gravatar.com/avatar/s={$size}"; + $default = "$host/avatar/s={$size}"; elseif ( empty($email) ) - $default = "http://www.gravatar.com/avatar/?d=$default&s={$size}"; + $default = "$host/avatar/?d=$default&s={$size}"; elseif ( strpos($default, 'http://') === 0 ) $default = add_query_arg( 's', $size, $default ); if ( !empty($email) ) { - $out = 'http://www.gravatar.com/avatar/'; + $out = "$host/avatar/"; $out .= md5( strtolower( $email ) ); $out .= '?s='.$size; $out .= '&d=' . urlencode( $default ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/post.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/post.php --- wordpress-2.7/wp-includes/post.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/post.php 2008-12-26 02:57:35.000000000 +0000 @@ -215,11 +215,13 @@ $_post = & $GLOBALS['post']; else return $null; - } elseif ( is_object($post) ) { + } elseif ( is_object($post) && empty($post->filter) ) { _get_post_ancestors($post); wp_cache_add($post->ID, $post, 'posts'); $_post = &$post; } else { + if ( is_object($post) ) + $post = $post->ID; $post = (int) $post; if ( ! $_post = wp_cache_get($post, 'posts') ) { $_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); @@ -739,7 +741,7 @@ function get_post_custom_values( $key = '', $post_id = 0 ) { $custom = get_post_custom($post_id); - return $custom[$key]; + return isset($custom[$key]) ? $custom[$key] : null; } /** @@ -792,12 +794,15 @@ $post->ID = 0; foreach ( array_keys(get_object_vars($post)) as $field ) $post->$field = sanitize_post_field($field, $post->$field, $post->ID, $context); + $post->filter = $context; } else { if ( !isset($post['ID']) ) $post['ID'] = 0; foreach ( array_keys($post) as $field ) $post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context); + $post['filter'] = $context; } + return $post; } @@ -2535,6 +2540,10 @@ if ( ($uploads = wp_upload_dir()) && false === $uploads['error'] ) { //Get upload directory if ( 0 === strpos($file, $uploads['basedir']) ) //Check that the upload base exists in the file location $url = str_replace($uploads['basedir'], $uploads['baseurl'], $file); //replace file location with url location + elseif ( false !== strpos($file, 'wp-content/uploads') ) + $url = $uploads['baseurl'] . substr( $file, strpos($file, 'wp-content/uploads') + 18 ); + else + $url = $uploads['baseurl'] . "/$file"; //Its a newly uploaded file, therefor $file is relative to the basedir. } } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/post-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/post-template.php --- wordpress-2.7/wp-includes/post-template.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/post-template.php 2009-02-03 23:06:17.000000000 +0000 @@ -223,7 +223,7 @@ } if ( $preview ) // preview fix for javascript bug with foreign languages - $output = preg_replace('/\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10).';'", $output); + $output = preg_replace_callback('/\%u([0-9A-F]{4})/', create_function('$match', 'return "&#" . base_convert($match[1], 16, 10) . ";";'), $output); return $output; } @@ -607,7 +607,7 @@ $current_page = 0; // sanitize, mostly to keep spaces out - $r['exclude'] = preg_replace('[^0-9,]', '', $r['exclude']); + $r['exclude'] = preg_replace('/[^0-9,]/', '', $r['exclude']); // Allow plugins to filter an array of excluded pages $r['exclude'] = implode(',', apply_filters('wp_list_pages_excludes', explode(',', $r['exclude']))); @@ -680,7 +680,7 @@ $class = ''; if ( is_front_page() && !is_paged() ) $class = 'class="current_page_item"'; - $menu .= '<li ' . $class . '><a href="' . get_option('home') . '">' . $link_before . $text . $link_after . '</a></li>'; + $menu .= '<li ' . $class . '><a href="' . get_option('home') . '">' . $args['link_before'] . $text . $args['link_after'] . '</a></li>'; // If the front page is a page, add it to the exclude list if (get_option('show_on_front') == 'page') { if ( !empty( $list_args['exclude'] ) ) { @@ -1048,7 +1048,7 @@ $autosavef = __( '%s [Autosave]' ); $currentf = __( '%s [Current Revision]' ); - $date = date_i18n( $datef, strtotime( $revision->post_modified_gmt . ' +0000' ) ); + $date = date_i18n( $datef, strtotime( $revision->post_modified ) ); if ( $link && current_user_can( 'edit_post', $revision->ID ) && $link = get_edit_post_link( $revision->ID ) ) $date = "<a href='$link'>$date</a>"; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/script-loader.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/script-loader.php --- wordpress-2.7/wp-includes/script-loader.php 2008-12-10 17:42:26.000000000 +0000 +++ wordpress-2.7.1/wp-includes/script-loader.php 2009-01-24 11:57:15.000000000 +0000 @@ -103,7 +103,7 @@ $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array('jquery'), '20'); $scripts->add( 'jquery-hotkeys', '/wp-includes/js/jquery/jquery.hotkeys.js', array('jquery'), '0.0.2' ); $scripts->add( 'jquery-table-hotkeys', '/wp-includes/js/jquery/jquery.table-hotkeys.js', array('jquery', 'jquery-hotkeys'), '20081128' ); - $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array('jquery'), '3.1-20080430'); + $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array('jquery'), '3.1-20090123'); $scripts->add( 'swfupload', '/wp-includes/js/swfupload/swfupload.js', false, '2.2.0-20081031'); $scripts->add( 'swfupload-degrade', '/wp-includes/js/swfupload/plugins/swfupload.graceful_degradation.js', array('swfupload'), '2.2.0-20081031'); $scripts->add( 'swfupload-swfobject', '/wp-includes/js/swfupload/plugins/swfupload.swfobject.js', array('swfupload'), '2.2.0-20081031'); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/taxonomy.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/taxonomy.php --- wordpress-2.7/wp-includes/taxonomy.php 2008-12-09 23:31:11.000000000 +0000 +++ wordpress-2.7.1/wp-includes/taxonomy.php 2009-01-22 22:59:40.000000000 +0000 @@ -534,6 +534,10 @@ * of term ids to exclude from the return array. If 'include' is non-empty, * 'exclude' is ignored. * + * exclude_tree - A comma- or space-delimited string of term ids to exclude + * from the return array, along with all of their descendant terms according to + * the primary taxonomy. If 'include' is non-empty, 'exclude_tree' is ignored. + * * include - Default is an empty string. A comma- or space-delimited string * of term ids to include in the return array. * @@ -604,7 +608,7 @@ $in_taxonomies = "'" . implode("', '", $taxonomies) . "'"; $defaults = array('orderby' => 'name', 'order' => 'ASC', - 'hide_empty' => true, 'exclude' => '', 'include' => '', + 'hide_empty' => true, 'exclude' => '', 'exclude_tree' => '', 'include' => '', 'number' => '', 'fields' => 'all', 'slug' => '', 'parent' => '', 'hierarchical' => true, 'child_of' => 0, 'get' => '', 'name__like' => '', 'pad_counts' => false, 'offset' => '', 'search' => ''); @@ -668,6 +672,7 @@ $inclusions = ''; if ( !empty($include) ) { $exclude = ''; + $exclude_tree = ''; $interms = preg_split('/[\s,]+/',$include); if ( count($interms) ) { foreach ( (array) $interms as $interm ) { @@ -684,11 +689,25 @@ $where .= $inclusions; $exclusions = ''; + if ( ! empty( $exclude_tree ) ) { + $excluded_trunks = preg_split('/[\s,]+/',$exclude_tree); + foreach( (array) $excluded_trunks as $extrunk ) { + $excluded_children = (array) get_terms($taxonomies[0], array('child_of' => intval($extrunk), 'fields' => 'ids')); + $excluded_children[] = $extrunk; + foreach( (array) $excluded_children as $exterm ) { + if ( empty($exclusions) ) + $exclusions = ' AND ( t.term_id <> ' . intval($exterm) . ' '; + else + $exclusions .= ' AND t.term_id <> ' . intval($exterm) . ' '; + + } + } + } if ( !empty($exclude) ) { $exterms = preg_split('/[\s,]+/',$exclude); if ( count($exterms) ) { foreach ( (array) $exterms as $exterm ) { - if (empty($exclusions)) + if ( empty($exclusions) ) $exclusions = ' AND ( t.term_id <> ' . intval($exterm) . ' '; else $exclusions .= ' AND t.term_id <> ' . intval($exterm) . ' '; @@ -717,14 +736,15 @@ if ( $hide_empty && !$hierarchical ) $where .= ' AND tt.count > 0'; - if ( !empty($number) ) { + // don't limit the query results when we have to descend the family tree + if ( ! empty($number) && ! $hierarchical && empty( $child_of ) && '' == $parent ) { if( $offset ) - $number = 'LIMIT ' . $offset . ',' . $number; + $limit = 'LIMIT ' . $offset . ',' . $number; else - $number = 'LIMIT ' . $number; + $limit = 'LIMIT ' . $number; } else - $number = ''; + $limit = ''; if ( !empty($search) ) { $search = like_escape($search); @@ -739,13 +759,11 @@ else if ( 'names' == $fields ) $select_this = 't.term_id, tt.parent, tt.count, t.name'; - $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $number"; + $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $limit"; + $terms = $wpdb->get_results($query); if ( 'all' == $fields ) { - $terms = $wpdb->get_results($query); update_term_cache($terms); - } else if ( ('ids' == $fields) || ('names' == $fields) ) { - $terms = $wpdb->get_results($query); } if ( empty($terms) ) { @@ -793,6 +811,10 @@ $terms = $_terms; } + if ( 0 < $number && intval(@count($terms)) > $number ) { + $terms = array_slice($terms, $offset, $number); + } + wp_cache_add( $cache_key, $terms, 'terms' ); $terms = apply_filters('get_terms', $terms, $taxonomies, $args); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/theme.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/theme.php --- wordpress-2.7/wp-includes/theme.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/theme.php 2009-02-02 19:17:27.000000000 +0000 @@ -849,7 +849,7 @@ if ( !current_user_can( 'switch_themes' ) ) return; - $_GET['template'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['template']); + $_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']); if ( validate_file($_GET['template']) ) return; @@ -857,7 +857,7 @@ add_filter('template', create_function('', "return '{$_GET['template']}';") ); if ( isset($_GET['stylesheet']) ) { - $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['stylesheet']); + $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']); if ( validate_file($_GET['stylesheet']) ) return; add_filter('stylesheet', create_function('', "return '{$_GET['stylesheet']}';") ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/version.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/version.php --- wordpress-2.7/wp-includes/version.php 2008-12-10 22:48:19.000000000 +0000 +++ wordpress-2.7.1/wp-includes/version.php 2009-02-10 19:30:47.000000000 +0000 @@ -8,7 +8,7 @@ * * @global string $wp_version */ -$wp_version = '2.7'; +$wp_version = '2.7.1'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/widgets.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/widgets.php --- wordpress-2.7/wp-includes/widgets.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/widgets.php 2009-01-05 23:04:05.000000000 +0000 @@ -548,7 +548,7 @@ function wp_get_sidebars_widgets($update = true) { global $wp_registered_widgets, $wp_registered_sidebars; - $sidebars_widgets = get_option('sidebars_widgets'); + $sidebars_widgets = get_option('sidebars_widgets', array()); $_sidebars_widgets = array(); if ( !isset($sidebars_widgets['array_version']) ) @@ -618,7 +618,8 @@ update_option('sidebars_widgets', $sidebars_widgets); } - unset($sidebars_widgets['array_version']); + if ( isset($sidebars_widgets['array_version']) ) + unset($sidebars_widgets['array_version']); $sidebars_widgets = apply_filters('sidebars_widgets', $sidebars_widgets); return $sidebars_widgets; @@ -1398,7 +1399,7 @@ <?php echo $before_title . $title . $after_title; ?> <ul id="recentcomments"><?php if ( $comments ) : foreach ( (array) $comments as $comment) : - echo '<li class="recentcomments">' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_comment_link($comment->comment_ID) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; + echo '<li class="recentcomments">' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; endforeach; endif;?></ul> <?php echo $after_widget; ?> <?php @@ -2092,7 +2093,7 @@ } // This is important -add_action( 'widgets_init', 'widget_many_register' ) +add_action( 'widgets_init', 'widget_many_register' ); */ diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-settings.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-settings.php --- wordpress-2.7/wp-settings.php 2008-11-10 18:54:18.000000000 +0000 +++ wordpress-2.7.1/wp-settings.php 2009-01-24 13:21:56.000000000 +0000 @@ -15,6 +15,8 @@ if ( function_exists('memory_get_usage') && ( (int) @ini_get('memory_limit') < abs(intval(WP_MEMORY_LIMIT)) ) ) @ini_set('memory_limit', WP_MEMORY_LIMIT); +set_magic_quotes_runtime(0); +@ini_set('magic_quotes_sybase', 0); /** * Turn register globals off. @@ -199,7 +201,13 @@ if (defined('WP_DEBUG') and WP_DEBUG == true) { error_reporting(E_ALL); } else { - error_reporting(E_ALL ^ E_NOTICE ^ E_USER_NOTICE); + // Unicode Extension is in PHP 6.0 only or do version check when this changes. + if ( function_exists('unicode_decode') ) + error_reporting( E_ALL ^ E_DEPRECATED ^ E_NOTICE ^ E_USER_NOTICE ^ E_STRICT ); + else if ( defined( 'E_DEPRECATED' ) ) // Introduced in PHP 5.3 + error_reporting( E_ALL ^ E_DEPRECATED ^ E_NOTICE ^ E_USER_NOTICE ); + else + error_reporting(E_ALL ^ E_NOTICE ^ E_USER_NOTICE); } // For an advanced caching plugin to use, static because you would only want one diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/xmlrpc.php /tmp/UxIoWBm4aP/wordpress-2.7.1/xmlrpc.php --- wordpress-2.7/xmlrpc.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/xmlrpc.php 2009-01-19 18:47:36.000000000 +0000 @@ -1258,8 +1258,6 @@ } else { $logged_in = true; set_current_user( 0, $username ); - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); } if ( is_numeric($post) ) @@ -1285,12 +1283,15 @@ $comment['comment_author'] = ''; if ( isset($content_struct['author']) ) $comment['comment_author'] = $content_struct['author']; + $comment['comment_author_email'] = ''; - if ( isset($content_struct['author']) ) + if ( isset($content_struct['author_email']) ) $comment['comment_author_email'] = $content_struct['author_email']; + $comment['comment_author_url'] = ''; - if ( isset($content_struct['author']) ) + if ( isset($content_struct['author_url']) ) $comment['comment_author_url'] = $content_struct['author_url']; + $comment['user_ID'] = 0; if ( get_option('require_name_email') ) { @@ -2761,7 +2762,8 @@ foreach ( $cats as $cat ) { $struct['categoryId'] = $cat->term_id; $struct['parentId'] = $cat->parent; - $struct['description'] = $cat->description; + $struct['description'] = $cat->name; + $struct['categoryDescription'] = $cat->description; $struct['categoryName'] = $cat->name; $struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id)); $struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term

diff -Nru wordpress-2.7/debian/changelog wordpress-2.7.1/debian/changelog --- wordpress-2.7/debian/changelog 2009-02-13 03:48:15.000000000 +0000 +++ wordpress-2.7.1/debian/changelog 2009-02-13 03:48:15.000000000 +0000 @@ -1,8 +1,18 @@ -wordpress (2.7-1~ppa~jaunty) jaunty; urgency=low +wordpress (2.7.1-1~ppa~jaunty) jaunty; urgency=low - * New Upstream Release + * Upload to PPA - -- Joseph Smidt Tue, 10 Feb 2009 08:27:24 -0800 + -- Joseph Smidt Thu, 12 Feb 2009 19:41:31 -0800 + +wordpress (2.7.1-1) experimental; urgency=low + + * Merge with upstream Wordpress-2.7 (Closes: #514845) + * Corrected security regression on CVE-2008-2392. + Admins had unfiltered upload capability again. + Now this options is disabled by default and can be + enable through the security options panel. + + -- Andrea De Iacovo Thu, 12 Feb 2009 00:39:29 +0100 wordpress (2.7-1) experimental; urgency=low diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/debian/control /tmp/UxIoWBm4aP/wordpress-2.7.1/debian/control --- wordpress-2.7/debian/control 2009-02-13 03:48:15.000000000 +0000 +++ wordpress-2.7.1/debian/control 2009-02-13 03:48:15.000000000 +0000 @@ -1,8 +1,8 @@ Source: wordpress Section: web Priority: optional -Maintainer: Joseph Smidt -XSCB-Original-Maintainer: Andrea De Iacovo +Maintainer: Joseph Smidt +XSBC-Original-Maintainer: Andrea De Iacovo Standards-Version: 3.8.0 Build-Depends: debhelper, gettext, dpatch Homepage: http://wordpress.org diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/debian/patches/007_REQUEST.patch /tmp/UxIoWBm4aP/wordpress-2.7.1/debian/patches/007_REQUEST.patch --- wordpress-2.7/debian/patches/007_REQUEST.patch 1970-01-01 01:00:00.000000000 +0100 +++ wordpress-2.7.1/debian/patches/007_REQUEST.patch 2009-02-13 03:48:15.000000000 +0000 @@ -0,0 +1,50 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## Bad $_REQUEST usage patch.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: This patch introduces a workaround to avoid DoS and data loss because +## DP: of a bad $_REQUEST usage in wordpress + +@DPATCH@ + +diff -Nru wordpress-2.5.1/wp-admin/admin.php wordpress-2.5.1-new/wp-admin/admin.php +--- wordpress-2.5.1/wp-admin/admin.php 2008-03-12 01:12:34.000000000 +0100 ++++ wordpress-2.5.1-new/wp-admin/admin.php 2008-11-10 09:19:52.000000000 +0100 +@@ -19,6 +19,9 @@ + + update_category_cache(); + ++if (!check_malicious_cookies()) ++ die("Warning! Malicious cookies indentified. Please clean cookies for this host and retry.

Wordpress will be unusable until you clean your cookies"); ++ + $posts_per_page = get_option('posts_per_page'); + $what_to_show = get_option('what_to_show'); + $date_format = get_option('date_format'); +diff -Nru wordpress-2.5.1/wp-admin/includes/admin.php wordpress-2.5.1-new/wp-admin/includes/admin.php +--- wordpress-2.5.1/wp-admin/includes/admin.php 2008-04-14 19:07:18.000000000 +0200 ++++ wordpress-2.5.1-new/wp-admin/includes/admin.php 2008-11-10 08:52:34.000000000 +0100 +@@ -5,6 +5,8 @@ + * @package WordPress + * @subpackage Administration + */ ++/**Debianized workaround for CVE-2008-5113 */ ++require_once(ABSPATH . 'wp-admin/includes/check_malicious.php'); + + /** WordPress Bookmark Administration API */ + require_once(ABSPATH . 'wp-admin/includes/bookmark.php'); +diff -Nru wordpress-2.5.1/wp-admin/includes/check_malicious.php wordpress-2.5.1-new/wp-admin/includes/check_malicious.php +--- wordpress-2.5.1/wp-admin/includes/check_malicious.php 1970-01-01 01:00:00.000000000 +0100 ++++ wordpress-2.5.1-new/wp-admin/includes/check_malicious.php 2008-11-10 08:58:49.000000000 +0100 +@@ -0,0 +1,12 @@ ++ "", "action" => ""); ++ foreach ($_COOKIE as $name => $value) ++ foreach ($malicious as $dangerous => $dvalue) ++ if ($name == $dangerous) ++ $safe = false; ++ ++ return $safe; ++} ++?> diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/debian/patches/008CVE2008-2392.patch /tmp/UxIoWBm4aP/wordpress-2.7.1/debian/patches/008CVE2008-2392.patch --- wordpress-2.7/debian/patches/008CVE2008-2392.patch 1970-01-01 01:00:00.000000000 +0100 +++ wordpress-2.7.1/debian/patches/008CVE2008-2392.patch 2009-02-13 03:48:15.000000000 +0000 @@ -0,0 +1,176 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## CVE-2008-2392.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Disables unfiltered upload capability for administrators. + +@DPATCH@ + +diff -Nru wordpress-old/wp-admin/includes/schema.php wordpress-2.7.1/wp-admin/includes/schema.php +--- wordpress-old/wp-admin/includes/schema.php 2009-02-12 09:13:33.000000000 +0100 ++++ wordpress-2.7.1/wp-admin/includes/schema.php 2009-02-12 09:13:44.000000000 +0100 +@@ -482,11 +482,11 @@ + * @since 2.3.0 + */ + function populate_roles_230() { +- $role =& get_role( 'administrator' ); +- +- if ( !empty( $role ) ) { +- $role->add_cap( 'unfiltered_upload' ); +- } ++# $role =& get_role( 'administrator' ); ++# ++# if ( !empty( $role ) ) { ++# $role->add_cap( 'unfiltered_upload' ); ++# } + } + + /** +diff -Nru wordpress-old/wp-admin/menu.php wordpress-2.7.1/wp-admin/menu.php +--- wordpress-old/wp-admin/menu.php 2009-01-22 19:56:10.000000000 +0100 ++++ wordpress-2.7.1/wp-admin/menu.php 2009-02-12 08:37:00.000000000 +0100 +@@ -98,6 +98,7 @@ + $submenu['options-general.php'][35] = array(__('Privacy'), 'manage_options', 'options-privacy.php'); + $submenu['options-general.php'][40] = array(__('Permalinks'), 'manage_options', 'options-permalink.php'); + $submenu['options-general.php'][45] = array(__('Miscellaneous'), 'manage_options', 'options-misc.php'); ++ $submenu['options-general.php'][45] = array(__('Security'), 'manage_options', 'options-security.php'); + + $_wp_last_utility_menu = 60; // The index of the last top-level menu in the utility menu group + +diff -Nru wordpress-old/wp-admin/options-sec.php wordpress-2.7.1/wp-admin/options-sec.php +--- wordpress-old/wp-admin/options-sec.php 1970-01-01 01:00:00.000000000 +0100 ++++ wordpress-2.7.1/wp-admin/options-sec.php 2009-02-12 09:10:48.000000000 +0100 +@@ -0,0 +1,48 @@ ++remove_cap('unfiltered_upload'); ++ $change_ok = true; ++ } ++else if (isset($_POST["unfiltered_upload"]) && $_POST["unf_up"]=="false"){ ++ $role->add_cap('unfiltered_upload'); ++ $change_ok = true; ++ } ++ ++$wp_rewrite->flush_rules(); ++ ++wp_cache_flush(); ++ ++$goback = add_query_arg( 'updated', $change_ok, wp_get_referer() ); ++wp_redirect( $goback ); ++ ++include('admin-footer.php'); ++?> +diff -Nru wordpress-old/wp-admin/options-security.php wordpress-2.7.1/wp-admin/options-security.php +--- wordpress-old/wp-admin/options-security.php 1970-01-01 01:00:00.000000000 +0100 ++++ wordpress-2.7.1/wp-admin/options-security.php 2009-02-12 08:58:59.000000000 +0100 +@@ -0,0 +1,81 @@ ++ ++ ++ ++ ++

++ ++

++ ++ ++ ++

	++has_cap('unfiltered_upload')); ?> /> ++ ++has_cap("unfiltered_upload"); ++if (!$unf_up) ++ print(''); ++else ++ print(''); ++?> ++

++ ++ diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/debian/patches/00list /tmp/UxIoWBm4aP/wordpress-2.7.1/debian/patches/00list --- wordpress-2.7/debian/patches/00list 2009-02-13 03:48:15.000000000 +0000 +++ wordpress-2.7.1/debian/patches/00list 2009-02-13 03:48:15.000000000 +0000 @@ -4,3 +4,5 @@ 004languages.patch 005french.patch 006rss_language.patch +007_REQUEST.patch +008CVE2008-2392.patch diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/admin-ajax.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/admin-ajax.php --- wordpress-2.7/wp-admin/admin-ajax.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/admin-ajax.php 2009-02-03 23:06:17.000000000 +0000 @@ -431,6 +431,9 @@ if ( empty( $tags ) ) die( __('No tags found!') ); + if ( is_wp_error($tags) ) + die($tags->get_error_message()); + foreach ( $tags as $key => $tag ) { $tags[ $key ]->link = '#'; $tags[ $key ]->id = $tag->term_id; @@ -720,7 +723,7 @@ $do_lock = true; $data = ''; - $message = sprintf( __('Draft Saved at %s.'), date( __('g:i:s a'), current_time( 'timestamp', true ) ) ); + $message = sprintf( __('Draft Saved at %s.'), date_i18n( __('g:i:s a') ) ); $supplemental = array(); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/admin.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/admin.php --- wordpress-2.7/wp-admin/admin.php 2008-11-30 13:02:30.000000000 +0000 +++ wordpress-2.7.1/wp-admin/admin.php 2009-01-05 19:25:32.000000000 +0000 @@ -61,7 +61,12 @@ $page_hook = get_plugin_page_hook($plugin_page, $plugin_page); // backwards compatibility for plugins using add_management_page if ( empty( $page_hook ) && 'edit.php' == $pagenow && '' != get_plugin_page_hook($plugin_page, 'tools.php') ) { - wp_redirect('tools.php?page=' . $plugin_page); + // There could be plugin specific params on the URL, so we need the whole query string + if ( !empty($_SERVER[ 'QUERY_STRING' ]) ) + $query_string = $_SERVER[ 'QUERY_STRING' ]; + else + $query_string = 'page=' . $plugin_page; + wp_redirect( 'tools.php?' . $query_string ); exit; } } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/css/colors-classic.css /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/css/colors-classic.css --- wordpress-2.7/wp-admin/css/colors-classic.css 2008-12-09 20:25:12.000000000 +0000 +++ wordpress-2.7.1/wp-admin/css/colors-classic.css 2009-01-07 08:29:30.000000000 +0000 @@ -613,15 +613,15 @@ background-color: #fff; } -.plugins .active { +.plugins .active, +.plugins .active th, +.plugins .active td { background-color: #e7f7d3; } -.plugins .togl { - border-right-color: #ccc; -} - -#the-comment-list .unapproved { +#the-comment-list .unapproved, +#the-comment-list .unapproved th, +#the-comment-list .unapproved td { background-color: #ffffe0; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/css/colors-fresh.css /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/css/colors-fresh.css --- wordpress-2.7/wp-admin/css/colors-fresh.css 2008-12-09 20:25:12.000000000 +0000 +++ wordpress-2.7.1/wp-admin/css/colors-fresh.css 2009-01-07 08:29:30.000000000 +0000 @@ -613,15 +613,15 @@ background-color: #fff; } -.plugins .active { +.plugins .active, +.plugins .active th, +.plugins .active td { background-color: #e7f7d3; } -.plugins .togl { - border-right-color: #ccc; -} - -#the-comment-list .unapproved { +#the-comment-list .unapproved, +#the-comment-list .unapproved th, +#the-comment-list .unapproved td { background-color: #ffffe0; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/css/ie.css /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/css/ie.css --- wordpress-2.7/wp-admin/css/ie.css 2008-12-02 23:53:43.000000000 +0000 +++ wordpress-2.7.1/wp-admin/css/ie.css 2009-01-04 11:57:41.000000000 +0000 @@ -179,6 +179,10 @@ } /* end Inline Editor */ +input { + line-height: 1; +} + * html .row-actions { visibility: visible; } @@ -273,7 +277,8 @@ width: 100%; } -#ed_toolbar input { +#ed_toolbar input, +#ed_reply_toolbar input { overflow: visible; padding: 0 4px; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/css/press-this.css /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/css/press-this.css --- wordpress-2.7/wp-admin/css/press-this.css 2008-12-04 04:58:27.000000000 +0000 +++ wordpress-2.7.1/wp-admin/css/press-this.css 2008-12-18 19:34:11.000000000 +0000 @@ -120,9 +120,7 @@ font-weight: bold; padding: 7px; margin: 0 0 10px; - background-image: url(../images/postbox-bg.gif); - background-position: left top; - background-repeat: repeat-x; + background: #dfdfdf url("../images/gray-grad.png") repeat-x left top; font-size: 12px; font-weight: bold; line-height: 1; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/edit-comments.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/edit-comments.php --- wordpress-2.7/wp-admin/edit-comments.php 2008-12-10 02:27:08.000000000 +0000 +++ wordpress-2.7.1/wp-admin/edit-comments.php 2009-01-26 03:14:31.000000000 +0000 @@ -18,8 +18,11 @@ check_admin_referer('bulk-spam-delete', '_spam_nonce'); $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] ); - $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); - + if ( current_user_can('moderate_comments')) { + $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); + } else { + $deleted_spam = 0; + } $redirect_to = 'edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam; if ( $post_id ) $redirect_to = add_query_arg( 'p', absint( $post_id ), $redirect_to ); @@ -272,9 +275,11 @@ - - + wp_nonce_field('bulk-spam-delete', '_spam_nonce'); + if ( current_user_can ('moderate_comments')) { ?> + + @@ -324,7 +329,7 @@ - + diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/edit-link-form.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/edit-link-form.php --- wordpress-2.7/wp-admin/edit-link-form.php 2008-12-10 18:08:34.000000000 +0000 +++ wordpress-2.7.1/wp-admin/edit-link-form.php 2008-12-30 17:41:34.000000000 +0000 @@ -118,7 +118,7 @@

- +

diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/import/blogger.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/import/blogger.php --- wordpress-2.7/wp-admin/import/blogger.php 2008-11-28 02:12:36.000000000 +0000 +++ wordpress-2.7.1/wp-admin/import/blogger.php 2009-01-21 18:51:48.000000000 +0000 @@ -550,7 +550,7 @@ $post_status = isset( $entry->draft ) ? 'draft' : 'publish'; // Clean up content - $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); + $post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content); $post_content = str_replace('
', '
', $post_content); $post_content = str_replace('

', '

', $post_content); @@ -603,7 +603,7 @@ $comment_content = addslashes( $this->no_apos( html_entity_decode( $entry->content ) ) ); // Clean up content - $comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content); + $comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content); $comment_content = str_replace('
', '
', $comment_content); $comment_content = str_replace('

', '

', $comment_content); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/import/blogware.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/import/blogware.php --- wordpress-2.7/wp-admin/import/blogware.php 2008-11-26 13:51:25.000000000 +0000 +++ wordpress-2.7.1/wp-admin/import/blogware.php 2009-01-21 18:51:48.000000000 +0000 @@ -89,7 +89,7 @@ } // Clean up content - $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); + $post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content); $post_content = str_replace('
', '
', $post_content); $post_content = str_replace('

', '

', $post_content); $post_content = $wpdb->escape($post_content); @@ -129,7 +129,7 @@ $comment_content = $this->unhtmlentities($comment_content); // Clean up content - $comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content); + $comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content); $comment_content = str_replace('
', '
', $comment_content); $comment_content = str_replace('

', '

', $comment_content); $comment_content = $wpdb->escape($comment_content); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/import/livejournal.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/import/livejournal.php --- wordpress-2.7/wp-admin/import/livejournal.php 2008-11-26 13:51:25.000000000 +0000 +++ wordpress-2.7.1/wp-admin/import/livejournal.php 2009-01-21 18:51:48.000000000 +0000 @@ -70,7 +70,7 @@ $post_content = $this->unhtmlentities($post_content); // Clean up content - $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); + $post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content); $post_content = str_replace('
', '
', $post_content); $post_content = str_replace('

', '

', $post_content); $post_content = $wpdb->escape($post_content); @@ -106,7 +106,7 @@ $comment_content = $this->unhtmlentities($comment_content); // Clean up content - $comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content); + $comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content); $comment_content = str_replace('
', '
', $comment_content); $comment_content = str_replace('

', '

', $comment_content); $comment_content = $wpdb->escape($comment_content); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/import/mt.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/import/mt.php --- wordpress-2.7/wp-admin/import/mt.php 2008-11-26 13:51:25.000000000 +0000 +++ wordpress-2.7.1/wp-admin/import/mt.php 2009-01-24 12:24:16.000000000 +0000 @@ -438,8 +438,10 @@ $ping->comment_author = $blog; } else { // Processing multi-line field, check context. - - $line .= "\n"; + + if( !empty($line) ) + $line .= "\n"; + if ( 'body' == $context ) { $post->post_content .= $line; } else if ( 'extended' == $context ) { diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/import/rss.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/import/rss.php --- wordpress-2.7/wp-admin/import/rss.php 2008-11-26 13:51:25.000000000 +0000 +++ wordpress-2.7.1/wp-admin/import/rss.php 2009-01-21 18:51:48.000000000 +0000 @@ -103,7 +103,7 @@ } // Clean up content - $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); + $post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content); $post_content = str_replace('
', '
', $post_content); $post_content = str_replace('

', '

', $post_content); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/import/wordpress.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/import/wordpress.php --- wordpress-2.7/wp-admin/import/wordpress.php 2008-12-09 21:50:35.000000000 +0000 +++ wordpress-2.7.1/wp-admin/import/wordpress.php 2009-01-21 18:51:48.000000000 +0000 @@ -381,12 +381,12 @@ $post_author = $this->get_tag( $post, 'dc:creator' ); $post_excerpt = $this->get_tag( $post, 'excerpt:encoded' ); - $post_excerpt = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_excerpt); + $post_excerpt = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_excerpt); $post_excerpt = str_replace('
', '
', $post_excerpt); $post_excerpt = str_replace('

', '

', $post_excerpt); $post_content = $this->get_tag( $post, 'content:encoded' ); - $post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content); + $post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content); $post_content = str_replace('
', '
', $post_content); $post_content = str_replace('

', '

', $post_content); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/bookmark.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/bookmark.php --- wordpress-2.7/wp-admin/includes/bookmark.php 2008-11-14 23:01:16.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/bookmark.php 2009-01-22 22:47:48.000000000 +0000 @@ -142,8 +142,13 @@ if ( !empty( $link_id ) ) $update = true; - if ( trim( $link_name ) == '' ) - return 0; + if ( trim( $link_name ) == '' ) { + if ( trim( $link_url ) != '' ) { + $link_name = $link_url; + } else { + return 0; + } + } if ( trim( $link_url ) == '' ) return 0; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/dashboard.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/dashboard.php --- wordpress-2.7/wp-admin/includes/dashboard.php 2008-12-09 20:38:44.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/dashboard.php 2009-01-05 10:07:17.000000000 +0000 @@ -181,12 +181,13 @@ // Posts $num = number_format_i18n( $num_posts->publish ); - if ( current_user_can( 'edit_posts' ) ) - $text = "$num"; - else - $text = $num; - echo '' . $text . ''; - echo '' . __ngettext( 'Post', 'Posts', intval($num_posts->publish) ) . ''; + $text = __ngettext( 'Post', 'Posts', intval($num_posts->publish) ); + if ( current_user_can( 'edit_posts' ) ) { + $num = "$num"; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; /* TODO: Show status breakdown on hover if ( $can_edit_pages && !empty($num_pages->publish) ) { // how many pages is not exposed in feeds. Don't show if !current_user_can $post_type_texts[] = ''.sprintf( __ngettext( '%s page', '%s pages', $num_pages->publish ), number_format_i18n( $num_pages->publish ) ).''; @@ -206,58 +207,79 @@ // Total Comments $num = number_format_i18n($num_comm->total_comments); - if ( current_user_can( 'moderate_comments' ) ) + $text = __ngettext( 'Comment', 'Comments', $num_comm->total_comments ); + if ( current_user_can( 'moderate_comments' ) ) { $num = "$num"; - echo ''.$num.''; - echo '' . __ngettext( 'Comment', 'Comments', $num_comm->total_comments ) . ''; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; echo ''; // Pages $num = number_format_i18n( $num_pages->publish ); - if ( current_user_can( 'edit_pages' ) ) + $text = __ngettext( 'Page', 'Pages', $num_pages->publish ); + if ( current_user_can( 'edit_pages' ) ) { $num = "$num"; - echo ''.$num.''; - echo '' . __ngettext( 'Page', 'Pages', $num_pages->publish ) . ''; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; // Approved Comments $num = number_format_i18n($num_comm->approved); - if ( current_user_can( 'moderate_comments' ) ) + $text = __ngettext( 'Approved', 'Approved', $num_comm->approved ); + if ( current_user_can( 'moderate_comments' ) ) { $num = "$num"; - echo ''.$num.''; - echo '' . __ngettext( 'Approved', 'Approved', $num_comm->approved ) . ''; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; echo "\n\t"; // Categories $num = number_format_i18n( $num_cats ); - if ( current_user_can( 'manage_categories' ) ) + $text = __ngettext( 'Category', 'Categories', $num_cats ); + if ( current_user_can( 'manage_categories' ) ) { $num = "$num"; - echo ''.$num.''; - echo '' . __ngettext( 'Category', 'Categories', $num_cats ) . ''; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; // Pending Comments $num = number_format_i18n($num_comm->moderated); - if ( current_user_can( 'moderate_comments' ) ) + $text = __ngettext( 'Pending', 'Pending', $num_comm->moderated ); + if ( current_user_can( 'moderate_comments' ) ) { $num = "$num"; - echo ''.$num.''; - echo '' . __ngettext( 'Pending', 'Pending', $num_comm->moderated ) . ''; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; echo "\n\t"; // Tags $num = number_format_i18n( $num_tags ); - if ( current_user_can( 'manage_categories' ) ) + $text = __ngettext( 'Tag', 'Tags', $num_tags ); + if ( current_user_can( 'manage_categories' ) ) { $num = "$num"; - echo ''.$num.''; - echo '' . __ngettext( 'Tag', 'Tags', $num_tags ) . ''; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; // Spam Comments $num = number_format_i18n($num_comm->spam); - if ( current_user_can( 'moderate_comments' ) ) + $text = __ngettext( 'Spam', 'Spam', $num_comm->spam ); + if ( current_user_can( 'moderate_comments' ) ) { $num = "$num"; - echo ''.$num.''; - echo '' . __ngettext( 'Spam', 'Spam', $num_comm->spam ) . ''; + $text = "$text"; + } + echo '' . $num . ''; + echo '' . $text . ''; echo ""; do_action('right_now_table_end'); @@ -281,7 +303,7 @@ update_right_now_message(); - echo "\n\t".''; + echo "\n\t".'
'; do_action( 'rightnow_end' ); do_action( 'activity_box_end' ); } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/file.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/file.php --- wordpress-2.7/wp-admin/includes/file.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/file.php 2008-12-12 20:12:35.000000000 +0000 @@ -667,8 +667,13 @@ $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? $_POST['public_key'] : $credentials['public_key']); $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? $_POST['private_key'] : $credentials['private_key']); + //sanitize the hostname, Some people might pass in odd-data: + $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off + if ( strpos($credentials['hostname'], ':') ) list( $credentials['hostname'], $credentials['port'] ) = explode(':', $credentials['hostname'], 2); + else + unset($credentials['port']); if ( defined('FTP_SSH') || (isset($_POST['connection_type']) && 'ssh' == $_POST['connection_type']) ) $credentials['connection_type'] = 'ssh'; @@ -679,7 +684,10 @@ if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) { $stored_credentials = $credentials; - unset($stored_credentials['password'], $stored_credentials['private_key'], $stored_credentials['public_key']); + if ( !empty($stored_credentials['port']) ) //save port as part of hostname to simplify above code. + $stored_credentials['hostname'] .= ':' . $stored_credentials['port']; + + unset($stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key']); update_option('ftp_credentials', $stored_credentials); return $credentials; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/media.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/media.php --- wordpress-2.7/wp-admin/includes/media.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/media.php 2009-01-24 14:44:15.000000000 +0000 @@ -369,6 +369,11 @@ function media_upload_form_handler() { check_admin_referer('media-form'); + if ( isset($_POST['send']) ) { + $keys = array_keys($_POST['send']); + $send_id = (int) array_shift($keys); + } + if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { $post = $_post = get_post($attachment_id, ARRAY_A); if ( isset($attachment['post_content']) ) @@ -379,8 +384,10 @@ $post['post_excerpt'] = $attachment['post_excerpt']; if ( isset($attachment['menu_order']) ) $post['menu_order'] = $attachment['menu_order']; - if ( isset($attachment['post_parent']) ) - $post['post_parent'] = $attachment['post_parent']; + if ( isset($send_id) && $attachment_id == $send_id ) { + if ( isset($attachment['post_parent']) ) + $post['post_parent'] = $attachment['post_parent']; + } $post = apply_filters('attachment_fields_to_save', $post, $attachment); @@ -408,9 +415,7 @@ exit; } - if ( isset($_POST['send']) ) { - $keys = array_keys($_POST['send']); - $send_id = (int) array_shift($keys); + if ( isset($send_id) ) { $attachment = stripslashes_deep( $_POST['attachments'][$send_id] ); $html = $attachment['post_title']; if ( !empty($attachment['url']) ) { diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/plugin.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/plugin.php --- wordpress-2.7/wp-admin/includes/plugin.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/plugin.php 2009-01-22 22:34:56.000000000 +0000 @@ -121,7 +121,7 @@ else $plugin_data['Title'] = $plugin_data['Name']; - if ( ! empty($plugin_data['AuthorURI']) ) + if ( ! empty($plugin_data['AuthorURI']) && ! empty($plugin_data['Author']) ) $plugin_data['Author'] = '' . $plugin_data['Author'] . ''; $plugin_data['Description'] = wptexturize( $plugin_data['Description'] ); @@ -862,7 +862,7 @@ $parent = get_admin_page_parent(); - if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) ) + if ( !isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$pagenow] ) ) return false; if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) ) diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/post.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/post.php --- wordpress-2.7/wp-admin/includes/post.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/post.php 2008-12-26 22:36:48.000000000 +0000 @@ -228,7 +228,7 @@ if ( empty($post_data) ) $post_data = &$_POST; - if ( 'page' == $post_data['post_type'] ) { + if ( isset($post_data['post_type']) && 'page' == $post_data['post_type'] ) { if ( ! current_user_can( 'edit_pages' ) ) wp_die( __('You are not allowed to edit pages.') ); } else { @@ -236,7 +236,7 @@ wp_die( __('You are not allowed to edit posts.') ); } - $post_IDs = array_map( intval, (array) $post_data['post'] ); + $post_IDs = array_map( 'intval', (array) $post_data['post'] ); $reset = array( 'post_author', 'post_status', 'post_password', 'post_parent', 'page_template', 'comment_status', 'ping_status', 'keep_private', 'tags_input', 'post_category', 'sticky' ); foreach ( $reset as $field ) { @@ -909,6 +909,8 @@ $post->post_name = sanitize_title($name? $name : $title, $post->ID); } + $post->filter = 'sample'; + $permalink = get_permalink($post, true); // Handle page hierarchy @@ -926,6 +928,8 @@ $post->post_status = $original_status; $post->post_date = $original_date; $post->post_name = $original_name; + unset($post->filter); + return $permalink; } @@ -1161,9 +1165,9 @@ if ( ! empty($mce_external_languages) ) { foreach ( $mce_external_languages as $name => $path ) { - if ( is_file($path) && is_readable($path) ) { + if ( @is_file($path) && @is_readable($path) ) { include_once($path); - $ext_plugins .= $strings; + $ext_plugins .= $strings . "\n"; $loaded_langs[] = $name; } } @@ -1184,21 +1188,21 @@ if ( function_exists('realpath') ) $path = trailingslashit( realpath($path) ); - if ( is_file($path . $mce_locale . '.js') ) - $strings .= @file_get_contents($path . $mce_locale . '.js'); + if ( @is_file($path . $mce_locale . '.js') ) + $strings .= @file_get_contents($path . $mce_locale . '.js') . "\n"; - if ( is_file($path . $mce_locale . '_dlg.js') ) - $strings .= @file_get_contents($path . $mce_locale . '_dlg.js'); + if ( @is_file($path . $mce_locale . '_dlg.js') ) + $strings .= @file_get_contents($path . $mce_locale . '_dlg.js') . "\n"; if ( 'en' != $mce_locale && empty($strings) ) { - if ( is_file($path . 'en.js') ) { + if ( @is_file($path . 'en.js') ) { $str1 = @file_get_contents($path . 'en.js'); - $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ); + $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n"; } - if ( is_file($path . 'en_dlg.js') ) { + if ( @is_file($path . 'en_dlg.js') ) { $str2 = @file_get_contents($path . 'en_dlg.js'); - $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ); + $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n"; } } @@ -1346,4 +1350,4 @@ \ No newline at end of file +?> diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/schema.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/schema.php --- wordpress-2.7/wp-admin/includes/schema.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/schema.php 2008-12-12 20:48:08.000000000 +0000 @@ -351,7 +351,7 @@ add_role('subscriber', 'Subscriber|User role'); // Add caps for Administrator role - $role = get_role('administrator'); + $role =& get_role('administrator'); $role->add_cap('switch_themes'); $role->add_cap('edit_themes'); $role->add_cap('activate_plugins'); @@ -384,7 +384,7 @@ $role->add_cap('level_0'); // Add caps for Editor role - $role = get_role('editor'); + $role =& get_role('editor'); $role->add_cap('moderate_comments'); $role->add_cap('manage_categories'); $role->add_cap('manage_links'); @@ -406,7 +406,7 @@ $role->add_cap('level_0'); // Add caps for Author role - $role = get_role('author'); + $role =& get_role('author'); $role->add_cap('upload_files'); $role->add_cap('edit_posts'); $role->add_cap('edit_published_posts'); @@ -417,14 +417,14 @@ $role->add_cap('level_0'); // Add caps for Contributor role - $role = get_role('contributor'); + $role =& get_role('contributor'); $role->add_cap('edit_posts'); $role->add_cap('read'); $role->add_cap('level_1'); $role->add_cap('level_0'); // Add caps for Subscriber role - $role = get_role('subscriber'); + $role =& get_role('subscriber'); $role->add_cap('read'); $role->add_cap('level_0'); } @@ -437,7 +437,7 @@ function populate_roles_210() { $roles = array('administrator', 'editor'); foreach ($roles as $role) { - $role = get_role($role); + $role =& get_role($role); if ( empty($role) ) continue; @@ -458,19 +458,19 @@ $role->add_cap('read_private_pages'); } - $role = get_role('administrator'); + $role =& get_role('administrator'); if ( ! empty($role) ) { $role->add_cap('delete_users'); $role->add_cap('create_users'); } - $role = get_role('author'); + $role =& get_role('author'); if ( ! empty($role) ) { $role->add_cap('delete_posts'); $role->add_cap('delete_published_posts'); } - $role = get_role('contributor'); + $role =& get_role('contributor'); if ( ! empty($role) ) { $role->add_cap('delete_posts'); } @@ -482,7 +482,7 @@ * @since 2.3.0 */ function populate_roles_230() { - $role = get_role( 'administrator' ); + $role =& get_role( 'administrator' ); if ( !empty( $role ) ) { $role->add_cap( 'unfiltered_upload' ); @@ -495,7 +495,7 @@ * @since 2.5.0 */ function populate_roles_250() { - $role = get_role( 'administrator' ); + $role =& get_role( 'administrator' ); if ( !empty( $role ) ) { $role->add_cap( 'edit_dashboard' ); @@ -508,7 +508,7 @@ * @since 2.6.0 */ function populate_roles_260() { - $role = get_role( 'administrator' ); + $role =& get_role( 'administrator' ); if ( !empty( $role ) ) { $role->add_cap( 'update_plugins' ); @@ -522,7 +522,7 @@ * @since 2.7.0 */ function populate_roles_270() { - $role = get_role( 'administrator' ); + $role =& get_role( 'administrator' ); if ( !empty( $role ) ) { $role->add_cap( 'install_plugins' ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/includes/template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/includes/template.php --- wordpress-2.7/wp-admin/includes/template.php 2008-12-10 22:22:30.000000000 +0000 +++ wordpress-2.7.1/wp-admin/includes/template.php 2009-01-28 19:40:25.000000000 +0000 @@ -439,8 +439,10 @@ * @param unknown_type $selected_cats * @param unknown_type $popular_cats */ -function wp_category_checklist( $post_id = 0, $descendants_and_self = 0, $selected_cats = false, $popular_cats = false ) { - $walker = new Walker_Category_Checklist; +function wp_category_checklist( $post_id = 0, $descendants_and_self = 0, $selected_cats = false, $popular_cats = false, $walker = null ) { + if ( empty($walker) || !is_a($walker, 'Walker') ) + $walker = new Walker_Category_Checklist; + $descendants_and_self = (int) $descendants_and_self; $args = array(); @@ -2397,7 +2399,7 @@ global $wp_locale, $post, $comment; if ( $for_post ) - $edit = ( in_array($post->post_status, array('draft', 'pending') ) && (!$post->post_date || '0000-00-00 00:00:00' == $post->post_date ) ) ? false : true; + $edit = ( in_array($post->post_status, array('draft', 'pending') ) && (!$post->post_date_gmt || '0000-00-00 00:00:00' == $post->post_date_gmt ) ) ? false : true; $tab_index_attribute = ''; if ( (int) $tab_index > 0 ) diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/index.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/index.php --- wordpress-2.7/wp-admin/index.php 2008-11-26 13:51:25.000000000 +0000 +++ wordpress-2.7.1/wp-admin/index.php 2009-01-19 18:31:28.000000000 +0000 @@ -41,4 +41,4 @@ - + diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/js/common.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/js/common.js --- wordpress-2.7/wp-admin/js/common.js 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/js/common.js 2008-12-19 20:30:37.000000000 +0000 @@ -1,5 +1,5 @@ -wpCookies = { +var wpCookies = { // The following functions are from Cookie.js class in TinyMCE, Moxiecode, used under LGPL. each : function(o, cb, s) { diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/js/editor.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/js/editor.js --- wordpress-2.7/wp-admin/js/editor.js 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/js/editor.js 2008-12-19 20:30:37.000000000 +0000 @@ -1,5 +1,5 @@ -switchEditors = { +var switchEditors = { mode : '', @@ -169,4 +169,4 @@ return pee; } -} +}; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/js/link.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/js/link.js --- wordpress-2.7/wp-admin/js/link.js 2008-11-14 23:58:17.000000000 +0000 +++ wordpress-2.7.1/wp-admin/js/link.js 2008-12-30 17:41:34.000000000 +0000 @@ -11,7 +11,7 @@ // Ajax Cat var newCat = jQuery('#newcat').one( 'focus', function() { jQuery(this).val( '' ).removeClass( 'form-input-tip' ) } ); - jQuery('#category-add-sumbit').click( function() { newCat.focus(); } ); + jQuery('#category-add-submit').click( function() { newCat.focus(); } ); var noSyncChecks = false; // prophylactic. necessary? var syncChecks = function() { if ( noSyncChecks ) diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/js/plugin-install.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/js/plugin-install.js --- wordpress-2.7/wp-admin/js/plugin-install.js 2008-10-14 00:39:56.000000000 +0100 +++ wordpress-2.7.1/wp-admin/js/plugin-install.js 2009-01-07 07:46:46.000000000 +0000 @@ -29,8 +29,6 @@ $('#TB_ajaxWindowTitle').html('' + plugininstallL10n.plugin_information + ' ' + $(this).attr('title') ); return false; }); - - $(window).resize( function() { tb_position() } ); }); /* Plugin install related JS*/ diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/link-manager.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/link-manager.php --- wordpress-2.7/wp-admin/link-manager.php 2008-12-04 21:57:56.000000000 +0000 +++ wordpress-2.7.1/wp-admin/link-manager.php 2009-02-02 19:14:49.000000000 +0000 @@ -168,7 +168,7 @@ $link->link_name = attribute_escape($link->link_name); $link->link_category = wp_get_link_cats($link->link_id); $short_url = str_replace('http://', '', $link->link_url); - $short_url = str_replace('www.', '', $short_url); + $short_url = preg_replace('/^www./i', '', $short_url); if ('/' == substr($short_url, -1)) $short_url = substr($short_url, 0, -1); if (strlen($short_url) > 35) diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/menu-header.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/menu-header.php --- wordpress-2.7/wp-admin/menu-header.php 2008-12-08 03:46:26.000000000 +0000 +++ wordpress-2.7.1/wp-admin/menu-header.php 2009-02-06 18:12:28.000000000 +0000 @@ -74,7 +74,7 @@ } elseif ( $submenu_as_parent && !empty($submenu[$item[2]]) ) { $submenu[$item[2]] = array_values($submenu[$item[2]]); // Re-index. $menu_hook = get_plugin_page_hook($submenu[$item[2]][0][2], $item[2]); - if ( file_exists(WP_PLUGIN_DIR . "/{$submenu[$item[2]][0][2]}") || !empty($menu_hook)) { + if ( ( file_exists(WP_PLUGIN_DIR . "/{$submenu[$item[2]][0][2]}") && ('index.php' != $submenu[$item[2]][0][2]) ) || !empty($menu_hook)) { $admin_is_parent = true; echo "$img$toggle{$item[0]}"; } else { @@ -115,7 +115,7 @@ $menu_hook = get_plugin_page_hook($sub_item[2], $item[2]); - if ( file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") || ! empty($menu_hook) ) { + if ( ( file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") && ('index.php' != $sub_item[2]) ) || ! empty($menu_hook) ) { // If admin.php is the current page or if the parent exists as a file in the plugins or admin dir $parent_exists = (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/{$item[2]}") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}") ) || file_exists($item[2]); if ( $parent_exists ) diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/menu.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/menu.php --- wordpress-2.7/wp-admin/menu.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/menu.php 2009-01-22 18:56:10.000000000 +0000 @@ -83,7 +83,7 @@ $submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php'); } -$menu[55] = array( __('Tools'), 'manage_options', 'tools.php', '', 'menu-top', 'menu-tools', 'div' ); +$menu[55] = array( __('Tools'), 'read', 'tools.php', '', 'menu-top', 'menu-tools', 'div' ); $submenu['tools.php'][5] = array( __('Tools'), 'read', 'tools.php' ); $submenu['tools.php'][10] = array( __('Import'), 'import', 'import.php' ); $submenu['tools.php'][15] = array( __('Export'), 'import', 'export.php' ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/theme-editor.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/theme-editor.php --- wordpress-2.7/wp-admin/theme-editor.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-admin/theme-editor.php 2008-12-12 17:59:32.000000000 +0000 @@ -96,7 +96,7 @@ (%s)" : "%s"; +$desc_header = ( $description != $file_show ) ? "$description (%s)" : "%s"; ?>

@@ -120,7 +120,7 @@

- +

diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/update-core.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/update-core.php --- wordpress-2.7/wp-admin/update-core.php 2008-12-10 07:59:05.000000000 +0000 +++ wordpress-2.7.1/wp-admin/update-core.php 2009-01-11 21:48:55.000000000 +0000 @@ -134,7 +134,11 @@ function do_core_upgrade( $reinstall = false ) { global $wp_filesystem; - $url = wp_nonce_url('update-core.php?action=do-core-upgrade', 'upgrade-core'); + if ( $reinstall ) + $url = 'update-core.php?action=do-core-reinstall'; + else + $url = 'update-core.php?action=do-core-upgrade'; + $url = wp_nonce_url($url, 'upgrade-core'); if ( false === ($credentials = request_filesystem_credentials($url)) ) return; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-admin/wp-admin.css /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-admin/wp-admin.css --- wordpress-2.7/wp-admin/wp-admin.css 2008-12-10 09:26:23.000000000 +0000 +++ wordpress-2.7.1/wp-admin/wp-admin.css 2009-01-30 19:15:49.000000000 +0000 @@ -15,8 +15,8 @@ padding: 0; } -.plugins .togl { - width: 150px; +.plugins .action-links { + white-space: nowrap; } .import-system { @@ -435,7 +435,8 @@ padding: 2px 4px 0; } -#ed_toolbar input { +#ed_toolbar input, +#ed_reply_toolbar input { margin: 3px 1px 4px; line-height: 18px; display: inline-block; @@ -450,6 +451,10 @@ border-radius: 3px; } +#ed_reply_toolbar input { + margin: 1px 2px 1px 1px; +} + #quicktags #ed_link, #ed_reply_toolbar #ed_reply_link { text-decoration: underline; @@ -1643,6 +1648,7 @@ } #edit-slug-box { + height: 1em; margin-top: 8px; padding: 0 7px; } @@ -1854,6 +1860,31 @@ line-height: 19px; } +#category-adder h4 { + margin-top: 4px; + margin-bottom: 0px; +} + +#categorydiv .ui-tabs-panel { + border-width: 3px; + border-style: solid; +} + +ul#category-tabs { + margin-top: 12px; +} + +ul#category-tabs li { + padding: 5px 8px; + -moz-border-radius: 3px 3px 0 0; + -webkit-border-top-left-radius: 3px; + -webkit-border-top-right-radius: 3px; + -khtml-border-top-left-radius: 3px; + -khtml-border-top-right-radius: 3px; + border-top-left-radius: 3px; + border-top-right-radius: 3px; +} + /* positioning etc. */ form#tags-filter { @@ -2252,19 +2283,7 @@ padding: 2px 3px; } -#replyrow #ed_reply_toolbar input { - margin: 1px 2px 1px 1px; - min-width: 24px; - padding: 3px 4px; - font-size: 11px; - -moz-border-radius: 3px; - -khtml-border-radius: 3px; - -webkit-border-radius: 3px; - border-radius: 3px; -} - /* show/hide settings */ - #screen-meta { position: relative; clear: both; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-config-sample.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-config-sample.php --- wordpress-2.7/wp-config-sample.php 2008-12-07 21:31:13.000000000 +0000 +++ wordpress-2.7.1/wp-config-sample.php 2008-12-16 08:33:05.000000000 +0000 @@ -37,7 +37,7 @@ * Authentication Unique Keys. * * Change these to different unique phrases! - * You can generate these using the {@link http://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service} + * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service} * * @since 2.6.0 */ diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/bookmark-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/bookmark-template.php --- wordpress-2.7/wp-includes/bookmark-template.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/bookmark-template.php 2008-12-16 07:54:29.000000000 +0000 @@ -26,7 +26,7 @@ * of the bookmark. * 'show_images' - Default is 1 (integer). Whether to show link image if * available. - * 'show_name' - Default is 1 (integer). Whether to show link name if + * 'show_name' - Default is 0 (integer). Whether to show link name if * available. * 'before' - Default is '
' (string). The html or text to prepend to each * bookmarks. diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/canonical.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/canonical.php --- wordpress-2.7/wp-includes/canonical.php 2008-11-25 21:28:42.000000000 +0000 +++ wordpress-2.7.1/wp-includes/canonical.php 2009-02-04 23:07:57.000000000 +0000 @@ -119,7 +119,7 @@ } elseif ( is_year() && !empty($_GET['year']) ) { if ( $redirect_url = get_year_link(get_query_var('year')) ) $redirect['query'] = remove_query_arg('year', $redirect['query']); - } elseif ( is_category() && !empty($_GET['cat']) ) { + } elseif ( is_category() && !empty($_GET['cat']) && preg_match( '|^[0-9]+$|', $_GET['cat'] ) ) { if ( $redirect_url = get_category_link(get_query_var('cat')) ) $redirect['query'] = remove_query_arg('cat', $redirect['query']); } elseif ( is_author() && !empty($_GET['author']) ) { @@ -136,7 +136,7 @@ while ( preg_match( '#/page/[0-9]+?(/+)?$#', $paged_redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss|rdf|atom|rss2)(/+)?$#', $paged_redirect['path'] ) || preg_match( '#/comment-page-[0-9]+(/+)?$#', $paged_redirect['path'] ) ) { // Strip off paging and feed $paged_redirect['path'] = preg_replace('#/page/[0-9]+?(/+)?$#', '/', $paged_redirect['path']); // strip off any existing paging - $paged_redirect['path'] = preg_replace('#/(comments/?)?(feed|rss2?|rdf|atom)(/+)?$#', '/', $paged_redirect['path']); // strip off feed endings + $paged_redirect['path'] = preg_replace('#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $paged_redirect['path']); // strip off feed endings $paged_redirect['path'] = preg_replace('#/comment-page-[0-9]+?(/+)?$#', '/', $paged_redirect['path']); // strip off any existing comment paging } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/capabilities.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/capabilities.php --- wordpress-2.7/wp-includes/capabilities.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/capabilities.php 2008-12-12 20:48:08.000000000 +0000 @@ -533,7 +533,7 @@ //Build $allcaps from role caps, overlay user's $caps $this->allcaps = array(); foreach ( (array) $this->roles as $role ) { - $role = $wp_roles->get_role( $role ); + $role =& $wp_roles->get_role( $role ); $this->allcaps = array_merge( $this->allcaps, $role->capabilities ); } $this->allcaps = array_merge( $this->allcaps, $this->caps ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/category-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/category-template.php --- wordpress-2.7/wp-includes/category-template.php 2008-12-09 23:31:11.000000000 +0000 +++ wordpress-2.7.1/wp-includes/category-template.php 2009-01-06 00:35:21.000000000 +0000 @@ -397,12 +397,14 @@ if ( $show_option_all ) { $show_option_all = apply_filters( 'list_cats', $show_option_all ); - $output .= "\t\n"; + $selected = ( '0' === strval($r['selected']) ) ? " selected='selected'" : ''; + $output .= "\t\n"; } if ( $show_option_none ) { $show_option_none = apply_filters( 'list_cats', $show_option_none ); - $output .= "\t\n"; + $selected = ( '-1' === strval($r['selected']) ) ? " selected='selected'" : ''; + $output .= "\t\n"; } if ( $hierarchical ) @@ -443,6 +445,7 @@ * 'feed_image' - See {@link get_categories()}. * 'child_of' (int) default is 0 - See {@link get_categories()}. * 'exclude' (string) - See {@link get_categories()}. + * 'exclude_tree' (string) - See {@link get_categories()}. * 'echo' (bool|int) default is 1 - Whether to display or retrieve content. * 'current_category' (int) - See {@link get_categories()}. * 'hierarchical' (bool) - See {@link get_categories()}. @@ -461,7 +464,7 @@ 'style' => 'list', 'show_count' => 0, 'hide_empty' => 1, 'use_desc_for_title' => 1, 'child_of' => 0, 'feed' => '', 'feed_type' => '', - 'feed_image' => '', 'exclude' => '', 'current_category' => 0, + 'feed_image' => '', 'exclude' => '', 'exclude_tree' => '', 'current_category' => 0, 'hierarchical' => true, 'title_li' => __( 'Categories' ), 'echo' => 1, 'depth' => 0 ); @@ -476,6 +479,11 @@ $r['include_last_update_time'] = $r['show_date']; } + if ( true == $r['hierarchical'] ) { + $r['exclude_tree'] = $r['exclude']; + $r['exclude'] = ''; + } + extract( $r ); $categories = get_categories( $r ); @@ -536,9 +544,8 @@ * The 'number' argument is how many tags to return. By default, the limit will * be to return the top 45 tags in the tag cloud list. * -* The 'topic_count_text_callback' argument is a function, which, given the count + * The 'topic_count_text_callback' argument is a function, which, given the count * of the posts with that tag, returns a text for the tooltip of the tag link. - * @see default_topic_count_text * * The 'exclude' and 'include' arguments are used for the {@link get_tags()} * function. Only one should be used, because only one will be used and the @@ -613,8 +620,6 @@ * * The 'topic_count_text_callback' argument is a function, which given the count * of the posts with that tag returns a text for the tooltip of the tag link. - * @see default_topic_count_text - * * * @todo Complete functionality. * @since 2.3.0 @@ -649,7 +654,7 @@ if ( 'name' == $orderby ) uasort( $tags, create_function('$a, $b', 'return strnatcasecmp($a->name, $b->name);') ); else - uasort( $tags, create_function('$a, $b', 'return ($a->count < $b->count);') ); + uasort( $tags, create_function('$a, $b', 'return ($a->count > $b->count);') ); if ( 'DESC' == $order ) $tags = array_reverse( $tags, true ); @@ -720,8 +725,13 @@ * @see Walker_Category::walk() for parameters and return description. */ function walk_category_tree() { - $walker = new Walker_Category; $args = func_get_args(); + // the user's options are the third parameter + if ( empty($args[2]['walker']) || !is_a($args[2]['walker'], 'Walker') ) + $walker = new Walker_Category; + else + $walker = $args[2]['walker']; + return call_user_func_array(array( &$walker, 'walk' ), $args ); } @@ -733,8 +743,13 @@ * @see Walker_CategoryDropdown::walk() for parameters and return description. */ function walk_category_dropdown_tree() { - $walker = new Walker_CategoryDropdown; $args = func_get_args(); + // the user's options are the third parameter + if ( empty($args[2]['walker']) || !is_a($args[2]['walker'], 'Walker') ) + $walker = new Walker_CategoryDropdown; + else + $walker = $args[2]['walker']; + return call_user_func_array(array( &$walker, 'walk' ), $args ); } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/class-phpmailer.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/class-phpmailer.php --- wordpress-2.7/wp-includes/class-phpmailer.php 2008-09-03 22:42:50.000000000 +0100 +++ wordpress-2.7.1/wp-includes/class-phpmailer.php 2009-01-29 17:46:48.000000000 +0000 @@ -1409,7 +1409,7 @@ */ function EncodeQ ($str, $position = 'text') { /* There should not be any EOL in the string */ - $encoded = preg_replace("[\r\n]", '', $str); + $encoded = preg_replace("/[\r\n]/", '', $str); switch (strtolower($position)) { case 'phrase': diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/comment.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/comment.php --- wordpress-2.7/wp-includes/comment.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/comment.php 2009-01-28 21:13:13.000000000 +0000 @@ -45,7 +45,7 @@ if ( 1 == get_option('comment_moderation') ) return false; // If moderation is set to manual - if ( get_option('comment_max_links') && preg_match_all("|(href\t*?=\t*?['\"]?)?(https?:)?//|i", apply_filters('comment_text', $comment), $out) >= get_option('comment_max_links') ) + if ( get_option('comment_max_links') && preg_match_all("/<[Aa][^>]*[Hh][Rr][Ee][Ff]=['\"]([^\"'>]+)[^>]*>/", apply_filters('comment_text',$comment), $out) >= get_option('comment_max_links') ) return false; // Check # of external links $mod_keys = trim(get_option('moderation_keys')); @@ -592,7 +592,7 @@ $comtypewhere = ( 'all' != $args['type'] && isset($allowedtypes[$args['type']]) ) ? " AND comment_type = '" . $allowedtypes[$args['type']] . "'" : ''; // Count comments older than this one - $oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) ); + $oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_approved = '1' AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) ); // No older comments? Then it's page #1. if ( 0 == $oldercoms ) @@ -1580,7 +1580,7 @@ * @return object */ function _close_comments_for_old_posts( $posts ) { - if ( empty($posts) || !is_single() || !get_option('close_comments_for_old_posts') ) + if ( empty($posts) || !is_singular() || !get_option('close_comments_for_old_posts') ) return $posts; $days_old = (int) get_option('close_comments_days_old'); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/comment-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/comment-template.php --- wordpress-2.7/wp-includes/comment-template.php 2008-12-10 21:13:32.000000000 +0000 +++ wordpress-2.7.1/wp-includes/comment-template.php 2009-01-21 21:26:56.000000000 +0000 @@ -833,8 +833,8 @@ } $overridden_cpage = FALSE; - if ( '' == get_query_var('cpage') && get_option('page_comments') && 'newest' == get_option('default_comments_page') ) { - set_query_var( 'cpage', get_comment_pages_count() ); + if ( '' == get_query_var('cpage') && get_option('page_comments') ) { + set_query_var( 'cpage', 'newest' == get_option('default_comments_page') ? get_comment_pages_count() : 1 ); $overridden_cpage = TRUE; } @@ -986,7 +986,7 @@ if ( get_option('comment_registration') && !$user_ID ) $link = '' . $login_text . ''; else - $link = "comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text"; + $link = "comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text"; return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post); } @@ -1037,7 +1037,7 @@ if ( get_option('comment_registration') && !$user_ID ) { $link = '' . $login_text . ''; } else { - $link = "$reply_text"; + $link = "$reply_text"; } return apply_filters('post_comments_link', $before . $link . $after, $post); } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/compat.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/compat.php --- wordpress-2.7/wp-includes/compat.php 2008-03-03 21:05:23.000000000 +0000 +++ wordpress-2.7.1/wp-includes/compat.php 2009-01-21 18:50:51.000000000 +0000 @@ -96,4 +96,23 @@ return implode( '', $chars ); } +if ( !function_exists( 'htmlspecialchars_decode' ) ) { + // Added in PHP 5.1.0 + // Error checks from PEAR::PHP_Compat + function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT ) + { + if ( !is_scalar( $string ) ) { + trigger_error( 'htmlspecialchars_decode() expects parameter 1 to be string, ' . gettype( $string ) . ' given', E_USER_WARNING ); + return; + } + + if ( !is_int( $quote_style ) && $quote_style !== null ) { + trigger_error( 'htmlspecialchars_decode() expects parameter 2 to be integer, ' . gettype( $quote_style ) . ' given', E_USER_WARNING ); + return; + } + + return wp_specialchars_decode( $str, $quote_style ); + } +} + ?> diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/cron.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/cron.php --- wordpress-2.7/wp-includes/cron.php 2008-11-15 18:10:35.000000000 +0000 +++ wordpress-2.7.1/wp-includes/cron.php 2008-12-19 20:47:32.000000000 +0000 @@ -16,8 +16,8 @@ * @link http://codex.wordpress.org/Function_Reference/wp_schedule_single_event * * @param int $timestamp Timestamp for when to run the event. - * @param callback $hook Function or method to call, when cron is run. - * @param array $args Optional. Arguments to pass to the hook function. + * @param string $hook Action hook to execute when cron is run. + * @param array $args Optional. Arguments to pass to the hook's callback function. */ function wp_schedule_single_event( $timestamp, $hook, $args = array()) { // don't schedule a duplicate if there's already an identical event due in the next 10 minutes @@ -43,8 +43,8 @@ * * @param int $timestamp Timestamp for when to run the event. * @param string $recurrence How often the event should recur. - * @param callback $hook Function or method to call, when cron is run. - * @param array $args Optional. Arguments to pass to the hook function. + * @param string $hook Action hook to execute when cron is run. + * @param array $args Optional. Arguments to pass to the hook's callback function. * @return bool|null False on failure, null when complete with scheduling event. */ function wp_schedule_event( $timestamp, $recurrence, $hook, $args = array()) { @@ -65,8 +65,8 @@ * * @param int $timestamp Timestamp for when to run the event. * @param string $recurrence How often the event should recur. - * @param callback $hook Function or method to call, when cron is run. - * @param array $args Optional. Arguments to pass to the hook function. + * @param string $hook Action hook to execute when cron is run. + * @param array $args Optional. Arguments to pass to the hook's callback function. * @return bool|null False on failure. Null when event is rescheduled. */ function wp_reschedule_event( $timestamp, $recurrence, $hook, $args = array()) { @@ -100,8 +100,11 @@ * @since 2.1.0 * * @param int $timestamp Timestamp for when to run the event. - * @param callback $hook Function or method to call, when cron is run. - * @param array $args Optional. Arguments to pass to the hook function. + * @param string $hook Action hook, the execution of which will be unscheduled. + * @param array $args Arguments to pass to the hook's callback function. + * Although not passed to a callback function, these arguments are used + * to uniquely identify the scheduled event, so they should be the same + * as those used when originally scheduling the event. */ function wp_unschedule_event( $timestamp, $hook, $args = array() ) { $crons = _get_cron_array(); @@ -119,7 +122,7 @@ * * @since 2.1.0 * - * @param callback $hook Function or method to call, when cron is run. + * @param string $hook Action hook, the execution of which will be unscheduled. * @param mixed $args,... Optional. Event arguments. */ function wp_clear_scheduled_hook( $hook ) { @@ -134,8 +137,8 @@ * * @since 2.1.0 * - * @param callback $hook Function or method to call, when cron is run. - * @param array $args Optional. Arguments to pass to the hook function. + * @param string $hook Action hook to execute when cron is run. + * @param array $args Optional. Arguments to pass to the hook's callback function. * @return bool|int The UNIX timestamp of the next time the scheduled event will occur. */ function wp_next_scheduled( $hook, $args = array() ) { @@ -280,8 +283,8 @@ * * @since 2.1.0 * - * @param callback $hook Function or method to call, when cron is run. - * @param array $args Optional. Arguments to pass to the hook function. + * @param string $hook Action hook to execute when cron is run. + * @param array $args Optional. Arguments to pass to the hook's callback function. * @return string|bool False, if no schedule. Schedule on success. */ function wp_get_schedule($hook, $args = array()) { diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/feed-atom-comments.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/feed-atom-comments.php --- wordpress-2.7/wp-includes/feed-atom-comments.php 2008-12-10 05:51:56.000000000 +0000 +++ wordpress-2.7.1/wp-includes/feed-atom-comments.php 2009-01-20 20:56:40.000000000 +0000 @@ -11,6 +11,7 @@ > <?php @@ -63,7 +64,7 @@ </author> - <id><?php comment_link(); ?></id> + <id><?php comment_guid(); ?></id> <updated><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></updated> <published><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></published> <?php if ( post_password_required($comment_post) ) : ?> @@ -78,7 +79,7 @@ $parent_comment = get_comment($comment->comment_parent); // The rel attribute below and the id tag above should be GUIDs, but WP doesn't create them for comments (unlike posts). Either way, its more important that they both use the same system ?> - <thr:in-reply-to ref="<?php echo get_comment_link($parent_comment) ?>" href="<?php echo get_comment_link($parent_comment) ?>" type="<?php bloginfo_rss('html_type'); ?>" /> + <thr:in-reply-to ref="<?php comment_guid($parent_comment) ?>" href="<?php echo get_comment_link($parent_comment) ?>" type="<?php bloginfo_rss('html_type'); ?>" /> <?php endif; do_action('comment_atom_entry', $comment->comment_ID, $comment_post->ID); ?> diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/feed.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/feed.php --- wordpress-2.7/wp-includes/feed.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/feed.php 2009-01-20 20:56:40.000000000 +0000 @@ -223,9 +223,11 @@ * @package WordPress * @subpackage Feed * @since unknown + * + * @param int|object $comment_id Optional comment object or id. Defaults to global comment object. */ -function comment_guid() { - echo get_comment_guid(); +function comment_guid($comment_id = null) { + echo get_comment_guid($comment_id); } /** @@ -235,10 +237,11 @@ * @subpackage Feed * @since unknown * + * @param int|object $comment_id Optional comment object or id. Defaults to global comment object. * @return bool|string false on failure or guid for comment on success. */ -function get_comment_guid() { - global $comment; +function get_comment_guid($comment_id = null) { + $comment = get_comment($comment_id); if ( !is_object($comment) ) return false; @@ -252,7 +255,7 @@ * @since 1.5.0 */ function comment_link() { - echo get_comment_link(); + echo clean_url( get_comment_link() ); } /** diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/formatting.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/formatting.php --- wordpress-2.7/wp-includes/formatting.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/formatting.php 2009-01-29 17:46:48.000000000 +0000 @@ -186,34 +186,192 @@ /** * Converts a number of special characters into their HTML entities. * - * Differs from htmlspecialchars as existing HTML entities will not be encoded. - * Specifically changes: & to &, < to < and > to >. + * Specifically deals with: &, <, >, ", and '. * - * $quotes can be set to 'single' to encode ' to ', 'double' to encode " to - * ", or '1' to do both. Default is 0 where no quotes are encoded. + * $quote_style can be set to ENT_COMPAT to encode " to + * ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded. * * @since 1.2.2 * - * @param string $text The text which is to be encoded. - * @param mixed $quotes Optional. Converts single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default 0. + * @param string $string The text which is to be encoded. + * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. + * @param string $charset Optional. The character encoding of the string. Default is false. + * @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false. * @return string The encoded text with HTML entities. */ -function wp_specialchars( $text, $quotes = 0 ) { - // Like htmlspecialchars except don't double-encode HTML entities - $text = str_replace('&&', '&&', $text); - $text = str_replace('&&', '&&', $text); - $text = preg_replace('/&(?:$|([^#])(?![a-z1-4]{1,8};))/', '&$1', $text); - $text = str_replace('<', '<', $text); - $text = str_replace('>', '>', $text); - if ( 'double' === $quotes ) { - $text = str_replace('"', '"', $text); - } elseif ( 'single' === $quotes ) { - $text = str_replace("'", ''', $text); - } elseif ( $quotes ) { - $text = str_replace('"', '"', $text); - $text = str_replace("'", ''', $text); +function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) +{ + $string = (string) $string; + + if ( 0 === strlen( $string ) ) { + return ''; } - return $text; + + // Don't bother if there are no specialchars - saves some processing + if ( !preg_match( '/[&<>"\']/', $string ) ) { + return $string; + } + + // Account for the previous behaviour of the function when the $quote_style is not an accepted value + if ( empty( $quote_style ) ) { + $quote_style = ENT_NOQUOTES; + } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { + $quote_style = ENT_QUOTES; + } + + // Store the site charset as a static to avoid multiple calls to wp_load_alloptions() + if ( !$charset ) { + static $_charset; + if ( !isset( $_charset ) ) { + $alloptions = wp_load_alloptions(); + $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : ''; + } + $charset = $_charset; + } + if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) { + $charset = 'UTF-8'; + } + + $_quote_style = $quote_style; + + if ( $quote_style === 'double' ) { + $quote_style = ENT_COMPAT; + $_quote_style = ENT_COMPAT; + } elseif ( $quote_style === 'single' ) { + $quote_style = ENT_NOQUOTES; + } + + // Handle double encoding ourselves + if ( !$double_encode ) { + $string = wp_specialchars_decode( $string, $_quote_style ); + $string = preg_replace( '/&(#?x?[0-9]+|[a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string ); + } + + $string = @htmlspecialchars( $string, $quote_style, $charset ); + + // Handle double encoding ourselves + if ( !$double_encode ) { + $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string ); + } + + // Backwards compatibility + if ( 'single' === $_quote_style ) { + $string = str_replace( "'", ''', $string ); + } + + return $string; +} + +/** + * Converts a number of HTML entities into their special characters. + * + * Specifically deals with: &, <, >, ", and '. + * + * $quote_style can be set to ENT_COMPAT to decode " entities, + * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. + * + * @since 2.8 + * + * @param string $string The text which is to be decoded. + * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. + * @return string The decoded text without HTML entities. + */ +function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) +{ + $string = (string) $string; + + if ( 0 === strlen( $string ) ) { + return ''; + } + + // Don't bother if there are no entities - saves a lot of processing + if ( strpos( $string, '&' ) === false ) { + return $string; + } + + // Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value + if ( empty( $quote_style ) ) { + $quote_style = ENT_NOQUOTES; + } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { + $quote_style = ENT_QUOTES; + } + + // More complete than get_html_translation_table( HTML_SPECIALCHARS ) + $single = array( ''' => '\'', ''' => '\'' ); + $single_preg = array( '/�*39;/' => ''', '/�*27;/i' => ''' ); + $double = array( '"' => '"', '"' => '"', '"' => '"' ); + $double_preg = array( '/�*34;/' => '"', '/�*22;/i' => '"' ); + $others = array( '<' => '<', '<' => '<', '>' => '>', '>' => '>', '&' => '&', '&' => '&', '&' => '&' ); + $others_preg = array( '/�*60;/' => '<', '/�*62;/' => '>', '/�*38;/' => '&', '/�*26;/i' => '&' ); + + if ( $quote_style === ENT_QUOTES ) { + $translation = array_merge( $single, $double, $others ); + $translation_preg = array_merge( $single_preg, $double_preg, $others_preg ); + } elseif ( $quote_style === ENT_COMPAT || $quote_style === 'double' ) { + $translation = array_merge( $double, $others ); + $translation_preg = array_merge( $double_preg, $others_preg ); + } elseif ( $quote_style === 'single' ) { + $translation = array_merge( $single, $others ); + $translation_preg = array_merge( $single_preg, $others_preg ); + } elseif ( $quote_style === ENT_NOQUOTES ) { + $translation = $others; + $translation_preg = $others_preg; + } + + // Remove zero padding on numeric entities + $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string ); + + // Replace characters according to translation table + return strtr( $string, $translation ); +} + +/** + * Checks for invalid UTF8 in a string. + * + * @since 2.8 + * + * @param string $string The text which is to be checked. + * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. + * @return string The checked text. + */ +function wp_check_invalid_utf8( $string, $strip = false ) +{ + $string = (string) $string; + + if ( 0 === strlen( $string ) ) { + return ''; + } + + // Store the site charset as a static to avoid multiple calls to get_option() + static $is_utf8; + if ( !isset( $is_utf8 ) ) { + $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ); + } + if ( !$is_utf8 ) { + return $string; + } + + // Check for support for utf8 in the installed PCRE library once and store the result in a static + static $utf8_pcre; + if ( !isset( $utf8_pcre ) ) { + $utf8_pcre = @preg_match( '/^./u', 'a' ); + } + // We can't demand utf8 in the PCRE installation, so just return the string in those cases + if ( !$utf8_pcre ) { + return $string; + } + + // preg_match fails when it encounters invalid UTF8 in $string + if ( 1 === @preg_match( '/^./us', $string ) ) { + return $string; + } + + // Attempt to strip the bad chars if requested (not recommended) + if ( $strip && function_exists( 'iconv' ) ) { + return iconv( 'utf-8', 'utf-8', $string ); + } + + return ''; } /** @@ -1147,8 +1305,7 @@ return $string; } else { $subject = str_replace('_', ' ', $matches[2]); - /** @todo use preg_replace_callback() */ - $subject = preg_replace('#\=([0-9a-f]{2})#ei', "chr(hexdec(strtolower('$1')))", $subject); + $subject = preg_replace_callback('#\=([0-9a-f]{2})#i', create_function('$match', 'return chr(hexdec(strtolower($match[1])));'), $subject); return $subject; } } @@ -1157,10 +1314,11 @@ * Returns a date in the GMT equivalent. * * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the - * value of gmt_offset. + * value of the 'gmt_offset' option. * * @since 1.2.0 * + * @uses get_option() to retrieve the the value of 'gmt_offset'. * @param string $string The date to be converted. * @return string GMT version of the date provided. */ @@ -1742,10 +1900,11 @@ * @return string Escaped text. */ function js_escape($text) { - $safe_text = wp_specialchars($text, 'double'); - $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text)); - $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text)); - return apply_filters('js_escape', $safe_text, $text); + $safe_text = wp_check_invalid_utf8( $text ); + $safe_text = wp_specialchars( $safe_text, ENT_COMPAT ); + $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) ); + $safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) ); + return apply_filters( 'js_escape', $safe_text, $text ); } /** @@ -1756,9 +1915,10 @@ * @param string $text * @return string */ -function attribute_escape($text) { - $safe_text = wp_specialchars($text, true); - return apply_filters('attribute_escape', $safe_text, $text); +function attribute_escape( $text ) { + $safe_text = wp_check_invalid_utf8( $text ); + $safe_text = wp_specialchars( $safe_text, ENT_QUOTES ); + return apply_filters( 'attribute_escape', $safe_text, $text ); } /** @@ -1770,7 +1930,7 @@ * @return string */ function tag_escape($tag_name) { - $safe_tag = strtolower( preg_replace('[^a-zA-Z_:]', '', $tag_name) ); + $safe_tag = strtolower( preg_replace('/[^a-zA-Z_:]/', '', $tag_name) ); return apply_filters('tag_escape', $safe_tag, $tag_name); } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/functions.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/functions.php --- wordpress-2.7/wp-includes/functions.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/functions.php 2009-02-03 23:06:17.000000000 +0000 @@ -79,13 +79,13 @@ * The 'mysql' type will return the time in the format for MySQL DATETIME field. * The 'timestamp' type will return the current timestamp. * - * If the $gmt is set to either '1' or 'true', then both types will use the - * GMT offset in the WordPress option to add the GMT offset to the time. + * If $gmt is set to either '1' or 'true', then both types will use GMT time. + * if $gmt is false, the output is adjusted with the GMT offset in the WordPress option. * * @since 1.0.0 * * @param string $type Either 'mysql' or 'timestamp'. - * @param int|bool $gmt Optional. Whether to use $gmt offset. Default is false. + * @param int|bool $gmt Optional. Whether to use GMT timezone. Default is false. * @return int|string String if $type is 'gmt', int if $type is 'timestamp'. */ function current_time( $type, $gmt = 0 ) { @@ -2804,7 +2804,15 @@ * @return bool True if SSL, false if not used. */ function is_ssl() { - return ( isset($_SERVER['HTTPS']) && 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false; + if ( isset($_SERVER['HTTPS']) ) { + if ( 'on' == strtolower($_SERVER['HTTPS']) ) + return true; + if ( '1' == $_SERVER['HTTPS'] ) + return true; + } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { + return true; + } + return false; } /** @@ -2897,8 +2905,12 @@ * @param object $object The object to clone * @return object The cloned object */ -function wp_clone($object) { - return version_compare(phpversion(), '5.0') < 0 ? $object : clone($object); +function wp_clone( $object ) { + static $can_clone; + if ( !isset( $can_clone ) ) { + $can_clone = version_compare( phpversion(), '5.0', '>=' ); + } + return $can_clone ? clone( $object ) : $object; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/general-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/general-template.php --- wordpress-2.7/wp-includes/general-template.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/general-template.php 2008-12-30 18:35:45.000000000 +0000 @@ -1592,7 +1592,7 @@ $attributes[] = "dir=\"$dir\""; if ( $lang = get_bloginfo('language') ) { - if ( get_option('html_type') == 'text/html' || $doctype == 'xhtml' ) + if ( get_option('html_type') == 'text/html' || $doctype == 'html' ) $attributes[] = "lang=\"$lang\""; if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' ) diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/http.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/http.php --- wordpress-2.7/wp-includes/http.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/http.php 2009-01-06 17:30:41.000000000 +0000 @@ -242,6 +242,9 @@ } if ( is_null($r['body']) ) { + // Some servers fail when sending content without the content-length + // header being set. + $r['headers']['Content-Length'] = 0; $transports = WP_Http::_getTransport($r); } else { if ( is_array( $r['body'] ) || is_object( $r['body'] ) ) { @@ -390,7 +393,7 @@ * @static * * @param string $body Body content - * @return bool|string|WP_Error False if not chunked encoded. WP_Error on failure. Chunked decoded body on success. + * @return string Chunked decoded body on success or raw body on failure. */ function chunkTransferDecode($body) { $body = str_replace(array("\r\n", "\r"), "\n", $body); @@ -401,15 +404,12 @@ $parsedBody = ''; //$parsedHeaders = array(); Unsupported - $done = false; - - do { + while ( true ) { $hasChunk = (bool) preg_match( '/^([0-9a-f]+)(\s|\n)+/mi', $body, $match ); if ( $hasChunk ) { - if ( empty($match[1]) ) { - return new WP_Error('http_chunked_decode', __('Does not appear to be chunked encoded or body is malformed.') ); - } + if ( empty($match[1]) ) + return $body; $length = hexdec( $match[1] ); $chunkLength = strlen( $match[0] ); @@ -419,15 +419,12 @@ $body = ltrim(str_replace(array($match[0], $strBody), '', $body), "\n"); - if( "0" == trim($body) ) { - $done = true; + if( "0" == trim($body) ) return $parsedBody; // Ignore footer headers. - break; - } } else { - return new WP_Error('http_chunked_decode', __('Does not appear to be chunked encoded or body is malformed.') ); + return $body; } - } while ( false === $done ); + } } } @@ -644,7 +641,7 @@ if ( false === $arrURL ) return new WP_Error('http_request_failed', sprintf(__('Malformed URL: %s'), $url)); - if ( 'http' != $arrURL['scheme'] || 'https' != $arrURL['scheme'] ) + if ( 'http' != $arrURL['scheme'] && 'https' != $arrURL['scheme'] ) $url = str_replace($arrURL['scheme'], 'http', $url); if ( !defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) ) @@ -750,7 +747,7 @@ if ( false === $arrURL ) return new WP_Error('http_request_failed', sprintf(__('Malformed URL: %s'), $url)); - if ( 'http' != $arrURL['scheme'] || 'https' != $arrURL['scheme'] ) + if ( 'http' != $arrURL['scheme'] && 'https' != $arrURL['scheme'] ) $url = str_replace($arrURL['scheme'], 'http', $url); // Convert Header array to string. @@ -777,7 +774,7 @@ $context = stream_context_create($arrContext); - if ( !defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) ) + if ( ! defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) ) $handle = @fopen($url, 'r', false, $context); else $handle = fopen($url, 'r', false, $context); @@ -982,13 +979,16 @@ unset($r['headers']['user-agent']); } - // If timeout is a float less than 1, round it up to 1. + // cURL extension will sometimes fail when the timeout is less than 1 as + // it may round down to 0, which gives it unlimited timeout. if ( $r['timeout'] > 0 && $r['timeout'] < 1 ) $r['timeout'] = 1; $handle = curl_init(); curl_setopt( $handle, CURLOPT_URL, $url); + // The cURL extension requires that the option be set for the HEAD to + // work properly. if ( 'HEAD' === $r['method'] ) { curl_setopt( $handle, CURLOPT_NOBODY, true ); } @@ -1007,6 +1007,7 @@ curl_setopt( $handle, CURLOPT_TIMEOUT, $r['timeout'] ); curl_setopt( $handle, CURLOPT_MAXREDIRS, $r['redirection'] ); + // The option doesn't work with safe mode or when open_basedir is set. if ( !ini_get('safe_mode') && !ini_get('open_basedir') ) curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, true ); @@ -1062,7 +1063,7 @@ * @return boolean False means this class can not be used, true means it can. */ function test() { - if ( function_exists('curl_init') ) + if ( function_exists('curl_init') && function_exists('curl_exec') ) return true; return false; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/autosave.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/autosave.js --- wordpress-2.7/wp-includes/js/autosave.js 2008-11-10 18:54:18.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/autosave.js 2008-12-24 02:12:17.000000000 +0000 @@ -114,11 +114,11 @@ } function autosave_enable_buttons() { - jQuery("#submitpost :button:disabled, #submitpost :submit:disabled").attr('disabled', ''); + jQuery(".submitbox :button:disabled, .submitbox :submit:disabled").attr('disabled', ''); } function autosave_disable_buttons() { - jQuery("#submitpost :button:enabled, #submitpost :submit:enabled").attr('disabled', 'disabled'); + jQuery(".submitbox :button:enabled, .submitbox :submit:enabled").attr('disabled', 'disabled'); setTimeout(autosave_enable_buttons, 5000); // Re-enable 5 sec later. Just gives autosave a head start to avoid collisions. } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/thickbox/thickbox.css /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/thickbox/thickbox.css --- wordpress-2.7/wp-includes/js/thickbox/thickbox.css 2008-11-22 08:03:25.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/thickbox/thickbox.css 2009-01-24 11:57:15.000000000 +0000 @@ -33,6 +33,7 @@ .TB_overlayMacFFBGHack {background: url(macFFBgHack.png) repeat;} .TB_overlayBG { background-color:#000; + -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=75)"; filter:alpha(opacity=75); -moz-opacity: 0.75; opacity: 0.75; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/thickbox/thickbox.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/thickbox/thickbox.js --- wordpress-2.7/wp-includes/js/thickbox/thickbox.js 2008-03-15 22:57:47.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/thickbox/thickbox.js 2009-01-24 11:57:15.000000000 +0000 @@ -281,8 +281,9 @@ } function tb_position() { +var isIE6 = typeof document.body.style.maxHeight === "undefined"; jQuery("#TB_window").css({marginLeft: '-' + parseInt((TB_WIDTH / 2),10) + 'px', width: TB_WIDTH + 'px'}); - if ( !(jQuery.browser.msie && jQuery.browser.version < 7)) { // take away IE6 + if ( ! isIE6 ) { // take away IE6 jQuery("#TB_window").css({marginTop: '-' + parseInt((TB_HEIGHT / 2),10) + 'px'}); } } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/js/wp-ajax-response.js /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/js/wp-ajax-response.js --- wordpress-2.7/wp-includes/js/wp-ajax-response.js 2008-03-21 03:03:38.000000000 +0000 +++ wordpress-2.7.1/wp-includes/js/wp-ajax-response.js 2008-12-19 20:30:37.000000000 +0000 @@ -1,4 +1,4 @@ -wpAjax = jQuery.extend( { +var wpAjax = jQuery.extend( { unserialize: function( s ) { var r = {}; if ( !s ) { return r; } var q = s.split('?'); if ( q[1] ) { s = q[1]; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/kses.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/kses.php --- wordpress-2.7/wp-includes/kses.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/kses.php 2009-01-21 18:51:48.000000000 +0000 @@ -394,8 +394,11 @@ * @return string Content with fixed HTML tags */ function wp_kses_split($string, $allowed_html, $allowed_protocols) { - return preg_replace('%((|$))|(<[^>]*(>|$)|>))%e', - "wp_kses_split2('\\1', \$allowed_html, ".'$allowed_protocols)', $string); + global $pass_allowed_html, $pass_allowed_protocols; + $pass_allowed_html = $allowed_html; + $pass_allowed_protocols = $allowed_protocols; + return preg_replace_callback('%((|$))|(<[^>]*(>|$)|>))%', + create_function('$match', 'global $pass_allowed_html, $pass_allowed_protocols; return wp_kses_split2($match[1], $pass_allowed_html, $pass_allowed_protocols);'), $string); } /** @@ -999,8 +1002,8 @@ * @return string Content after decoded entities */ function wp_kses_decode_entities($string) { - $string = preg_replace('/&#([0-9]+);/e', 'chr("\\1")', $string); - $string = preg_replace('/&#[Xx]([0-9A-Fa-f]+);/e', 'chr(hexdec("\\1"))', $string); + $string = preg_replace_callback('/&#([0-9]+);/', create_function('$match', 'return chr($match[1]);'), $string); + $string = preg_replace_callback('/&#[Xx]([0-9A-Fa-f]+);/', create_function('$match', 'return chr(hexdec($match[1]));'), $string); return $string; } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/link-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/link-template.php --- wordpress-2.7/wp-includes/link-template.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/link-template.php 2009-01-24 09:33:37.000000000 +0000 @@ -92,7 +92,10 @@ $leavename? '' : '%pagename%', ); - $post = &get_post($id); + if ( is_object($id) && isset($id->filter) && 'sample' == $id->filter ) + $post = $id; + else + $post = &get_post($id); if ( empty($post->ID) ) return false; @@ -722,7 +725,7 @@ return; } - $link = '<a href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>'; + $link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>'; echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after; } @@ -772,7 +775,7 @@ return; } - $link = '<a href="' . get_edit_comment_link( $comment->comment_ID ) . '" title="' . __( 'Edit comment' ) . '">' . $link . '</a>'; + $link = '<a class="comment-edit-link" href="' . get_edit_comment_link( $comment->comment_ID ) . '" title="' . __( 'Edit comment' ) . '">' . $link . '</a>'; echo $before . apply_filters( 'edit_comment_link', $link, $comment->comment_ID ) . $after; } @@ -1242,14 +1245,15 @@ } /** - * Display link to next comments pages. + * Return the link to next comments pages. * - * @since 2.7.0 + * @since 2.7.1 * * @param string $label Optional. Label for link text. * @param int $max_page Optional. Max page. + * @return string|null */ -function next_comments_link($label='', $max_page = 0) { +function get_next_comments_link( $label = '', $max_page = 0 ) { global $wp_query; if ( !is_singular() ) @@ -1257,9 +1261,6 @@ $page = get_query_var('cpage'); - if ( !$page ) - $page = 1; - $nextpage = intval($page) + 1; if ( empty($max_page) ) @@ -1274,29 +1275,36 @@ if ( empty($label) ) $label = __('Newer Comments »'); - echo '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ); - $attr = apply_filters( 'next_comments_link_attributes', '' ); - echo "\" $attr>". preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; + return '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; } /** - * Display the previous comments page link. + * Display the link to next comments pages. * * @since 2.7.0 * - * @param string $label Optional. Label for comments link text. + * @param string $label Optional. Label for link text. + * @param int $max_page Optional. Max page. */ -function previous_comments_link($label='') { +function next_comments_link( $label = '', $max_page = 0 ) { + echo get_next_comments_link( $label, $max_page ); +} +/** + * Return the previous comments page link. + * + * @since 2.7.1 + * + * @param string $label Optional. Label for comments link text. + * @return string|null + */ +function get_previous_comments_link( $label = '' ) { if ( !is_singular() ) return; $page = get_query_var('cpage'); - if ( !$page ) - $page = 1; - - if ( $page <= 1 ) + if ( intval($page) <= 1 ) return; $prevpage = intval($page) - 1; @@ -1304,9 +1312,18 @@ if ( empty($label) ) $label = __('« Older Comments'); - echo '<a href="' . clean_url(get_comments_pagenum_link($prevpage)); - $attr = apply_filters( 'previous_comments_link_attributes', '' ); - echo "\" $attr>". preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; + return '<a href="' . clean_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; +} + +/** + * Display the previous comments page link. + * + * @since 2.7.0 + * + * @param string $label Optional. Label for comments link text. + */ +function previous_comments_link( $label = '' ) { + echo get_previous_comments_link( $label ); } /** @@ -1337,7 +1354,7 @@ 'add_fragment' => '#comments' ); if ( $wp_rewrite->using_permalinks() ) - $defaults['base'] = user_trailingslashit(get_permalink() . 'comment-page-%#%', 'commentpaged'); + $defaults['base'] = user_trailingslashit(trailingslashit(get_permalink()) . 'comment-page-%#%', 'commentpaged'); $args = wp_parse_args( $args, $defaults ); $page_links = paginate_links( $args ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/pluggable.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/pluggable.php --- wordpress-2.7/wp-includes/pluggable.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/pluggable.php 2009-01-29 17:59:03.000000000 +0000 @@ -1210,7 +1210,7 @@ * Below is an example of how the SECRET_KEY constant is defined with a value. * You must not copy the below example and paste into your wp-config.php. If you * need an example, then you can have a - * {@link http://api.wordpress.org/secret-key/1.0/ secret key created} for you. + * {@link https://api.wordpress.org/secret-key/1.1/ secret key created} for you. * * <code> * define('SECRET_KEY', 'mAry1HadA15|\/|b17w55w1t3asSn09w'); @@ -1221,7 +1221,7 @@ * salt string is not weak. * * @since 2.5 - * @link http://api.wordpress.org/secret-key/1.0/ Create a Secret Key for wp-config.php + * @link https://api.wordpress.org/secret-key/1.1/ Create a Secret Key for wp-config.php * * @return string Salt value from either 'SECRET_KEY' or 'secret' option */ @@ -1394,6 +1394,8 @@ * * @since 2.5 * + * @param int $length The length of password to generate + * @param bool $special_chars Whether to include standard special characters * @return string The random password **/ function wp_generate_password($length = 12, $special_chars = true) { @@ -1527,21 +1529,26 @@ $default = $avatar_default; } + if ( is_ssl() ) + $host = 'https://secure.gravatar.com'; + else + $host = 'http://www.gravatar.com'; + if ( 'mystery' == $default ) - $default = "http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') + $default = "$host/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') elseif ( 'blank' == $default ) $default = includes_url('images/blank.gif'); elseif ( !empty($email) && 'gravatar_default' == $default ) $default = ''; elseif ( 'gravatar_default' == $default ) - $default = "http://www.gravatar.com/avatar/s={$size}"; + $default = "$host/avatar/s={$size}"; elseif ( empty($email) ) - $default = "http://www.gravatar.com/avatar/?d=$default&s={$size}"; + $default = "$host/avatar/?d=$default&s={$size}"; elseif ( strpos($default, 'http://') === 0 ) $default = add_query_arg( 's', $size, $default ); if ( !empty($email) ) { - $out = 'http://www.gravatar.com/avatar/'; + $out = "$host/avatar/"; $out .= md5( strtolower( $email ) ); $out .= '?s='.$size; $out .= '&d=' . urlencode( $default ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/post.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/post.php --- wordpress-2.7/wp-includes/post.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/post.php 2008-12-26 02:57:35.000000000 +0000 @@ -215,11 +215,13 @@ $_post = & $GLOBALS['post']; else return $null; - } elseif ( is_object($post) ) { + } elseif ( is_object($post) && empty($post->filter) ) { _get_post_ancestors($post); wp_cache_add($post->ID, $post, 'posts'); $_post = &$post; } else { + if ( is_object($post) ) + $post = $post->ID; $post = (int) $post; if ( ! $_post = wp_cache_get($post, 'posts') ) { $_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); @@ -739,7 +741,7 @@ function get_post_custom_values( $key = '', $post_id = 0 ) { $custom = get_post_custom($post_id); - return $custom[$key]; + return isset($custom[$key]) ? $custom[$key] : null; } /** @@ -792,12 +794,15 @@ $post->ID = 0; foreach ( array_keys(get_object_vars($post)) as $field ) $post->$field = sanitize_post_field($field, $post->$field, $post->ID, $context); + $post->filter = $context; } else { if ( !isset($post['ID']) ) $post['ID'] = 0; foreach ( array_keys($post) as $field ) $post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context); + $post['filter'] = $context; } + return $post; } @@ -2535,6 +2540,10 @@ if ( ($uploads = wp_upload_dir()) && false === $uploads['error'] ) { //Get upload directory if ( 0 === strpos($file, $uploads['basedir']) ) //Check that the upload base exists in the file location $url = str_replace($uploads['basedir'], $uploads['baseurl'], $file); //replace file location with url location + elseif ( false !== strpos($file, 'wp-content/uploads') ) + $url = $uploads['baseurl'] . substr( $file, strpos($file, 'wp-content/uploads') + 18 ); + else + $url = $uploads['baseurl'] . "/$file"; //Its a newly uploaded file, therefor $file is relative to the basedir. } } diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/post-template.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/post-template.php --- wordpress-2.7/wp-includes/post-template.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/post-template.php 2009-02-03 23:06:17.000000000 +0000 @@ -223,7 +223,7 @@ } if ( $preview ) // preview fix for javascript bug with foreign languages - $output = preg_replace('/\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10).';'", $output); + $output = preg_replace_callback('/\%u([0-9A-F]{4})/', create_function('$match', 'return "&#" . base_convert($match[1], 16, 10) . ";";'), $output); return $output; } @@ -607,7 +607,7 @@ $current_page = 0; // sanitize, mostly to keep spaces out - $r['exclude'] = preg_replace('[^0-9,]', '', $r['exclude']); + $r['exclude'] = preg_replace('/[^0-9,]/', '', $r['exclude']); // Allow plugins to filter an array of excluded pages $r['exclude'] = implode(',', apply_filters('wp_list_pages_excludes', explode(',', $r['exclude']))); @@ -680,7 +680,7 @@ $class = ''; if ( is_front_page() && !is_paged() ) $class = 'class="current_page_item"'; - $menu .= '<li ' . $class . '><a href="' . get_option('home') . '">' . $link_before . $text . $link_after . '</a></li>'; + $menu .= '<li ' . $class . '><a href="' . get_option('home') . '">' . $args['link_before'] . $text . $args['link_after'] . '</a></li>'; // If the front page is a page, add it to the exclude list if (get_option('show_on_front') == 'page') { if ( !empty( $list_args['exclude'] ) ) { @@ -1048,7 +1048,7 @@ $autosavef = __( '%s [Autosave]' ); $currentf = __( '%s [Current Revision]' ); - $date = date_i18n( $datef, strtotime( $revision->post_modified_gmt . ' +0000' ) ); + $date = date_i18n( $datef, strtotime( $revision->post_modified ) ); if ( $link && current_user_can( 'edit_post', $revision->ID ) && $link = get_edit_post_link( $revision->ID ) ) $date = "<a href='$link'>$date</a>"; diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/script-loader.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/script-loader.php --- wordpress-2.7/wp-includes/script-loader.php 2008-12-10 17:42:26.000000000 +0000 +++ wordpress-2.7.1/wp-includes/script-loader.php 2009-01-24 11:57:15.000000000 +0000 @@ -103,7 +103,7 @@ $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array('jquery'), '20'); $scripts->add( 'jquery-hotkeys', '/wp-includes/js/jquery/jquery.hotkeys.js', array('jquery'), '0.0.2' ); $scripts->add( 'jquery-table-hotkeys', '/wp-includes/js/jquery/jquery.table-hotkeys.js', array('jquery', 'jquery-hotkeys'), '20081128' ); - $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array('jquery'), '3.1-20080430'); + $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array('jquery'), '3.1-20090123'); $scripts->add( 'swfupload', '/wp-includes/js/swfupload/swfupload.js', false, '2.2.0-20081031'); $scripts->add( 'swfupload-degrade', '/wp-includes/js/swfupload/plugins/swfupload.graceful_degradation.js', array('swfupload'), '2.2.0-20081031'); $scripts->add( 'swfupload-swfobject', '/wp-includes/js/swfupload/plugins/swfupload.swfobject.js', array('swfupload'), '2.2.0-20081031'); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/taxonomy.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/taxonomy.php --- wordpress-2.7/wp-includes/taxonomy.php 2008-12-09 23:31:11.000000000 +0000 +++ wordpress-2.7.1/wp-includes/taxonomy.php 2009-01-22 22:59:40.000000000 +0000 @@ -534,6 +534,10 @@ * of term ids to exclude from the return array. If 'include' is non-empty, * 'exclude' is ignored. * + * exclude_tree - A comma- or space-delimited string of term ids to exclude + * from the return array, along with all of their descendant terms according to + * the primary taxonomy. If 'include' is non-empty, 'exclude_tree' is ignored. + * * include - Default is an empty string. A comma- or space-delimited string * of term ids to include in the return array. * @@ -604,7 +608,7 @@ $in_taxonomies = "'" . implode("', '", $taxonomies) . "'"; $defaults = array('orderby' => 'name', 'order' => 'ASC', - 'hide_empty' => true, 'exclude' => '', 'include' => '', + 'hide_empty' => true, 'exclude' => '', 'exclude_tree' => '', 'include' => '', 'number' => '', 'fields' => 'all', 'slug' => '', 'parent' => '', 'hierarchical' => true, 'child_of' => 0, 'get' => '', 'name__like' => '', 'pad_counts' => false, 'offset' => '', 'search' => ''); @@ -668,6 +672,7 @@ $inclusions = ''; if ( !empty($include) ) { $exclude = ''; + $exclude_tree = ''; $interms = preg_split('/[\s,]+/',$include); if ( count($interms) ) { foreach ( (array) $interms as $interm ) { @@ -684,11 +689,25 @@ $where .= $inclusions; $exclusions = ''; + if ( ! empty( $exclude_tree ) ) { + $excluded_trunks = preg_split('/[\s,]+/',$exclude_tree); + foreach( (array) $excluded_trunks as $extrunk ) { + $excluded_children = (array) get_terms($taxonomies[0], array('child_of' => intval($extrunk), 'fields' => 'ids')); + $excluded_children[] = $extrunk; + foreach( (array) $excluded_children as $exterm ) { + if ( empty($exclusions) ) + $exclusions = ' AND ( t.term_id <> ' . intval($exterm) . ' '; + else + $exclusions .= ' AND t.term_id <> ' . intval($exterm) . ' '; + + } + } + } if ( !empty($exclude) ) { $exterms = preg_split('/[\s,]+/',$exclude); if ( count($exterms) ) { foreach ( (array) $exterms as $exterm ) { - if (empty($exclusions)) + if ( empty($exclusions) ) $exclusions = ' AND ( t.term_id <> ' . intval($exterm) . ' '; else $exclusions .= ' AND t.term_id <> ' . intval($exterm) . ' '; @@ -717,14 +736,15 @@ if ( $hide_empty && !$hierarchical ) $where .= ' AND tt.count > 0'; - if ( !empty($number) ) { + // don't limit the query results when we have to descend the family tree + if ( ! empty($number) && ! $hierarchical && empty( $child_of ) && '' == $parent ) { if( $offset ) - $number = 'LIMIT ' . $offset . ',' . $number; + $limit = 'LIMIT ' . $offset . ',' . $number; else - $number = 'LIMIT ' . $number; + $limit = 'LIMIT ' . $number; } else - $number = ''; + $limit = ''; if ( !empty($search) ) { $search = like_escape($search); @@ -739,13 +759,11 @@ else if ( 'names' == $fields ) $select_this = 't.term_id, tt.parent, tt.count, t.name'; - $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $number"; + $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $limit"; + $terms = $wpdb->get_results($query); if ( 'all' == $fields ) { - $terms = $wpdb->get_results($query); update_term_cache($terms); - } else if ( ('ids' == $fields) || ('names' == $fields) ) { - $terms = $wpdb->get_results($query); } if ( empty($terms) ) { @@ -793,6 +811,10 @@ $terms = $_terms; } + if ( 0 < $number && intval(@count($terms)) > $number ) { + $terms = array_slice($terms, $offset, $number); + } + wp_cache_add( $cache_key, $terms, 'terms' ); $terms = apply_filters('get_terms', $terms, $taxonomies, $args); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/theme.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/theme.php --- wordpress-2.7/wp-includes/theme.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/theme.php 2009-02-02 19:17:27.000000000 +0000 @@ -849,7 +849,7 @@ if ( !current_user_can( 'switch_themes' ) ) return; - $_GET['template'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['template']); + $_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']); if ( validate_file($_GET['template']) ) return; @@ -857,7 +857,7 @@ add_filter('template', create_function('', "return '{$_GET['template']}';") ); if ( isset($_GET['stylesheet']) ) { - $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['stylesheet']); + $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']); if ( validate_file($_GET['stylesheet']) ) return; add_filter('stylesheet', create_function('', "return '{$_GET['stylesheet']}';") ); diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/version.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/version.php --- wordpress-2.7/wp-includes/version.php 2008-12-10 22:48:19.000000000 +0000 +++ wordpress-2.7.1/wp-includes/version.php 2009-02-10 19:30:47.000000000 +0000 @@ -8,7 +8,7 @@ * * @global string $wp_version */ -$wp_version = '2.7'; +$wp_version = '2.7.1'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-includes/widgets.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-includes/widgets.php --- wordpress-2.7/wp-includes/widgets.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/wp-includes/widgets.php 2009-01-05 23:04:05.000000000 +0000 @@ -548,7 +548,7 @@ function wp_get_sidebars_widgets($update = true) { global $wp_registered_widgets, $wp_registered_sidebars; - $sidebars_widgets = get_option('sidebars_widgets'); + $sidebars_widgets = get_option('sidebars_widgets', array()); $_sidebars_widgets = array(); if ( !isset($sidebars_widgets['array_version']) ) @@ -618,7 +618,8 @@ update_option('sidebars_widgets', $sidebars_widgets); } - unset($sidebars_widgets['array_version']); + if ( isset($sidebars_widgets['array_version']) ) + unset($sidebars_widgets['array_version']); $sidebars_widgets = apply_filters('sidebars_widgets', $sidebars_widgets); return $sidebars_widgets; @@ -1398,7 +1399,7 @@ <?php echo $before_title . $title . $after_title; ?> <ul id="recentcomments"><?php if ( $comments ) : foreach ( (array) $comments as $comment) : - echo '<li class="recentcomments">' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_comment_link($comment->comment_ID) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; + echo '<li class="recentcomments">' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; endforeach; endif;?></ul> <?php echo $after_widget; ?> <?php @@ -2092,7 +2093,7 @@ } // This is important -add_action( 'widgets_init', 'widget_many_register' ) +add_action( 'widgets_init', 'widget_many_register' ); */ diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/wp-settings.php /tmp/UxIoWBm4aP/wordpress-2.7.1/wp-settings.php --- wordpress-2.7/wp-settings.php 2008-11-10 18:54:18.000000000 +0000 +++ wordpress-2.7.1/wp-settings.php 2009-01-24 13:21:56.000000000 +0000 @@ -15,6 +15,8 @@ if ( function_exists('memory_get_usage') && ( (int) @ini_get('memory_limit') < abs(intval(WP_MEMORY_LIMIT)) ) ) @ini_set('memory_limit', WP_MEMORY_LIMIT); +set_magic_quotes_runtime(0); +@ini_set('magic_quotes_sybase', 0); /** * Turn register globals off. @@ -199,7 +201,13 @@ if (defined('WP_DEBUG') and WP_DEBUG == true) { error_reporting(E_ALL); } else { - error_reporting(E_ALL ^ E_NOTICE ^ E_USER_NOTICE); + // Unicode Extension is in PHP 6.0 only or do version check when this changes. + if ( function_exists('unicode_decode') ) + error_reporting( E_ALL ^ E_DEPRECATED ^ E_NOTICE ^ E_USER_NOTICE ^ E_STRICT ); + else if ( defined( 'E_DEPRECATED' ) ) // Introduced in PHP 5.3 + error_reporting( E_ALL ^ E_DEPRECATED ^ E_NOTICE ^ E_USER_NOTICE ); + else + error_reporting(E_ALL ^ E_NOTICE ^ E_USER_NOTICE); } // For an advanced caching plugin to use, static because you would only want one diff -Nru /tmp/p8BiBwsR1e/wordpress-2.7/xmlrpc.php /tmp/UxIoWBm4aP/wordpress-2.7.1/xmlrpc.php --- wordpress-2.7/xmlrpc.php 2008-12-09 18:03:31.000000000 +0000 +++ wordpress-2.7.1/xmlrpc.php 2009-01-19 18:47:36.000000000 +0000 @@ -1258,8 +1258,6 @@ } else { $logged_in = true; set_current_user( 0, $username ); - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); } if ( is_numeric($post) ) @@ -1285,12 +1283,15 @@ $comment['comment_author'] = ''; if ( isset($content_struct['author']) ) $comment['comment_author'] = $content_struct['author']; + $comment['comment_author_email'] = ''; - if ( isset($content_struct['author']) ) + if ( isset($content_struct['author_email']) ) $comment['comment_author_email'] = $content_struct['author_email']; + $comment['comment_author_url'] = ''; - if ( isset($content_struct['author']) ) + if ( isset($content_struct['author_url']) ) $comment['comment_author_url'] = $content_struct['author_url']; + $comment['user_ID'] = 0; if ( get_option('require_name_email') ) { @@ -2761,7 +2762,8 @@ foreach ( $cats as $cat ) { $struct['categoryId'] = $cat->term_id; $struct['parentId'] = $cat->parent; - $struct['description'] = $cat->description; + $struct['description'] = $cat->name; + $struct['categoryDescription'] = $cat->description; $struct['categoryName'] = $cat->name; $struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id)); $struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2'));