[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
mrowe at apple.com
mrowe at apple.com
Thu Oct 29 20:50:25 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 6b6c823140153614b7f3d0ea4e49b44e35168bc9
Author: mrowe at apple.com <mrowe at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Oct 23 05:16:15 2009 +0000
Update to WordPress 2.8.5.
* blog:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49967 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKitSite/ChangeLog b/WebKitSite/ChangeLog
index 57064f6..26aa941 100644
--- a/WebKitSite/ChangeLog
+++ b/WebKitSite/ChangeLog
@@ -1,3 +1,9 @@
+2009-10-22 Mark Rowe <mrowe at apple.com>
+
+ Update to WordPress 2.8.5.
+
+ * blog:
+
2009-10-19 Andrew Scherkus <scherkus at chromium.org>
Reviewed by Eric Seidel.
diff --git a/WebKitSite/blog/wp-admin/edit-attachment-rows.php b/WebKitSite/blog/wp-admin/edit-attachment-rows.php
index 3842a6c..4922eed 100644
--- a/WebKitSite/blog/wp-admin/edit-attachment-rows.php
+++ b/WebKitSite/blog/wp-admin/edit-attachment-rows.php
@@ -209,4 +209,3 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
<?php
} // end if ( have_posts() )
?>
-
diff --git a/WebKitSite/blog/wp-admin/import/btt.php b/WebKitSite/blog/wp-admin/import/btt.php
deleted file mode 100644
index a2aab3f..0000000
--- a/WebKitSite/blog/wp-admin/import/btt.php
+++ /dev/null
@@ -1,130 +0,0 @@
-<?php
-/**
- * BunnyTags Plugin Tag Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * BunnyTags Plugin tag converter
- *
- * This will process the BunnyTags plugin tags and convert them to the WordPress
- * 2.3 taxonomy.
- *
- * @since unknown
- */
-class BunnyTags_Import {
-
- function header() {
- echo '<div class="wrap">';
- screen_icon();
- echo '<h2>'.__('Import Bunny’s Technorati Tags').'</h2>';
- echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
- }
-
- function footer() {
- echo '</div>';
- }
-
- function greet() {
- echo '<div class="narrow">';
- echo '<p>'.__('Howdy! This imports tags from Bunny’s Technorati Tags into WordPress tags.').'</p>';
- echo '<p>'.__('This is suitable for Bunny’s Technorati Tags version 0.6.').'</p>';
- echo '<p><strong>'.__('All existing Bunny’s Technorati Tags will be removed after import.').'</strong></p>';
- echo '<p><strong>'.__('Don’t be stupid - backup your database before proceeding!').'</strong></p>';
- echo '<form action="admin.php?import=btt&step=1" method="post">';
- wp_nonce_field('import-btt');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Tags').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function dispatch() {
- if ( empty($_GET['step']) )
- $step = 0;
- else
- $step = absint($_GET['step']);
-
- // load the header
- $this->header();
-
- switch ( $step ) {
- case 0 :
- $this->greet();
- break;
- case 1 :
- check_admin_referer('import-btt');
- $this->check_post_keyword( true );
- break;
- case 2 :
- check_admin_referer('import-btt');
- $this->check_post_keyword( false );
- break;
- case 3:
- $this->done();
- break;
- }
-
- // load the footer
- $this->footer();
- }
-
- function check_post_keyword($precheck = true) {
- global $wpdb;
-
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Reading Bunny’s Technorati Tags…').'</h3></p>';
-
- // import Bunny's Keywords tags
- $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'");
- if ( !is_array($metakeys)) {
- echo '<p>' . __('No Tags Found!') . '</p>';
- return false;
- } else {
- $count = count($metakeys);
- echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
- echo '<ul>';
- foreach ( $metakeys as $post_meta ) {
- if ( $post_meta->meta_value != '' ) {
- $post_keys = explode(' ', $post_meta->meta_value);
- foreach ( $post_keys as $keyword ) {
- $keyword = addslashes(trim(str_replace('+',' ',$keyword)));
- if ( '' != $keyword ) {
- echo '<li>' . $post_meta->post_id . ' - ' . $keyword . '</li>';
- if ( !$precheck )
- wp_add_post_tags($post_meta->post_id, $keyword);
- }
- }
- }
- if ( !$precheck )
- delete_post_meta($post_meta->post_id, 'tags');
- }
- echo '</ul>';
- }
-
- echo '<form action="admin.php?import=btt&step='.($precheck? 2:3).'" method="post">';
- wp_nonce_field('import-btt');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function done() {
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Import Complete!').'</h3></p>';
- echo '</div>';
- }
-
- function BunnyTags_Import() {
- }
-
-}
-
-// create the import object
-$btt_import = new BunnyTags_Import();
-
-// add it to the import page!
-register_importer('btt', 'Bunny’s Technorati Tags', __('Import Bunny’s Technorati Tags into WordPress tags.'), array($btt_import, 'dispatch'));
-
-?>
diff --git a/WebKitSite/blog/wp-admin/import/jkw.php b/WebKitSite/blog/wp-admin/import/jkw.php
deleted file mode 100644
index d21d79a..0000000
--- a/WebKitSite/blog/wp-admin/import/jkw.php
+++ /dev/null
@@ -1,192 +0,0 @@
-<?php
-/**
- * Jeromes Keyword Plugin Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * Jeromes Keyword Plugin Importer class
- *
- * Will convert Jeromes Keyword Plugin tags to WordPress taxonomy tags.
- *
- * @since 2.3
- */
-class JeromesKeyword_Import {
-
- function header() {
- echo '<div class="wrap">';
- screen_icon();
- echo '<h2>'.__('Import Jerome’s Keywords').'</h2>';
- echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
- }
-
- function footer() {
- echo '</div>';
- }
-
- function greet() {
- echo '<div class="narrow">';
- echo '<p>'.__('Howdy! This imports tags from Jerome’s Keywords into WordPress tags.').'</p>';
- echo '<p>'.__('This is suitable for Jerome’s Keywords version 1.x and 2.0a.').'</p>';
- echo '<p><strong>'.__('All existing Jerome’s Keywords will be removed after import.').'</strong></p>';
- echo '<p><strong>'.__('Don’t be stupid - backup your database before proceeding!').'</strong></p>';
- echo '<form action="admin.php?import=jkw&step=1" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 1.x').'" /></p>';
- echo '</form>';
- echo '<form action="admin.php?import=jkw&step=3" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 2.0a').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function dispatch() {
- if ( empty($_GET['step']) )
- $step = 0;
- else
- $step = absint($_GET['step']);
-
- // load the header
- $this->header();
-
- switch ( $step ) {
- case 0 :
- $this->greet();
- break;
- case 1 :
- check_admin_referer('import-jkw');
- $this->check_V1_post_keyword( true );
- break;
- case 2 :
- check_admin_referer('import-jkw');
- $this->check_V1_post_keyword( false );
- break;
- case 3 :
- check_admin_referer('import-jkw');
- $this->check_V2_post_keyword( true );
- break;
- case 4 :
- check_admin_referer('import-jkw');
- $this->check_V2_post_keyword( false );
- break;
- case 5:
- check_admin_referer('import-jkw');
- $this->cleanup_V2_import();
- break;
- case 6:
- $this->done();
- break;
- }
-
- // load the footer
- $this->footer();
- }
-
- function check_V1_post_keyword($precheck = true) {
- global $wpdb;
-
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Reading Jerome’s Keywords Tags…').'</h3></p>';
-
- // import Jerome's Keywords tags
- $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'");
- if ( !is_array($metakeys)) {
- echo '<p>' . __('No Tags Found!') . '</p>';
- return false;
- } else {
- $count = count($metakeys);
- echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
- echo '<ul>';
- foreach ( $metakeys as $post_meta ) {
- if ( $post_meta->meta_value != '' ) {
- $post_keys = explode(',', $post_meta->meta_value);
- foreach ( $post_keys as $keyword ) {
- $keyword = addslashes(trim($keyword));
- if ( '' != $keyword ) {
- echo '<li>' . $post_meta->post_id . ' - ' . $keyword . '</li>';
- if ( !$precheck )
- wp_add_post_tags($post_meta->post_id, $keyword);
- }
- }
- }
- if ( !$precheck )
- delete_post_meta($post_meta->post_id, 'keywords');
- }
- echo '</ul>';
- }
-
- echo '<form action="admin.php?import=jkw&step='.($precheck? 2:6).'" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function check_V2_post_keyword($precheck = true) {
- global $wpdb;
-
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Reading Jerome’s Keywords Tags…').'</h3></p>';
-
- // import Jerome's Keywords tags
- $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1);
- $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename");
- if ( !is_array($metakeys) ) {
- echo '<p>' . __('No Tags Found!') . '</p>';
- return false;
- } else {
- $count = count($metakeys);
- echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
- echo '<ul>';
- foreach ( $metakeys as $post_meta ) {
- $keyword = addslashes(trim($post_meta->tag_name));
- if ( $keyword != '' ) {
- echo '<li>' . $post_meta->post_id . ' - ' . $keyword . '</li>';
- if ( !$precheck )
- wp_add_post_tags($post_meta->post_id, $keyword);
- }
- }
- echo '</ul>';
- }
- echo '<form action="admin.php?import=jkw&step='.($precheck? 4:5).'" method="post">';
- wp_nonce_field('import-jkw');
- echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
- echo '</form>';
- echo '</div>';
- }
-
- function cleanup_V2_import() {
- global $wpdb;
-
- /* options from V2.0a (jeromes-keywords.php) */
- $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin');
-
- $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1));
-
- foreach ( $options as $o )
- delete_option('jkeywords_' . $o);
-
- $this->done();
- }
-
- function done() {
- echo '<div class="narrow">';
- echo '<p><h3>'.__('Import Complete!').'</h3></p>';
- echo '</div>';
- }
-
- function JeromesKeyword_Import() {
- }
-
-}
-
-// create the import object
-$jkw_import = new JeromesKeyword_Import();
-
-// add it to the import page!
-register_importer('jkw', 'Jerome’s Keywords', __('Import Jerome’s Keywords into WordPress tags.'), array($jkw_import, 'dispatch'));
-
-?>
diff --git a/WebKitSite/blog/wp-admin/import/wordpress.php b/WebKitSite/blog/wp-admin/import/wordpress.php
index 9990348..388b1b6 100644
--- a/WebKitSite/blog/wp-admin/import/wordpress.php
+++ b/WebKitSite/blog/wp-admin/import/wordpress.php
@@ -684,8 +684,8 @@ class WP_Import {
}
function is_valid_meta_key($key) {
- // skip _wp_attached_file metadata since we'll regenerate it from scratch
- if ( $key == '_wp_attached_file' )
+ // skip attachment metadata since we'll regenerate it from scratch
+ if ( $key == '_wp_attached_file' || $key == '_wp_attachment_metadata' )
return false;
return $key;
}
diff --git a/WebKitSite/blog/wp-admin/includes/post.php b/WebKitSite/blog/wp-admin/includes/post.php
index c7acf91..51bb136 100644
--- a/WebKitSite/blog/wp-admin/includes/post.php
+++ b/WebKitSite/blog/wp-admin/includes/post.php
@@ -246,7 +246,7 @@ function bulk_edit_posts( $post_data = null ) {
if ( isset($post_data['post_category']) ) {
if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
- $new_cats = array_map( absint, $post_data['post_category'] );
+ $new_cats = array_map( 'absint', $post_data['post_category'] );
else
unset($post_data['post_category']);
}
@@ -1060,6 +1060,32 @@ function wp_set_post_lock( $post_id ) {
}
/**
+ * Outputs the notice message to say that someone else is editing this post at the moment.
+ *
+ * @since 2.8.5
+ * @return none
+ */
+function _admin_notice_post_locked() {
+ global $post;
+ $last_user = get_userdata( get_post_meta( $post->ID, '_edit_last', true ) );
+ $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+
+ switch ($post->post_type) {
+ case 'post':
+ $message = __( 'Warning: %s is currently editing this post' );
+ break;
+ case 'page':
+ $message = __( 'Warning: %s is currently editing this page' );
+ break;
+ default:
+ $message = __( 'Warning: %s is currently editing this.' );
+ }
+
+ $message = sprintf( $message, esc_html( $last_user_name ) );
+ echo "<div class='error'><p>$message</p></div>";
+}
+
+/**
* Creates autosave data for the specified post from $_POST data.
*
* @package WordPress
diff --git a/WebKitSite/blog/wp-admin/includes/update-core.php b/WebKitSite/blog/wp-admin/includes/update-core.php
index 5abee75..f966196 100644
--- a/WebKitSite/blog/wp-admin/includes/update-core.php
+++ b/WebKitSite/blog/wp-admin/includes/update-core.php
@@ -126,6 +126,8 @@ $_old_files = array(
'wp-admin/edit-form-ajax-cat.php',
'wp-admin/execute-pings.php',
'wp-admin/import/b2.php',
+'wp-admin/import/btt.php',
+'wp-admin/import/jkw.php',
'wp-admin/inline-uploading.php',
'wp-admin/link-categories.php',
'wp-admin/list-manipulation.js',
diff --git a/WebKitSite/blog/wp-admin/install.php b/WebKitSite/blog/wp-admin/install.php
index a9579ff..4e97f02 100644
--- a/WebKitSite/blog/wp-admin/install.php
+++ b/WebKitSite/blog/wp-admin/install.php
@@ -49,6 +49,12 @@ header( 'Content-Type: text/html; charset=utf-8' );
}//end function display_header();
function display_setup_form( $error = null ) {
+ // Ensure that Blogs appear in search engines by default
+ $blog_public = 1;
+ if ( isset($_POST) && !empty($_POST) ) {
+ $blog_public = isset($_POST['blog_public']);
+ }
+
if ( ! is_null( $error ) ) {
?>
<p><?php printf( __('<strong>ERROR</strong>: %s'), $error); ?></p>
@@ -65,7 +71,7 @@ function display_setup_form( $error = null ) {
<?php _e('Double-check your email address before continuing.'); ?>
</tr>
<tr>
- <td colspan="2"><label><input type="checkbox" name="blog_public" value="1"<?php if( isset($_POST) && ! empty($_POST) && isset( $_POST['blog_public'] ) ) : ?> checked="checked"<?php endif; ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
+ <td colspan="2"><label><input type="checkbox" name="blog_public" value="1" <?php checked($blog_public); ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
</tr>
</table>
<p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e('Install WordPress'); ?>" class="button" /></p>
diff --git a/WebKitSite/blog/wp-admin/page.php b/WebKitSite/blog/wp-admin/page.php
index 68a6690..9e5eef6 100644
--- a/WebKitSite/blog/wp-admin/page.php
+++ b/WebKitSite/blog/wp-admin/page.php
@@ -98,11 +98,7 @@ case 'edit':
if ( current_user_can('edit_page', $page_ID) ) {
if ( $last = wp_check_post_lock( $post->ID ) ) {
- $last_user = get_userdata( $last );
- $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
- $message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) );
- $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
- add_action('admin_notices', create_function( '', "echo '$message';" ) );
+ add_action('admin_notices', '_admin_notice_post_locked' );
} else {
wp_set_post_lock( $post->ID );
wp_enqueue_script('autosave');
diff --git a/WebKitSite/blog/wp-admin/post.php b/WebKitSite/blog/wp-admin/post.php
index 008778f..cc8e06c 100644
--- a/WebKitSite/blog/wp-admin/post.php
+++ b/WebKitSite/blog/wp-admin/post.php
@@ -133,11 +133,7 @@ case 'edit':
if ( current_user_can('edit_post', $post_ID) ) {
if ( $last = wp_check_post_lock( $post->ID ) ) {
- $last_user = get_userdata( $last );
- $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
- $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
- $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
- add_action('admin_notices', create_function( '', "echo '$message';" ) );
+ add_action('admin_notices', '_admin_notice_post_locked' );
} else {
wp_set_post_lock( $post->ID );
wp_enqueue_script('autosave');
diff --git a/WebKitSite/blog/wp-app.php b/WebKitSite/blog/wp-app.php
index 0ada250..11f4ec7 100644
--- a/WebKitSite/blog/wp-app.php
+++ b/WebKitSite/blog/wp-app.php
@@ -780,6 +780,7 @@ EOD;
}
$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+ $location = get_option ('upload_path') . '/' . $location;
$filetype = wp_check_filetype($location);
if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
@@ -789,11 +790,19 @@ EOD;
header('Content-Type: ' . $entry['post_mime_type']);
header('Connection: close');
- $fp = fopen($location, "rb");
- while(!feof($fp)) {
- echo fread($fp, 4096);
+ if ($fp = fopen($location, "rb")) {
+ status_header('200');
+ header('Content-Type: ' . $entry['post_mime_type']);
+ header('Connection: close');
+
+ while(!feof($fp)) {
+ echo fread($fp, 4096);
+ }
+
+ fclose($fp);
+ } else {
+ status_header ('404');
}
- fclose($fp);
log_app('function',"get_file($postID)");
exit;
diff --git a/WebKitSite/blog/wp-includes/author-template.php b/WebKitSite/blog/wp-includes/author-template.php
index 19e7b86..908e233 100644
--- a/WebKitSite/blog/wp-includes/author-template.php
+++ b/WebKitSite/blog/wp-includes/author-template.php
@@ -132,7 +132,7 @@ function the_author_meta($field = '', $user_id = false) {
*/
function the_author_link() {
if ( get_the_author_meta('url') ) {
- echo '<a href="' . get_the_author_meta('url') . '" title="' . sprintf(__("Visit %s’s website"), get_the_author()) . '" rel="external">' . get_the_author() . '</a>';
+ echo '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s’s website"), get_the_author()) ) . '" rel="external">' . get_the_author() . '</a>';
} else {
the_author();
}
@@ -181,7 +181,7 @@ function the_author_posts_link($deprecated = '') {
printf(
'<a href="%1$s" title="%2$s">%3$s</a>',
get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
- sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ),
+ esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
get_the_author()
);
}
@@ -292,7 +292,7 @@ function wp_list_authors($args = '') {
if ( ! $hide_empty )
$link = $name;
} else {
- $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>';
+ $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . esc_attr( sprintf(__("Posts by %s"), $author->display_name) ) . '">' . $name . '</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) {
$link .= ' ';
@@ -301,8 +301,8 @@ function wp_list_authors($args = '') {
$link .= '<a href="' . get_author_feed_link($author->ID) . '"';
if ( !empty($feed) ) {
- $title = ' title="' . $feed . '"';
- $alt = ' alt="' . $feed . '"';
+ $title = ' title="' . esc_attr($feed) . '"';
+ $alt = ' alt="' . esc_attr($feed) . '"';
$name = $feed;
$link .= $title;
}
@@ -310,7 +310,7 @@ function wp_list_authors($args = '') {
$link .= '>';
if ( !empty($feed_image) )
- $link .= "<img src=\"$feed_image\" style=\"border: none;\"$alt$title" . ' />';
+ $link .= "<img src=\"" . esc_url($feed_image) . "\" style=\"border: none;\"$alt$title" . ' />';
else
$link .= $name;
diff --git a/WebKitSite/blog/wp-includes/bookmark-template.php b/WebKitSite/blog/wp-includes/bookmark-template.php
index bb4f6ef..cf24da6 100644
--- a/WebKitSite/blog/wp-includes/bookmark-template.php
+++ b/WebKitSite/blog/wp-includes/bookmark-template.php
@@ -90,7 +90,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
$rel = $bookmark->link_rel;
if ( '' != $rel )
- $rel = ' rel="' . $rel . '"';
+ $rel = ' rel="' . esc_attr($rel) . '"';
$target = $bookmark->link_target;
if ( '' != $target )
diff --git a/WebKitSite/blog/wp-includes/capabilities.php b/WebKitSite/blog/wp-includes/capabilities.php
index cccd68d..2b4fd79 100644
--- a/WebKitSite/blog/wp-includes/capabilities.php
+++ b/WebKitSite/blog/wp-includes/capabilities.php
@@ -900,6 +900,12 @@ function map_meta_cap( $cap, $user_id ) {
else
$caps[] = 'read_private_pages';
break;
+ case 'unfiltered_upload':
+ if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true )
+ $caps[] = $cap;
+ else
+ $caps[] = 'do_not_allow';
+ break;
default:
// If no meta caps match, return the original cap.
$caps[] = $cap;
diff --git a/WebKitSite/blog/wp-includes/category-template.php b/WebKitSite/blog/wp-includes/category-template.php
index 61f2faf..52b42ba 100644
--- a/WebKitSite/blog/wp-includes/category-template.php
+++ b/WebKitSite/blog/wp-includes/category-template.php
@@ -68,7 +68,7 @@ function get_category_parents( $id, $link = false, $separator = '/', $nicename =
}
if ( $link )
- $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $parent->cat_name ) . '">'.$name.'</a>' . $separator;
+ $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->cat_name ) ) . '">'.$name.'</a>' . $separator;
else
$chain .= $name.$separator;
return $chain;
@@ -190,17 +190,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
case 'multiple':
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, true, $separator );
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a></li>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
break;
case 'single':
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, false, $separator );
$thelist .= $category->name.'</a></li>';
break;
case '':
default:
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
}
}
$thelist .= '</ul>';
@@ -213,17 +213,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
case 'multiple':
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, true, $separator );
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
break;
case 'single':
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
if ( $category->parent )
$thelist .= get_category_parents( $category->parent, false, $separator );
$thelist .= "$category->cat_name</a>";
break;
case '':
default:
- $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a>';
+ $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
}
++$i;
}
@@ -352,6 +352,8 @@ function wp_dropdown_categories( $args = '' ) {
$tab_index_attribute = " tabindex=\"$tab_index\"";
$categories = get_categories( $r );
+ $name = esc_attr($name);
+ $class = esc_attr($class);
$output = '';
if ( ! empty( $categories ) ) {
diff --git a/WebKitSite/blog/wp-includes/classes.php b/WebKitSite/blog/wp-includes/classes.php
index 29c3753..0fcb60e 100644
--- a/WebKitSite/blog/wp-includes/classes.php
+++ b/WebKitSite/blog/wp-includes/classes.php
@@ -214,9 +214,9 @@ class WP {
// Trim the query of everything up to the '?'.
$query = preg_replace("!^.+\?!", '', $query);
-
+
// Substitute the substring matches into the query.
- eval("@\$query = \"" . addslashes($query) . "\";");
+ $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
$this->matched_query = $query;
@@ -1592,4 +1592,94 @@ class WP_Ajax_Response {
}
}
+/**
+ * Helper class to remove the need to use eval to replace $matches[] in query strings.
+ *
+ * @since 2.9.0
+ */
+class WP_MatchesMapRegex {
+ /**
+ * store for matches
+ *
+ * @access private
+ * @var array
+ */
+ var $_matches;
+
+ /**
+ * store for mapping result
+ *
+ * @access public
+ * @var string
+ */
+ var $output;
+
+ /**
+ * subject to perform mapping on (query string containing $matches[] references
+ *
+ * @access private
+ * @var string
+ */
+ var $_subject;
+
+ /**
+ * regexp pattern to match $matches[] references
+ *
+ * @var string
+ */
+ var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number
+
+ /**
+ * constructor
+ *
+ * @param string $subject subject if regex
+ * @param array $matches data to use in map
+ * @return self
+ */
+ function WP_MatchesMapRegex($subject, $matches) {
+ $this->_subject = $subject;
+ $this->_matches = $matches;
+ $this->output = $this->_map();
+ }
+
+ /**
+ * Substitute substring matches in subject.
+ *
+ * static helper function to ease use
+ *
+ * @access public
+ * @param string $subject subject
+ * @param array $matches data used for subsitution
+ * @return string
+ */
+ function apply($subject, $matches) {
+ $oSelf =& new WP_MatchesMapRegex($subject, $matches);
+ return $oSelf->output;
+ }
+
+ /**
+ * do the actual mapping
+ *
+ * @access private
+ * @return string
+ */
+ function _map() {
+ $callback = array(&$this, 'callback');
+ return preg_replace_callback($this->_pattern, $callback, $this->_subject);
+ }
+
+ /**
+ * preg_replace_callback hook
+ *
+ * @access public
+ * @param array $matches preg_replace regexp matches
+ * @return string
+ */
+ function callback($matches) {
+ $index = intval(substr($matches[0], 9, -1));
+ return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' );
+ }
+
+}
+
?>
diff --git a/WebKitSite/blog/wp-includes/comment-template.php b/WebKitSite/blog/wp-includes/comment-template.php
index e87801b..a5ebcd1 100644
--- a/WebKitSite/blog/wp-includes/comment-template.php
+++ b/WebKitSite/blog/wp-includes/comment-template.php
@@ -338,6 +338,8 @@ function get_comment_class( $class = '', $comment_id = null, $post_id = null ) {
$classes = array_merge($classes, $class);
}
+ $classes = array_map('esc_attr', $classes);
+
return apply_filters('comment_class', $classes, $class, $comment_id, $post_id);
}
@@ -940,7 +942,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c
$number = get_comments_number( $id );
if ( 0 == $number && !comments_open() && !pings_open() ) {
- echo '<span' . ((!empty($css_class)) ? ' class="' . $css_class . '"' : '') . '>' . $none . '</span>';
+ echo '<span' . ((!empty($css_class)) ? ' class="' . esc_attr( $css_class ) . '"' : '') . '>' . $none . '</span>';
return;
}
@@ -972,7 +974,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c
echo apply_filters( 'comments_popup_link_attributes', '' );
- echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">';
+ echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">';
comments_number( $zero, $one, $more, $number );
echo '</a>';
}
diff --git a/WebKitSite/blog/wp-includes/formatting.php b/WebKitSite/blog/wp-includes/formatting.php
index 53cfeea..37b7522 100644
--- a/WebKitSite/blog/wp-includes/formatting.php
+++ b/WebKitSite/blog/wp-includes/formatting.php
@@ -600,7 +600,7 @@ function remove_accents($string) {
*/
function sanitize_file_name( $filename ) {
$filename_raw = $filename;
- $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
+ $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
$special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
$filename = str_replace($special_chars, '', $filename);
$filename = preg_replace('/[\s-]+/', '-', $filename);
@@ -1452,18 +1452,20 @@ function wp_iso_descrambler($string) {
* Returns a date in the GMT equivalent.
*
* Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
- * value of the 'gmt_offset' option.
+ * value of the 'gmt_offset' option. Return format can be overridden using the
+ * $format parameter
*
* @since 1.2.0
*
* @uses get_option() to retrieve the the value of 'gmt_offset'.
* @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
* @return string GMT version of the date provided.
*/
-function get_gmt_from_date($string) {
+function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
- $string_gmt = gmdate('Y-m-d H:i:s', $string_time - get_option('gmt_offset') * 3600);
+ $string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * 3600);
return $string_gmt;
}
@@ -1471,17 +1473,18 @@ function get_gmt_from_date($string) {
* Converts a GMT date into the correct format for the blog.
*
* Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
- * gmt_offset.
+ * gmt_offset.Return format can be overridden using the $format parameter
*
* @since 1.2.0
*
* @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
* @return string Formatted date relative to the GMT offset.
*/
-function get_date_from_gmt($string) {
+function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') {
preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
- $string_localtime = gmdate('Y-m-d H:i:s', $string_time + get_option('gmt_offset')*3600);
+ $string_localtime = gmdate($format, $string_time + get_option('gmt_offset')*3600);
return $string_localtime;
}
diff --git a/WebKitSite/blog/wp-includes/general-template.php b/WebKitSite/blog/wp-includes/general-template.php
index 68c73ce..ff52097 100644
--- a/WebKitSite/blog/wp-includes/general-template.php
+++ b/WebKitSite/blog/wp-includes/general-template.php
@@ -1023,7 +1023,7 @@ function get_calendar($initial = true) {
/* translators: Calendar caption: 1: month name, 2: 4-digit year */
$calendar_caption = _x('%1$s %2$s', 'calendar caption');
- echo '<table id="wp-calendar" summary="' . __('Calendar') . '">
+ echo '<table id="wp-calendar" summary="' . esc_attr__('Calendar') . '">
<caption>' . sprintf($calendar_caption, $wp_locale->get_month($thismonth), date('Y', $unixmonth)) . '</caption>
<thead>
<tr>';
@@ -1036,6 +1036,7 @@ function get_calendar($initial = true) {
foreach ( $myweek as $wd ) {
$day_name = (true == $initial) ? $wp_locale->get_weekday_initial($wd) : $wp_locale->get_weekday_abbrev($wd);
+ $wd = esc_attr($wd);
echo "\n\t\t<th abbr=\"$wd\" scope=\"col\" title=\"$wd\">$day_name</th>";
}
@@ -1058,8 +1059,8 @@ function get_calendar($initial = true) {
if ( $next ) {
echo "\n\t\t".'<td abbr="' . $wp_locale->get_month($next->month) . '" colspan="3" id="next"><a href="' .
- get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month),
- date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' »</a></td>';
+ get_month_link($next->year, $next->month) . '" title="' . esc_attr( sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month) ,
+ date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) ) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' »</a></td>';
} else {
echo "\n\t\t".'<td colspan="3" id="next" class="pad"> </td>';
}
@@ -1116,7 +1117,7 @@ function get_calendar($initial = true) {
// See how much we should pad in the beginning
$pad = calendar_week_mod(date('w', $unixmonth)-$week_begins);
if ( 0 != $pad )
- echo "\n\t\t".'<td colspan="'.$pad.'" class="pad"> </td>';
+ echo "\n\t\t".'<td colspan="'. esc_attr($pad) .'" class="pad"> </td>';
$daysinmonth = intval(date('t', $unixmonth));
for ( $day = 1; $day <= $daysinmonth; ++$day ) {
@@ -1130,7 +1131,7 @@ function get_calendar($initial = true) {
echo '<td>';
if ( in_array($day, $daywithpost) ) // any posts today?
- echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"$ak_titles_for_day[$day]\">$day</a>";
+ echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"" . esc_attr($ak_titles_for_day[$day]) . "\">$day</a>";
else
echo $day;
echo '</td>';
@@ -1141,7 +1142,7 @@ function get_calendar($initial = true) {
$pad = 7 - calendar_week_mod(date('w', mktime(0, 0 , 0, $thismonth, $day, $thisyear))-$week_begins);
if ( $pad != 0 && $pad != 7 )
- echo "\n\t\t".'<td class="pad" colspan="'.$pad.'"> </td>';
+ echo "\n\t\t".'<td class="pad" colspan="'. esc_attr($pad) .'"> </td>';
echo "\n\t</tr>\n\t</tbody>\n\t</table>";
diff --git a/WebKitSite/blog/wp-includes/media.php b/WebKitSite/blog/wp-includes/media.php
index 7f34963..22e6781 100644
--- a/WebKitSite/blog/wp-includes/media.php
+++ b/WebKitSite/blog/wp-includes/media.php
@@ -591,9 +591,9 @@ function img_caption_shortcode($attr, $content = null) {
if ( 1 > (int) $width || empty($caption) )
return $content;
- if ( $id ) $id = 'id="' . $id . '" ';
+ if ( $id ) $id = 'id="' . esc_attr($id) . '" ';
- return '<div ' . $id . 'class="wp-caption ' . $align . '" style="width: ' . (10 + (int) $width) . 'px">'
+ return '<div ' . $id . 'class="wp-caption ' . esc_attr($align) . '" style="width: ' . (10 + (int) $width) . 'px">'
. do_shortcode( $content ) . '<p class="wp-caption-text">' . $caption . '</p></div>';
}
diff --git a/WebKitSite/blog/wp-includes/post-template.php b/WebKitSite/blog/wp-includes/post-template.php
index 35a7caa..c473bdc 100644
--- a/WebKitSite/blog/wp-includes/post-template.php
+++ b/WebKitSite/blog/wp-includes/post-template.php
@@ -342,6 +342,8 @@ function get_post_class( $class = '', $post_id = null ) {
$classes = array_merge($classes, $class);
}
+ $classes = array_map('esc_attr', $classes);
+
return apply_filters('post_class', $classes, $class, $post_id);
}
@@ -478,6 +480,8 @@ function get_body_class( $class = '' ) {
$classes = array_merge($classes, $class);
}
+ $classes = array_map('esc_attr', $classes);
+
return apply_filters('body_class', $classes, $class);
}
@@ -706,6 +710,7 @@ function wp_dropdown_pages($args = '') {
$pages = get_pages($r);
$output = '';
+ $name = esc_attr($name);
if ( ! empty($pages) ) {
$output = "<select name=\"$name\" id=\"$name\">\n";
@@ -842,7 +847,7 @@ function wp_page_menu( $args = array() ) {
if ( $menu )
$menu = '<ul>' . $menu . '</ul>';
- $menu = '<div class="' . $args['menu_class'] . '">' . $menu . "</div>\n";
+ $menu = '<div class="' . esc_attr($args['menu_class']) . '">' . $menu . "</div>\n";
$menu = apply_filters( 'wp_page_menu', $menu, $args );
if ( $args['echo'] )
echo $menu;
diff --git a/WebKitSite/blog/wp-includes/rewrite.php b/WebKitSite/blog/wp-includes/rewrite.php
index 3486c4a..c04c6a7 100644
--- a/WebKitSite/blog/wp-includes/rewrite.php
+++ b/WebKitSite/blog/wp-includes/rewrite.php
@@ -299,7 +299,7 @@ function url_to_postid($url) {
$query = preg_replace("!^.+\?!", '', $query);
// Substitute the substring matches into the query.
- eval("\$query = \"" . addslashes($query) . "\";");
+ $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
// Filter out non-public query vars
global $wp;
parse_str($query, $query_vars);
diff --git a/WebKitSite/blog/wp-includes/theme.php b/WebKitSite/blog/wp-includes/theme.php
index 9d56a64..2c80053 100644
--- a/WebKitSite/blog/wp-includes/theme.php
+++ b/WebKitSite/blog/wp-includes/theme.php
@@ -875,13 +875,13 @@ function preview_theme() {
if ( validate_file($_GET['template']) )
return;
- add_filter( 'template', create_function('', "return '{$_GET['template']}';") );
+ add_filter( 'template', '_preview_theme_template_filter' );
if ( isset($_GET['stylesheet']) ) {
$_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']);
if ( validate_file($_GET['stylesheet']) )
return;
- add_filter( 'stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );
+ add_filter( 'stylesheet', '_preview_theme_stylesheet_filter' );
}
// Prevent theme mods to current theme being used on theme being previewed
@@ -892,6 +892,24 @@ function preview_theme() {
add_action('setup_theme', 'preview_theme');
/**
+ * Private function to modify the current template when previewing a theme
+ *
+ * @return string
+ */
+function _preview_theme_template_filter() {
+ return isset($_GET['template']) ? $_GET['template'] : '';
+}
+
+/**
+ * Private function to modify the current stylesheet when previewing a theme
+ *
+ * @return string
+ */
+function _preview_theme_stylesheet_filter() {
+ return isset($_GET['stylesheet']) ? $_GET['stylesheet'] : '';
+}
+
+/**
* Callback function for ob_start() to capture all links in the theme.
*
* @since unknown
diff --git a/WebKitSite/blog/wp-includes/version.php b/WebKitSite/blog/wp-includes/version.php
index 22b8636..401a3a9 100644
--- a/WebKitSite/blog/wp-includes/version.php
+++ b/WebKitSite/blog/wp-includes/version.php
@@ -8,7 +8,7 @@
*
* @global string $wp_version
*/
-$wp_version = '2.8.4';
+$wp_version = '2.8.5';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/WebKitSite/blog/wp-trackback.php b/WebKitSite/blog/wp-trackback.php
index 58886f8..2c45d47 100644
--- a/WebKitSite/blog/wp-trackback.php
+++ b/WebKitSite/blog/wp-trackback.php
@@ -50,7 +50,7 @@ $excerpt = stripslashes($_POST['excerpt']);
$blog_name = stripslashes($_POST['blog_name']);
if ($charset)
- $charset = strtoupper( trim($charset) );
+ $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
else
$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list