File: prepare

package info (click to toggle)
wordpress 2.0.10-1etch6
  • links: PTS
  • area: main
  • in suites: etch
  • size: 3,040 kB
  • ctags: 7,377
  • sloc: php: 26,382; sh: 4,645; makefile: 23
file content (167 lines) | stat: -rw-r--r-- 6,950 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
 
--- wordpress-2.0.10.orig/readme.html
+++ wordpress-2.0.10/readme.html
@@ -114,7 +114,7 @@
 <p>WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better&#8212;you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgable than yourself, or writing the author of a media article that overlooks us.</p>
 
 <h1>Copyright</h1>
-<p>WordPress is released under the <abbr title="GNU Public License">GPL</abbr> (see <a href="license.txt">license.txt</a>).</p>
+<p>WordPress is released under the <abbr title="GNU Public License">GPL</abbr> (see <a href="copyright">copyright</a>).</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>
--- wordpress-2.0.10.orig/wp-admin/install.php
+++ wordpress-2.0.10/wp-admin/install.php
@@ -147,13 +147,7 @@
 
 // Now drop in some default links
 $wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".$wpdb->escape(__('Blogroll'))."')");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://blogs.linux.ie/xeer/', 'Donncha', 1, 'http://blogs.linux.ie/xeer/feed/', '');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://zengun.org/weblog/', 'Michel', 1, 'http://zengun.org/weblog/feed/', '');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://boren.nu/', 'Ryan', 1, 'http://boren.nu/feed/', '');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://photomatt.net/', 'Matt', 1, 'http://xml.photomatt.net/feed/', '');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://zed1.com/journalized/', 'Mike', 1, 'http://zed1.com/journalized/feed/', '');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://www.alexking.org/', 'Alex', 1, 'http://www.alexking.org/blog/wp-rss2.php', '');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://dougal.gunters.org/', 'Dougal', 1, 'http://dougal.gunters.org/feed/', '');");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.debian.org/', 'Planet Debian', 1, 'http://planet.debian.org/rss20.xml', '');");
 
 // Default category
 $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_count, category_description) VALUES ('0', '".$wpdb->escape(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."', '1', '')");
--- wordpress-2.0.10.orig/wp-admin/upgrade-schema.php
+++ wordpress-2.0.10/wp-admin/upgrade-schema.php
@@ -219,7 +219,7 @@
 	add_option('use_trackback', 0);
 	// 2.0
 	add_option('default_role', 'subscriber');
-	add_option('rich_editing', 'true');
+	add_option('rich_editing', '0');
 	add_option('db_version', $wp_db_version);
 	// 2.0.1
 	if ( ini_get('safe_mode') ) {
--- wordpress-2.0.10.orig/wp-admin/link-import.php
+++ wordpress-2.0.10/wp-admin/link-import.php
@@ -74,10 +74,9 @@
 
      <h2><?php _e('Importing...') ?></h2>
 <?php
-                $cat_id = $_POST['cat_id'];
-                if (($cat_id == '') || ($cat_id == 0)) {
-                    $cat_id  = 1;
-                }
+				$cat_id = abs( (int) $_POST['cat_id'] );
+				if ( $cat_id < 1 )
+					$cat_id  = 1;
 
                 $opml_url = $_POST['opml_url'];
                 if (isset($opml_url) && $opml_url != '' && $opml_url != 'http://') {
--- wordpress-2.0.10.orig/wp-includes/vars.php
+++ wordpress-2.0.10/wp-includes/vars.php
@@ -1,15 +1,24 @@
 <?php
 
 // On which page are we ?
-if (preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches)) {
+if ( is_admin() ) {
+	// wp-admin pages are checked more carefully
+	preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches);
 	$pagenow = $self_matches[1];
-} else if (strstr($PHP_SELF, '?')) {
-	$pagenow = explode('/', $PHP_SELF);
-	$pagenow = trim($pagenow[(sizeof($pagenow)-1)]);
-	$pagenow = explode('?', $pagenow);
-	$pagenow = $pagenow[0];
+	$pagenow = preg_replace('#\?.*?$#', '', $pagenow);
+	if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) {
+		$pagenow = 'index.php';
+	} else {
+		preg_match('#(.*?)(/|$)#', $pagenow, $self_matches);
+		$pagenow = strtolower($self_matches[1]);
+		if ( '.php' !== substr($pagenow, -4, 4) )
+			$pagenow .= '.php'; // for Options +Multiviews: /wp-admin/themes/index.php (themes.php is queried)
+	}
 } else {
-	$pagenow = 'index.php';
+	if ( preg_match('#([^/]+\.php)([?/].*?)?$#i', $PHP_SELF, $self_matches) )
+		$pagenow = strtolower($self_matches[1]);
+	else
+		$pagenow = 'index.php';
 }
 
 // Simple browser detection
--- wordpress-2.0.10.orig/wp-includes/pluggable-functions.php
+++ wordpress-2.0.10/wp-includes/pluggable-functions.php
@@ -120,6 +120,8 @@
 	if ( $userdata )
 		return $userdata;
 
+	$user_login = $wpdb->escape($user_login);
+
 	if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'") )
 		return false;
 
@@ -259,8 +261,18 @@
 
 	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
 
+	// remove %0d and %0a from location
 	$strip = array('%0d', '%0a');
-	$location = str_replace($strip, '', $location);
+	$found = true;
+	while($found) {
+		$found = false;
+		foreach($strip as $val) {
+			while(strpos($location, $val) !== false) {
+				$found = true;
+				$location = str_replace($val, '', $location);
+			}
+		}
+	}
 
 	if ( $is_IIS ) {
 		header("Refresh: 0;url=$location");
--- wordpress-2.0.10.orig/wp-includes/functions.php
+++ wordpress-2.0.10/wp-includes/functions.php
@@ -299,6 +299,7 @@
 
 /* Options functions */
 
+// expects $setting to already be SQL-escaped
 function get_settings($setting) {
 	global $wpdb;
 
@@ -376,14 +377,17 @@
 	return apply_filters('all_options', $all_options);
 }
 
+// expects $option_name to NOT be SQL-escaped
 function update_option($option_name, $newvalue) {
 	global $wpdb;
 
+	$safe_option_name = $wpdb->escape($option_name);
+
 	if ( is_string($newvalue) )
 		$newvalue = trim($newvalue);
 
 	// If the new and old values are the same, no need to update.
-	$oldvalue = get_option($option_name);
+	$oldvalue = get_option($safe_option_name);
 	if ( $newvalue == $oldvalue ) {
 		return false;
 	}
@@ -416,11 +420,14 @@
 }
 
 // thx Alex Stapleton, http://alex.vort-x.net/blog/
+// expects $name to NOT be SQL-escaped
 function add_option($name, $value = '', $description = '', $autoload = 'yes') {
 	global $wpdb;
 
+	$safe_name = $wpdb->escape($name);
+
 	// Make sure the option doesn't already exist
-	if ( false !== get_option($name) )
+	if ( false !== get_option($safe_name) )
 		return;
 
 	$value = maybe_serialize($value);