Import wordpress 3.0.5

readme.html

@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
-	<br /> Version 3.0.4
+	<br /> Version 3.0.5
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
@@ -102,7 +102,7 @@
 <p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&#233;log</a>, which came from Michel V. The work has been continued by the <a href="http://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="http://wordpress.org/donate/" title="Donate to WordPress">donating</a>.</p>
 
 <h1>Copyright</h1>
-<p>WordPress is released under the <abbr title="GNU Public License">GPL</abbr> (see <a href="license.txt">license.txt</a>).</p>
+<p>WordPress is free software, and is released under the terms of the <abbr title="GNU General Public License">GPL</abbr> version 2 or (at your option) any later version. See <a href="license.txt">license.txt</a>.</p>
 
 
 </body>

wp-admin/async-upload.php

@@ -30,6 +30,13 @@ if ( !current_user_can('upload_files') )
 
 // just fetch the detail form for that attachment
 if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
+	$post = get_post( $id );
+	if ( 'attachment' != $post->post_type )
+		wp_die( __( 'Unknown post type.' ) );
+	$post_type_object = get_post_type_object( 'attachment' );
+	if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) )
+		wp_die( __( 'You are not allowed to edit this item.' ) );
+
 	if ( 2 == $_REQUEST['fetch'] ) {
 		add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);
 		echo get_media_item($id, array( 'send' => false, 'delete' => true ));

wp-admin/includes/post.php

@@ -689,6 +689,8 @@ function get_post_meta_by_id( $mid ) {
 	$mid = (int) $mid;
 
 	$meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
+	if ( empty($meta) )
+		return false;
 	if ( is_serialized_string( $meta->meta_value ) )
 		$meta->meta_value = maybe_unserialize( $meta->meta_value );
 	return $meta;

wp-admin/includes/template.php

@@ -1185,16 +1185,16 @@ function get_inline_data($post) {
 	if ( ! current_user_can($post_type_object->cap->edit_post, $post->ID) )
 		return;
 
-	$title = esc_attr( get_the_title( $post->ID ) );
+	$title = htmlspecialchars( trim( $post->post_title ), ENT_QUOTES );
 
 	echo '
 <div class="hidden" id="inline_' . $post->ID . '">
 	<div class="post_title">' . $title . '</div>
 	<div class="post_name">' . apply_filters('editable_slug', $post->post_name) . '</div>
 	<div class="post_author">' . $post->post_author . '</div>
-	<div class="comment_status">' . $post->comment_status . '</div>
-	<div class="ping_status">' . $post->ping_status . '</div>
-	<div class="_status">' . $post->post_status . '</div>
+	<div class="comment_status">' . esc_html( $post->comment_status ) . '</div>
+	<div class="ping_status">' . esc_html( $post->ping_status ) . '</div>
+	<div class="_status">' . esc_html( $post->post_status ) . '</div>
 	<div class="jj">' . mysql2date( 'd', $post->post_date, false ) . '</div>
 	<div class="mm">' . mysql2date( 'm', $post->post_date, false ) . '</div>
 	<div class="aa">' . mysql2date( 'Y', $post->post_date, false ) . '</div>

wp-admin/includes/update-core.php

@@ -274,7 +274,7 @@ function update_core($from, $to) {
 	$mysql_version  = $wpdb->db_version();
 	$required_php_version = '4.3';
 	$required_mysql_version = '4.1.2';
-	$wp_version = '3.0.4';
+	$wp_version = '3.0.5';
 	$php_compat     = version_compare( $php_version, $required_php_version, '>=' );
 	$mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 

wp-admin/js/post.dev.js

@@ -36,30 +36,39 @@ tagBox = {
 	},
 
 	quickClicks : function(el) {
-		var thetags = $('.the-tags', el), tagchecklist = $('.tagchecklist', el), current_tags;
+		var thetags = $('.the-tags', el),
+			tagchecklist = $('.tagchecklist', el),
+			id = $(el).attr('id'),
+			current_tags, disabled;
 
 		if ( !thetags.length )
 			return;
 
-		var disabled = thetags.attr('disabled');
+		disabled = thetags.attr('disabled');
 
 		current_tags = thetags.val().split(',');
 		tagchecklist.empty();
 
 		$.each( current_tags, function( key, val ) {
-			var txt, button_id, id = $(el).attr('id');
+			var span, xbutton;
 
-			val = $.trim(val);
-			if ( !val.match(/^\s+$/) && '' != val ) {
-				button_id = id + '-check-num-' + key;
-				if ( disabled )
-		 			txt = '<span>' + val + '</span> ';
-				else
-		 			txt = '<span><a id="' + button_id + '" class="ntdelbutton">X</a>&nbsp;' + val + '</span> ';
-	 			tagchecklist.append(txt);
-				if ( ! disabled )
-		 			$( '#' + button_id ).click( function(){ tagBox.parseTags(this); });
+			val = $.trim( val );
+
+			if ( ! val )
+				return;
+
+			// Create a new span, and ensure the text is properly escaped.
+			span = $('<span />').text( val );
+
+			// If tags editing isn't disabled, create the X button.
+			if ( ! disabled ) {
+				xbutton = $( '<a id="' + id + '-check-num-' + key + '" class="ntdelbutton">X</a>' );
+				xbutton.click( function(){ tagBox.parseTags(this); });
+				span.prepend('&nbsp;').prepend( xbutton );
 			}
+
+			// Append the span to the tag list.
+			tagchecklist.append( span );
 		});
 	},
 

wp-content/plugins/akismet/readme.txt

 === Akismet ===
-Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, automattic
+Contributors: matt, ryan, andy, mdawaffe, tellyworth, automattic
 Tags: akismet, comments, spam
-Requires at least: 3.0
-Tested up to: 3.1
-Stable tag: 2.5.1
+Requires at least: 2.0
+Tested up to: 3.0
+Stable tag: 2.4.0
 License: GPLv2
 
 Akismet checks your comments against the Akismet web service to see if they look like spam or not.
@@ -13,15 +13,11 @@ Akismet checks your comments against the Akismet web service to see if they look
 Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you
 review the spam it catches under your blog's "Comments" admin screen.
 
-Major new features in Akismet 2.5 include:
+Want to show off how much spam Akismet has caught for you? Just put `<?php akismet_counter(); ?>` in your template.
 
-* A comment status history, so you can easily see which comments were caught or cleared by Akismet, and which were spammed or unspammed by a moderator
-* Links are highlighted in the comment body, to reveal hidden or misleading links
-* If your web host is unable to reach Akismet's servers, the plugin will automatically retry when your connection is back up
-* Moderators can see the number of approved comments for each user
-* Spam and Unspam reports now include more information, to help improve accuracy
+See also: [WP Stats plugin](http://wordpress.org/extend/plugins/stats/).
 
-PS: You'll need an [Akismet.com API key](http://akismet.com/get/) to use it.  Keys are free for personal blogs, with paid subscriptions available for businesses and commercial sites.
+PS: You'll need an [Akismet.com API key](http://akismet.com/get/) to use it.
 
 == Installation ==
 
@@ -31,39 +27,6 @@ Upload the Akismet plugin to your blog, Activate it, then enter your [Akismet.co
 
 == Changelog ==
 
-= 2.5.1 =
-
-* Fix a bug that caused the "Auto delete" option to fail to discard comments correctly
-* Remove the comment nonce form field from the 'Akismet Configuration' page in favor of using a filter, akismet_comment_nonce
-* Fixed padding bug in "author" column of posts screen
-* Added margin-top to "cleared by ..." badges on dashboard
-* Fix possible error when calling akismet_cron_recheck()
-* Fix more PHP warnings
-* Clean up XHTML warnings for comment nonce
-* Fix for possible condition where scheduled comment re-checks could get stuck
-* Clean up the comment meta details after deleting a comment
-* Only show the status badge if the comment status has been changed by someone/something other than Akismet
-* Show a 'History' link in the row-actions
-* Translation fixes
-* Reduced font-size on author name
-* Moved "flagged by..." notification to top right corner of comment container and removed heavy styling
-* Hid "flagged by..." notification while on dashboard
-
-= 2.5.0 =
-
-* Track comment actions under 'Akismet Status' on the edit comment screen
-* Fix a few remaining deprecated function calls ( props Mike Glendinning ) 
-* Use HTTPS for the stats IFRAME when wp-admin is using HTTPS
-* Use the WordPress HTTP class if available
-* Move the admin UI code to a separate file, only loaded when needed
-* Add cron retry feature, to replace the old connectivity check
-* Display Akismet status badge beside each comment
-* Record history for each comment, and display it on the edit page
-* Record the complete comment as originally submitted in comment_meta, to use when reporting spam and ham
-* Highlight links in comment content
-* New option, "Show the number of comments you've approved beside each comment author."
-* New option, "Use a nonce on the comment form."
-
 = 2.4.0 =
 
 * Spell out that the license is GPLv2

wp-includes/default-filters.php

@@ -31,8 +31,8 @@ foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes
 	add_filter( $filter, 'wp_filter_kses' );
 }
 
-// Kses only for textarea saves displays
-foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
+// Kses only for textarea admin displays
+foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
 	add_filter( $filter, 'wp_kses_data' );
 }
 
@@ -73,6 +73,9 @@ foreach ( array( 'pre_term_slug' ) as $filter ) {
 foreach ( array( 'pre_post_type' ) as $filter ) {
 	add_filter( $filter, 'sanitize_user' );
 }
+foreach ( array( 'pre_post_status', 'pre_post_comment_status', 'pre_post_ping_status' ) as $filter ) {
+	add_filter( $filter, 'sanitize_key' );
+}
 
 // Places to balance tags on input
 foreach ( array( 'content_save_pre', 'excerpt_save_pre', 'comment_save_pre', 'pre_comment_content' ) as $filter ) {

wp-includes/kses.php

 <?php
 /**
- * HTML/XHTML filter that only allows some elements and attributes
+ * kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
+ * Copyright (C) 2002, 2003, 2005  Ulf Harnhammar
+ *
+ * This program is free software and open source software; you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA  or visit
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * [kses strips evil scripts!]
  *
  * Added wp_ prefix to avoid conflicts with existing kses users
  *
  * @version 0.2.2
  * @copyright (C) 2002, 2003, 2005
- * @author Ulf Harnhammar <metaur@users.sourceforge.net>
+ * @author Ulf Harnhammar <http://advogato.org/person/metaur/>
  *
  * @package External
  * @subpackage KSES
- *
- * @internal
- * *** CONTACT INFORMATION ***
- * E-mail:      metaur at users dot sourceforge dot net
- * Web page:    http://sourceforge.net/projects/kses
- * Paper mail:  Ulf Harnhammar
- *              Ymergatan 17 C
- *              753 25  Uppsala
- *              SWEDEN
- *
- * [kses strips evil scripts!]
  */
 
 /**

wp-includes/pluggable.php

@@ -825,7 +825,7 @@ function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
 	$adminurl = strtolower(admin_url());
 	$referer = strtolower(wp_get_referer());
 	$result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
-	if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) {
+	if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {
 		wp_nonce_ays($action);
 		die();
 	}

wp-includes/script-loader.php

@@ -275,7 +275,7 @@ function wp_default_scripts( &$scripts ) {
 		$scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array('jquery-ui-sortable'), '20091012' );
 		$scripts->add_data( 'postbox', 'group', 1 );
 
-		$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array('suggest', 'wp-lists', 'postbox'), '20100526' );
+		$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array('suggest', 'wp-lists', 'postbox'), '20110203' );
 		$scripts->add_data( 'post', 'group', 1 );
 		$scripts->localize( 'post', 'postL10n', array(
 			'tagsUsed' =>  __('Tags used on this post:'),

wp-includes/version.php

 <?php
-/**
- * This holds the version number in a separate file so we can bump it without cluttering the SVN
- */
+/*
+WordPress - Web publishing software
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+*/
 
 /**
  * The WordPress version string
  *
  * @global string $wp_version
  */
-$wp_version = '3.0.4';
+$wp_version = '3.0.5';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.