Permalink
Browse files

Upgrade Buddypress and CMS Tree View

Also fixes bug 833139 - re-fix XSS vulnerability after previous update
  • Loading branch information...
1 parent 673feac commit 7b761ed9f3c11ed34fc80b1e29d0c724ef0c194a @craigcook craigcook committed Jan 24, 2013
Showing with 754 additions and 477 deletions.
  1. +3 −0 plugins/buddypress/bp-core/bp-core-avatars.php
  2. +1 −0 plugins/buddypress/bp-core/bp-core-cssjs.php
  3. +1 −1 plugins/buddypress/bp-core/bp-core-functions.php
  4. +1 −1 plugins/buddypress/bp-forums/bbpress/bb-includes/functions.bb-meta.php
  5. +5 −4 plugins/buddypress/bp-forums/bbpress/bb-includes/functions.bb-posts.php
  6. +10 −2 plugins/buddypress/bp-forums/bbpress/bb-includes/functions.bb-template.php
  7. +5 −2 plugins/buddypress/bp-forums/bbpress/bb-includes/functions.bb-topic-tags.php
  8. +3 −2 plugins/buddypress/bp-forums/bbpress/bb-login.php
  9. +7 −2 plugins/buddypress/bp-forums/bbpress/bb-plugins/akismet.php
  10. +1 −1 plugins/buddypress/bp-forums/bbpress/bb-plugins/bozo.php
  11. +1 −2 plugins/buddypress/bp-forums/bbpress/rss.php
  12. +4 −2 plugins/buddypress/bp-forums/bp-forums-functions.php
  13. +4 −2 plugins/buddypress/bp-groups/bp-groups-classes.php
  14. +3 −0 plugins/buddypress/bp-groups/bp-groups-screens.php
  15. +63 −63 plugins/buddypress/bp-languages/buddypress.pot
  16. +2 −2 plugins/buddypress/bp-loader.php
  17. +19 −19 plugins/buddypress/bp-messages/js/autocomplete/license.bgiframe.txt
  18. +4 −3 plugins/buddypress/bp-themes/bp-default/_inc/ajax.php
  19. +4 −4 plugins/buddypress/bp-themes/bp-default/_inc/global.js
  20. +1 −1 plugins/buddypress/bp-themes/bp-default/functions.php
  21. +280 −280 plugins/buddypress/bp-themes/bp-default/license.txt
  22. +21 −21 plugins/buddypress/bp-themes/bp-default/readme.txt
  23. +1 −1 plugins/buddypress/bp-themes/bp-default/rtl.css
  24. +1 −1 plugins/buddypress/bp-themes/bp-default/style.css
  25. +3 −0 plugins/buddypress/bp-xprofile/bp-xprofile-screens.php
  26. +6 −3 plugins/buddypress/readme.txt
  27. +1 −1 plugins/cms-tree-page-view/functions.php
  28. +2 −2 plugins/cms-tree-page-view/index.php
  29. BIN plugins/cms-tree-page-view/languages/cms-tree-page-view-fr_FR.mo
  30. +287 −54 plugins/cms-tree-page-view/languages/cms-tree-page-view-fr_FR.po
  31. +6 −1 plugins/cms-tree-page-view/readme.txt
  32. BIN plugins/cms-tree-page-view/styles/images/switch-view-icons.png
  33. +4 −0 plugins/cms-tree-page-view/styles/styles.css
@@ -548,6 +548,9 @@ function bp_core_avatar_handle_upload( $file, $upload_dir_filter ) {
}
}
+ if ( ! isset( $bp->avatar_admin->image ) )
+ $bp->avatar_admin->image = new stdClass();
+
// We only want to handle one image after resize.
if ( empty( $bp->avatar_admin->resized ) )
$bp->avatar_admin->image->dir = str_replace( bp_core_avatar_upload_path(), '', $bp->avatar_admin->original['file'] );
@@ -28,6 +28,7 @@ function bp_core_confirmation_js() {
* @package BuddyPress Core
*/
function bp_core_add_jquery_cropper() {
+ wp_enqueue_style( 'jcrop' );
wp_enqueue_script( 'jcrop', array( 'jquery' ) );
add_action( 'wp_head', 'bp_core_add_cropper_inline_js' );
add_action( 'wp_head', 'bp_core_add_cropper_inline_css' );
@@ -309,7 +309,7 @@ function bp_core_setup_message() {
global $bp;
if ( empty( $bp->template_message ) && isset( $_COOKIE['bp-message'] ) )
- $bp->template_message = $_COOKIE['bp-message'];
+ $bp->template_message = htmlentities($_COOKIE['bp-message']);
if ( empty( $bp->template_message_type ) && isset( $_COOKIE['bp-message-type'] ) )
$bp->template_message_type = $_COOKIE['bp-message-type'];
@@ -300,7 +300,7 @@ function bb_get_option( $option )
$r = $bb_locale->text_direction;
break;
case 'version':
- return '1.1'; // Don't filter
+ return '1.2'; // Don't filter
break;
case 'bb_db_version' :
return '2471'; // Don't filter
@@ -626,14 +626,15 @@ function bb_get_recent_user_replies( $user_id ) {
* @param int $post_id ID of new post
*/
function bb_notify_subscribers( $post_id ) {
- global $bbdb, $bb_ksd_pre_post_status;
-
- if ( !empty( $bb_ksd_pre_post_status ) )
- return false;
+ global $bbdb;
if ( !$post = bb_get_post( $post_id ) )
return false;
+ // bozo or spam
+ if ( 2 == $post->post_status )
+ return false;
+
if ( !$topic = get_topic( $post->topic_id ) )
return false;
@@ -1207,7 +1207,11 @@ function topic_last_poster( $id = 0 ) {
function get_topic_last_poster( $id = 0 ) {
$topic = get_topic( get_topic_id( $id ) );
- $user_display_name = get_post_author( $topic->topic_last_post_id );
+ if ( isset( $topic->topic_last_post_id ) && ( 1 == $topic->topic_last_post_id ) ) {
+ $user_display_name = $topic->topic_poster_name;
+ } else {
+ $user_display_name = get_post_author( $topic->topic_last_post_id );
+ }
return apply_filters( 'get_topic_last_poster', $user_display_name, $topic->topic_last_poster, $topic->topic_id ); // $topic->topic_last_poster = user ID
}
@@ -1219,7 +1223,11 @@ function topic_author( $id = 0 ) {
function get_topic_author( $id = 0 ) {
$topic = get_topic( get_topic_id( $id ) );
$first_post = bb_get_first_post( $topic );
- $user_display_name = get_post_author( $first_post->post_id );
+ if ( !empty( $first_post ) ) {
+ $user_display_name = get_post_author( $first_post->post_id );
+ } else {
+ $user_display_name = $topic->topic_poster_name;
+ }
return apply_filters( 'get_topic_author', $user_display_name, $topic->topic_poster, $topic->topic_id ); // $topic->topic_poster = user ID
}
@@ -65,9 +65,12 @@ function bb_create_tag( $tag ) {
if ( list($term_id, $tt_id) = $wp_taxonomy_object->is_term( $tag, 'bb_topic_tag' ) )
return $tt_id;
- list($term_id, $tt_id) = $wp_taxonomy_object->insert_term( $tag, 'bb_topic_tag' );
+ $term = $wp_taxonomy_object->insert_term( $tag, 'bb_topic_tag' );
+ if ( is_wp_error( $term ) )
+ return false;
- if ( is_wp_error($term_id) || is_wp_error($tt_id) || !$tt_id )
+ list( $term_id, $tt_id ) = $term;
+ if ( ! $tt_id )
return false;
return $tt_id;
@@ -12,11 +12,11 @@
/** Look for redirection ******************************************************/
// Look for 'redirect_to'
-if ( isset( $_REQUEST['redirect_to'] ) )
+if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) )
$re = $_REQUEST['redirect_to'];
// Look for 're'
- if ( empty( $re ) && isset( $_REQUEST['re'] ) )
+ if ( empty( $re ) && isset( $_REQUEST['re'] ) && is_string( $_REQUEST['re'] ) )
$re = $_REQUEST['re'];
// Use referer
@@ -31,6 +31,7 @@
if ( false !== strpos( $re, $home_path . 'register.php' ) || false !== strpos( $re, $home_path . 'bb-reset-password.php' ) )
$re = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER );
+
}
/**
@@ -382,7 +382,7 @@ function bb_akismet_delete_old()
}
}
-function bb_ksd_pre_post_status( $post_status )
+function bb_ksd_pre_post_status( $post_status, $post_ID )
{
global $bb_current_user, $bb_ksd_pre_post_status, $bb_ksd_pre_post;
@@ -392,13 +392,18 @@ function bb_ksd_pre_post_status( $post_status )
}
$response = bb_ksd_submit( $bb_ksd_pre_post );
+
+ if ( isset( $response[1] ) ) {
+ bb_update_postmeta( $post_ID, 'akismet_response', $response[1] );
+ }
+
if ( 'true' == $response[1] ) {
$bb_ksd_pre_post_status = '2';
return $bb_ksd_pre_post_status;
}
return $post_status;
}
-add_filter( 'pre_post_status', 'bb_ksd_pre_post_status' );
+add_filter( 'pre_post_status', 'bb_ksd_pre_post_status', 10, 2 );
function bb_ksd_delete_post( $post_id, $new_status, $old_status )
{
@@ -350,7 +350,7 @@ function bb_bozo_user_search_role_user_ids( $role_user_ids, $roles, $args )
return array();
}
- return array_intersect( $bozo_user_ids, $role_user_ids );
+ return array_intersect( (array) $bozo_user_ids, $role_user_ids );
}
add_filter( 'bb_user_search_role_user_ids', 'bb_bozo_user_search_role_user_ids', 10, 3 );
@@ -184,7 +184,7 @@
if ( !$posts ) /* We do typecasting in the template, but all themes don't have that! */
$posts = array();
else /* Only send 304 if there are posts */
- bb_send_304( $posts[0]->post_time );
+ bb_send_304( gmdate('D, d M Y H:i:s \G\M\T', strtotime( $posts[0]->post_time ) ) );
if (!$description = bb_get_option( 'description' ) ) {
$description = $title;
@@ -196,4 +196,3 @@
bb_load_template( 'rss2.php', array('bb_db_override', 'title', 'description', 'link', 'link_self'), $feed );
-?>
@@ -352,6 +352,8 @@ function bp_forums_total_topic_count() {
* @param int $user_id The user id
*/
function bp_forums_reply_exists( $text = '', $topic_id = 0, $user_id = 0 ) {
+ global $wpdb;
+
$reply_exists = false;
if ( $text && $topic_id && $user_id ) {
@@ -363,8 +365,8 @@ function bp_forums_reply_exists( $text = '', $topic_id = 0, $user_id = 0 ) {
);
// BB_Query's post_text parameter does a MATCH, while we need exact matches
- add_filter( 'get_posts_where', create_function( '$q', 'return $q . " AND p.post_text = \'' . $text . '\'";' ) );
-
+ add_filter( 'get_posts_where', create_function( '$q', 'return $q . " AND p.post_text = \'' . $wpdb->escape( $text ) . '\'";' ) );
+
$query = new BB_Query( 'post', $args );
$reply_exists = !empty( $query->results );
@@ -1180,8 +1180,10 @@ function get_all_for_group( $group_id, $limit = false, $page = false, $exclude_a
$banned_sql = " AND is_banned = 0";
$exclude_sql = '';
- if ( !empty( $exclude ) )
+ if ( !empty( $exclude ) ) {
+ $exclude = implode( ',', wp_parse_id_list( $exclude ) );
$exclude_sql = " AND m.user_id NOT IN ({$exclude})";
+ }
if ( bp_is_active( 'xprofile' ) )
$members = $wpdb->get_results( apply_filters( 'bp_group_members_user_join_filter', $wpdb->prepare( "SELECT m.user_id, m.date_modified, m.is_banned, u.user_login, u.user_nicename, u.user_email, pd.value as display_name FROM {$bp->groups->table_name_members} m, {$wpdb->users} u, {$bp->profile->table_name_data} pd WHERE u.ID = m.user_id AND u.ID = pd.user_id AND pd.field_id = 1 AND group_id = %d AND is_confirmed = 1 {$banned_sql} {$exclude_admins_sql} {$exclude_sql} ORDER BY m.date_modified DESC {$pag_sql}", $group_id ) ) );
@@ -1394,4 +1396,4 @@ function bp_register_group_extension( $group_extension_class ) {
add_action( 'bp_init', create_function( '', '$extension = new ' . $group_extension_class . '; add_action( "bp_actions", array( &$extension, "_register" ), 8 );' ), 11 );
}
-?>
+?>
@@ -575,6 +575,9 @@ function groups_screen_group_admin_avatar() {
}
+ if ( ! isset( $bp->avatar_admin ) )
+ $bp->avatar_admin = new stdClass();
+
$bp->avatar_admin->step = 'upload-image';
if ( !empty( $_FILES ) ) {
Oops, something went wrong.

0 comments on commit 7b761ed

Please sign in to comment.