diff -U3 -r 2.0.1/wp-admin/admin-functions.php 2.0/wp-admin/admin-functions.php --- 2.0.1/wp-admin/admin-functions.php 2006-01-30 22:03:06.000000000 +0000 +++ 2.0/wp-admin/admin-functions.php 2006-03-02 02:49:06.000000000 +0000 @@ -43,6 +43,12 @@ if ('static' == $_POST['post_status'] && !current_user_can('edit_pages')) die(__('This user cannot edit pages.')); + if (!isset ($_POST['comment_status'])) + $_POST['comment_status'] = 'closed'; + + if (!isset ($_POST['ping_status'])) + $_POST['ping_status'] = 'closed'; + if (!empty ($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; @@ -84,12 +90,12 @@ function fix_attachment_links($post_ID) { global $wp_rewrite; - $post = & get_post($post_ID); + $post = & get_post($post_ID, ARRAY_A); $search = "#]+rel=('|\")[^'\"]*attachment[^>]*>#ie"; // See if we have any rel="attachment" links - if ( 0 == preg_match_all($search, $post->post_content, $anchor_matches, PREG_PATTERN_ORDER) ) + if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) ) return; $i = 0; @@ -101,9 +107,11 @@ $id = $id_matches[2]; // While we have the attachment ID, let's adopt any orphans. - $attachment = & get_post($id); - if ( ! is_object(get_post($attachment->post_parent)) ) { - $attachment->post_parent = $post_ID; + $attachment = & get_post($id, ARRAY_A); + if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) { + $attachment['post_parent'] = $post_ID; + // Escape data pulled from DB. + $attachment = add_magic_quotes($attachment); wp_update_post($attachment); } @@ -112,7 +120,10 @@ ++$i; } - $post->post_content = str_replace($post_search, $post_replace, $post->post_content); + $post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']); + + // Escape data pulled from DB. + $post = add_magic_quotes($post); return wp_update_post($post); } @@ -582,7 +593,6 @@ foreach ($categories as $category) { if ($category->category_parent == $parent) { $category->cat_name = wp_specialchars($category->cat_name); - $count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID"); $pad = str_repeat('— ', $level); if ( current_user_can('manage_categories') ) { $edit = "".__('Edit').""; @@ -599,7 +609,7 @@ $class = ('alternate' == $class) ? '' : 'alternate'; echo "$category->cat_ID$pad $category->cat_name $category->category_description - $count + $category->category_count $edit "; cat_rows($category->cat_ID, $level +1, $categories); diff -U3 -r 2.0.1/wp-admin/admin-header.php 2.0/wp-admin/admin-header.php --- 2.0.1/wp-admin/admin-header.php 2006-01-13 22:09:57.000000000 +0000 +++ 2.0/wp-admin/admin-header.php 2006-02-19 10:52:03.000000000 +0000 @@ -3,7 +3,8 @@ if (!isset($_GET["page"])) require_once('admin.php'); if ( $editing ) { $dbx_js = true; - $cat_js = true; + if ( current_user_can('manage_categories') ) + $cat_js = true; } if ( $list_js || $cat_js ) $sack_js = true; diff -U3 -r 2.0.1/wp-admin/admin.php 2.0/wp-admin/admin.php --- 2.0.1/wp-admin/admin.php 2006-01-10 05:16:17.000000000 +0000 +++ 2.0/wp-admin/admin.php 2006-03-04 21:09:24.000000000 +0000 @@ -61,7 +61,7 @@ } if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page")) - die(sprintf(__('Cannot load %s.'), $plugin_page)); + die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page))); if (! isset($_GET['noheader'])) require_once(ABSPATH . '/wp-admin/admin-header.php'); diff -U3 -r 2.0.1/wp-admin/edit-pages.php 2.0/wp-admin/edit-pages.php --- 2.0.1/wp-admin/edit-pages.php 2006-01-10 05:16:17.000000000 +0000 +++ 2.0/wp-admin/edit-pages.php 2006-02-19 11:22:28.000000000 +0000 @@ -43,7 +43,7 @@ if ( isset($_GET['s']) ) { foreach ( $posts as $post ) : $class = ('alternate' != $class) ? 'alternate' : ''; ?> - + ID; ?> @@ -51,8 +51,8 @@ post_modified); ?> - " . __('Edit') . ""; } ?> - " . __('Delete') . ""; } ?> + ID' class='edit'>" . __('Edit') . ""; } ?> + ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . ""; } ?> import = get_settings('import-blogger'); if ( false === $this->import ) { diff -U3 -r 2.0.1/wp-admin/list-manipulation.php 2.0/wp-admin/list-manipulation.php --- 2.0.1/wp-admin/list-manipulation.php 2005-12-29 21:16:53.000000000 +0000 +++ 2.0/wp-admin/list-manipulation.php 2006-03-06 18:49:49.000000000 +0000 @@ -23,7 +23,7 @@ if ( !current_user_can('manage_links') ) die ('-1'); - if ( $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$id'") ) + if ( wp_delete_link($id) ) die('1'); else die('0'); break; diff -U3 -r 2.0.1/wp-admin/menu-header.php 2.0/wp-admin/menu-header.php --- 2.0.1/wp-admin/menu-header.php 2005-09-06 00:33:10.000000000 +0100 +++ 2.0/wp-admin/menu-header.php 2006-03-02 03:08:56.000000000 +0000 @@ -52,4 +52,10 @@ ?> - \ No newline at end of file + \ No newline at end of file diff -U3 -r 2.0.1/wp-admin/post.php 2.0/wp-admin/post.php --- 2.0.1/wp-admin/post.php 2006-01-23 23:39:56.000000000 +0000 +++ 2.0/wp-admin/post.php 2006-03-06 08:32:03.000000000 +0000 @@ -30,7 +30,8 @@ switch($action) { case 'post': - + check_admin_referer(); + $post_ID = write_post(); // Redirect. @@ -86,6 +87,8 @@ break; case 'editattachment': + check_admin_referer(); + $post_id = (int) $_POST['post_ID']; // Don't let these be changed @@ -102,6 +105,8 @@ add_post_meta($post_id, '_wp_attachment_metadata', $newmeta); case 'editpost': + check_admin_referer(); + $post_ID = edit_post(); if ($_POST['save']) { diff -U3 -r 2.0.1/wp-admin/user-edit.php 2.0/wp-admin/user-edit.php --- 2.0.1/wp-admin/user-edit.php 2005-12-05 03:11:55.000000000 +0000 +++ 2.0/wp-admin/user-edit.php 2006-03-05 22:48:30.000000000 +0000 @@ -32,6 +32,8 @@ case 'update': +check_admin_referer(); + $errors = array(); if (!current_user_can('edit_users')) diff -U3 -r 2.0.1/wp-comments-post.php 2.0/wp-comments-post.php --- 2.0.1/wp-comments-post.php 2005-11-05 22:08:56.000000000 +0000 +++ 2.0/wp-comments-post.php 2006-03-01 21:17:34.000000000 +0000 @@ -48,16 +48,17 @@ $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID'); -wp_new_comment( $commentdata ); +$comment_id = wp_new_comment( $commentdata ); if ( !$user_ID ) : - setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); - setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); - setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); + $comment = get_comment($comment_id); + setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); + setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); + setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); endif; $location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; wp_redirect( $location ); -?> \ No newline at end of file +?> diff -U3 -r 2.0.1/wp-includes/classes.php 2.0/wp-includes/classes.php --- 2.0.1/wp-includes/classes.php 2006-01-25 03:59:41.000000000 +0000 +++ 2.0/wp-includes/classes.php 2006-03-03 02:18:55.000000000 +0000 @@ -654,7 +654,7 @@ $this->posts = $wpdb->get_results($this->request); // Check post status to determine if post should be displayed. - if ($this->is_single) { + if ( !empty($this->posts) && $this->is_single ) { $status = get_post_status($this->posts[0]); if ( ('publish' != $status) && ('static' != $status) ) { if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) { @@ -1321,7 +1321,7 @@ $root_rewrite = apply_filters('root_rewrite_rules', $root_rewrite); // Comments - $comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true); + $comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true, false); $comments_rewrite = apply_filters('comments_rewrite_rules', $comments_rewrite); // Search diff -U3 -r 2.0.1/wp-includes/comment-functions.php 2.0/wp-includes/comment-functions.php --- 2.0.1/wp-includes/comment-functions.php 2006-01-16 20:03:56.000000000 +0000 +++ 2.0/wp-includes/comment-functions.php 2006-03-01 21:17:34.000000000 +0000 @@ -7,9 +7,25 @@ if ( is_single() || is_page() || $withcomments ) : $req = get_settings('require_name_email'); - $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : ''; - $comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : ''; - $comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : ''; + $comment_author = ''; + if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { + $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); + $comment_author = stripslashes($comment_author); + $comment_author = wp_specialchars($comment_author, true); + } + $comment_author_email = ''; + if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { + $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); + $comment_author_email = stripslashes($comment_author_email); + $comment_author_email = wp_specialchars($comment_author_email, true); + } + $comment_author_url = ''; + if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { + $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); + $comment_author_url = stripslashes($comment_author_url); + $comment_author_url = wp_specialchars($comment_author_url, true); + } + if ( empty($comment_author) ) { $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date"); } else { diff -U3 -r 2.0.1/wp-includes/functions.php 2.0/wp-includes/functions.php --- 2.0.1/wp-includes/functions.php 2006-01-29 19:48:09.000000000 +0000 +++ 2.0/wp-includes/functions.php 2006-03-04 22:42:01.000000000 +0000 @@ -71,10 +71,10 @@ $dateweekday = $weekday[date('w', $i)]; $dateweekday_abbrev = $weekday_abbrev[$dateweekday]; $dateformatstring = ' '.$dateformatstring; - $dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring); - $dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring); - $dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring); - $dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring); + $dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring); $dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1); } $j = @date($dateformatstring, $i); diff -U3 -r 2.0.1/wp-includes/js/tinymce/langs/en.js 2.0/wp-includes/js/tinymce/langs/en.js --- 2.0.1/wp-includes/js/tinymce/langs/en.js 2005-11-19 19:15:11.000000000 +0000 +++ 2.0/wp-includes/js/tinymce/langs/en.js 2006-03-04 23:01:33.000000000 +0000 @@ -1,22 +1,30 @@ // UK lang variables -tinyMCELang['lang_bold_desc'] = 'Bold (Alt+b)'; -tinyMCELang['lang_italic_desc'] = 'Italic (Alt+i)'; +if (navigator.userAgent.indexOf('Mac OS') != -1) { +// Mac OS browsers use Ctrl to hit accesskeys + var metaKey = 'Ctrl'; +} +else { + var metaKey = 'Alt'; +} + +tinyMCELang['lang_bold_desc'] = 'Bold (' + metaKey + '+b)'; +tinyMCELang['lang_italic_desc'] = 'Italic (' + metaKey + '+i)'; tinyMCELang['lang_underline_desc'] = 'Underline'; -tinyMCELang['lang_striketrough_desc'] = 'Striketrough (Alt-d)'; -tinyMCELang['lang_justifyleft_desc'] = 'Align left (Alt-f)'; -tinyMCELang['lang_justifycenter_desc'] = 'Align center (Alt-c)'; -tinyMCELang['lang_justifyright_desc'] = 'Align right (Alt-r)'; +tinyMCELang['lang_striketrough_desc'] = 'Striketrough (' + metaKey + '-d)'; +tinyMCELang['lang_justifyleft_desc'] = 'Align left (' + metaKey + '-f)'; +tinyMCELang['lang_justifycenter_desc'] = 'Align center (' + metaKey + '-c)'; +tinyMCELang['lang_justifyright_desc'] = 'Align right (' + metaKey + '-r)'; tinyMCELang['lang_justifyfull_desc'] = 'Align full'; -tinyMCELang['lang_bullist_desc'] = 'Unordered list (Alt-l)'; -tinyMCELang['lang_numlist_desc'] = 'Ordered list (Alt-o)'; -tinyMCELang['lang_outdent_desc'] = 'Outdent (Alt-w)'; -tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (Alt-q)'; -tinyMCELang['lang_undo_desc'] = 'Undo (Alt-u)'; -tinyMCELang['lang_redo_desc'] = 'Redo (Alt-y)'; -tinyMCELang['lang_link_desc'] = 'Insert/edit link (Alt-a)'; -tinyMCELang['lang_unlink_desc'] = 'Unlink (Alt-s)'; -tinyMCELang['lang_image_desc'] = 'Insert/edit image (Alt-m)'; +tinyMCELang['lang_bullist_desc'] = 'Unordered list (' + metaKey + '-l)'; +tinyMCELang['lang_numlist_desc'] = 'Ordered list (' + metaKey + '-o)'; +tinyMCELang['lang_outdent_desc'] = 'Outdent (' + metaKey + '-w)'; +tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (' + metaKey + '-q)'; +tinyMCELang['lang_undo_desc'] = 'Undo (' + metaKey + '-u)'; +tinyMCELang['lang_redo_desc'] = 'Redo (' + metaKey + '-y)'; +tinyMCELang['lang_link_desc'] = 'Insert/edit link (' + metaKey + '-a)'; +tinyMCELang['lang_unlink_desc'] = 'Unlink (' + metaKey + '-s)'; +tinyMCELang['lang_image_desc'] = 'Insert/edit image (' + metaKey + '-m)'; tinyMCELang['lang_cleanup_desc'] = 'Cleanup messy code'; tinyMCELang['lang_focus_alert'] = 'A editor instance must be focused before using this command.'; tinyMCELang['lang_edit_confirm'] = 'Do you want to use the WYSIWYG mode for this textarea?'; diff -U3 -r 2.0.1/wp-includes/js/tinymce/plugins/wordpress/langs/en.js 2.0/wp-includes/js/tinymce/plugins/wordpress/langs/en.js --- 2.0.1/wp-includes/js/tinymce/plugins/wordpress/langs/en.js 2005-11-19 19:15:11.000000000 +0000 +++ 2.0/wp-includes/js/tinymce/plugins/wordpress/langs/en.js 2006-03-04 23:01:33.000000000 +0000 @@ -1,7 +1,15 @@ // EN lang variables +if (navigator.userAgent.indexOf('Mac OS') != -1) { +// Mac OS browsers use Ctrl to hit accesskeys + var metaKey = 'Ctrl'; +} +else { + var metaKey = 'Alt'; +} + tinyMCE.addToLang('',{ -wordpress_more_button : 'Split post with More tag (Alt-t)', +wordpress_more_button : 'Split post with More tag (' + metaKey + '-t)', wordpress_page_button : 'Split post with Page tag', wordpress_more_alt : 'More...', wordpress_page_alt : '...page...' diff -U3 -r 2.0.1/wp-includes/js/tinymce/tiny_mce_gzip.php 2.0/wp-includes/js/tinymce/tiny_mce_gzip.php --- 2.0.1/wp-includes/js/tinymce/tiny_mce_gzip.php 2005-12-16 08:04:55.000000000 +0000 +++ 2.0/wp-includes/js/tinymce/tiny_mce_gzip.php 2006-03-06 22:52:15.000000000 +0000 @@ -76,15 +76,32 @@ // Load theme, language pack and theme language packs $theme = apply_filters('mce_theme', 'advanced'); + echo wp_compact_tinymce_js(file_get_contents(realpath("themes/" . $theme . "/editor_template.js"))); - echo wp_translate_tinymce_lang(file_get_contents(realpath("themes/" . $theme . "/langs/en.js"))); - echo wp_translate_tinymce_lang(file_get_contents(realpath("langs/en.js"))); + + // Get the WordPress locale + $locale = get_locale(); + + $themeLanguageFile = realpath("themes/" . $theme . "/langs/" . $locale . ".js"); + + if (!file_exists($themeLanguageFile)) + $themeLanguageFile = realpath("themes/" . $theme . "/langs/en.js"); + echo wp_translate_tinymce_lang(file_get_contents($themeLanguageFile)); + + $tinymceLanguageFile = realpath("langs/" . $locale . ".js"); + + if (!file_exists($tinymceLanguageFile)) + $tinymceLanguageFile = realpath("langs/en.js"); + echo wp_translate_tinymce_lang(file_get_contents($tinymceLanguageFile)); // Load all plugins and their language packs - $plugins = apply_filters('mce_plugins', array('wordpress', 'autosave', 'wphelp')); + $plugins = apply_filters('mce_plugins', array('wordpress', 'autosave','wphelp')); + foreach ($plugins as $plugin) { $pluginFile = realpath("plugins/" . $plugin . "/editor_plugin.js"); - $languageFile = realpath("plugins/" . $plugin . "/langs/en.js"); + $languageFile = realpath("plugins/" . $plugin . "/langs/" . $locale . ".js"); + if (!file_exists($languageFile)) + $languageFile = realpath("plugins/" . $plugin . "/langs/en.js"); if ($pluginFile) echo file_get_contents($pluginFile); @@ -105,7 +122,7 @@ . 'title[dir", valid_elements : "", plugins : "" diff -U3 -r 2.0.1/wp-includes/template-functions-general.php 2.0/wp-includes/template-functions-general.php --- 2.0.1/wp-includes/template-functions-general.php 2006-01-29 00:15:57.000000000 +0000 +++ 2.0/wp-includes/template-functions-general.php 2006-02-19 11:25:30.000000000 +0000 @@ -482,7 +482,8 @@ if ( $previous ) { echo "\n\t\t".'« ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . ''; + get_month_link($previous->year, $previous->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($previous->month, 2)], + date('Y', mktime(0, 0 , 0, $previous->month, 1, $previous->year))) . '">« ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . ''; } else { echo "\n\t\t".' '; } @@ -491,8 +492,8 @@ if ( $next ) { echo "\n\t\t".'' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' »'; + get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($next->month, 2)], + date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' »'; } else { echo "\n\t\t".' '; } diff -U3 -r 2.0.1/wp-includes/template-functions-links.php 2.0/wp-includes/template-functions-links.php --- 2.0.1/wp-includes/template-functions-links.php 2006-01-15 23:42:10.000000000 +0000 +++ 2.0/wp-includes/template-functions-links.php 2006-02-19 10:47:51.000000000 +0000 @@ -205,13 +205,10 @@ } function edit_post_link($link = 'Edit This', $before = '', $after = '') { - global $user_ID, $post; + global $post; - get_currentuserinfo(); - - if ( !user_can_edit_post($user_ID, $post->ID) ) { + if ( ! current_user_can('edit_post', $post->ID) ) return; - } if ( is_attachment() ) return; @@ -223,11 +220,9 @@ } function edit_comment_link($link = 'Edit This', $before = '', $after = '') { - global $user_ID, $post, $comment; - - get_currentuserinfo(); + global $post, $comment; - if ( !user_can_edit_post_comments($user_ID, $post->ID) ) + if ( ! current_user_can('edit_post', $post->ID) ) return; $location = get_settings('siteurl') . "/wp-admin/post.php?action=editcomment&comment=$comment->comment_ID"; diff -U3 -r 2.0.1/wp-includes/version.php 2.0/wp-includes/version.php --- 2.0.1/wp-includes/version.php 2006-01-31 20:05:42.000000000 +0000 +++ 2.0/wp-includes/version.php 2006-03-10 05:46:13.000000000 +0000 @@ -2,7 +2,7 @@ // This just holds the version number, in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.0.1'; +$wp_version = '2.0.2'; $wp_db_version = 3437; -?> \ No newline at end of file +?> diff -U3 -r 2.0.1/wp-register.php 2.0/wp-register.php --- 2.0.1/wp-register.php 2006-01-25 03:09:16.000000000 +0000 +++ 2.0/wp-register.php 2006-03-07 07:06:43.000000000 +0000 @@ -25,10 +25,13 @@ $errors['user_email'] = __('ERROR: Please type your e-mail address.'); } else if (!is_email($user_email)) { $errors['user_email'] = __('ERROR: The email address isn’t correct.'); + $user_email = ''; } - if ( ! validate_username($user_login) ) + if ( ! validate_username($user_login) ) { $errors['user_login'] = __('ERROR: This username is invalid. Please enter a valid username.'); + $user_login = ''; + } if ( username_exists( $user_login ) ) $errors['user_login'] = __('ERROR: This username is already registered, please choose another one.'); @@ -67,9 +70,9 @@

-

$user_login") ?>
+

" . wp_specialchars($user_login) . "") ?>
' . __('emailed to you') . '') ?>
- $user_email") ?>

+ " . wp_specialchars($user_email) . "") ?>

»

@@ -110,8 +113,8 @@

-

-


+

+


diff -U3 -r 2.0.1/wp-settings.php 2.0/wp-settings.php --- 2.0.1/wp-settings.php 2006-01-30 21:29:22.000000000 +0000 +++ 2.0/wp-settings.php 2006-02-28 21:50:06.000000000 +0000 @@ -190,7 +190,6 @@ $_GET = stripslashes_deep($_GET ); $_POST = stripslashes_deep($_POST ); $_COOKIE = stripslashes_deep($_COOKIE); - $_SERVER = stripslashes_deep($_SERVER); } // Escape with wpdb.