More validation fixes. Escape some preview=true URLs, also clean up tags in edit-attachment-rows. Slight CSS tweak to match presentation to the formerly invalid HTML. props zeo, see #13383.

git-svn-id: http://svn.automattic.com/wordpress/trunk@14673 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/css/wp-admin.dev.css

@@ -796,6 +796,7 @@ td.media-icon {
 	text-align: center;
 	width: 80px;
 	padding-top: 8px;
+	padding-bottom: 8px;
 }
 
 td.media-icon img {

wp-admin/edit-attachment-rows.php

@@ -84,14 +84,15 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 
 	case 'media':
 		?>
-		<td <?php echo $attributes ?>><strong><?php if ( $is_trash ) echo $att_title; else { ?><a href="<?php echo get_edit_post_link( $post->ID, true ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a><?php } ?></strong><br />
+		<td <?php echo $attributes ?>><strong><?php if ( $is_trash ) echo $att_title; else { ?><a href="<?php echo get_edit_post_link( $post->ID, true ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a><?php } ?></strong>
+		<p>
 		<?php
 		if ( preg_match( '/^.*?\.(\w+)$/', get_attached_file( $post->ID ), $matches ) )
 			echo esc_html( strtoupper( $matches[1] ) );
 		else
 			echo strtoupper( str_replace( 'image/', '', get_post_mime_type() ) );
 		?>
-		<p>
+		</p>
 		<?php
 		$actions = array();
 		if ( current_user_can('edit_post', $post->ID) && !$is_trash )
@@ -120,7 +121,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 			echo "<span class='$action'>$link$sep</span>";
 		}
 		echo '</div>';
-		?></p></td>
+		?></td>
 		<?php
 		break;
 

wp-admin/includes/template.php

@@ -1361,7 +1361,7 @@ function _post_row($a_post, $pending_comments, $mode) {
 			}
 			if ( in_array($post->post_status, array('pending', 'draft')) ) {
 				if ( current_user_can($post_type_object->cap->edit_post, $post->ID) )
-					$actions['view'] = '<a href="' . add_query_arg( 'preview', 'true', get_permalink($post->ID) ) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
+					$actions['view'] = '<a href="' . esc_url( add_query_arg( 'preview', 'true', get_permalink($post->ID) ) ) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
 			} elseif ( 'trash' != $post->post_status ) {
 				$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
 			}
@@ -1583,7 +1583,7 @@ foreach ( $posts_columns as $column_name => $column_display_name ) {
 		}
 		if ( in_array($post->post_status, array('pending', 'draft')) ) {
 			if ( current_user_can($post_type_object->cap->edit_post, $page->ID) )
-				$actions['view'] = '<a href="' . add_query_arg( 'preview', 'true', get_permalink($page->ID) ) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
+				$actions['view'] = '<a href="' . esc_url( add_query_arg( 'preview', 'true', get_permalink($page->ID) ) ) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
 		} elseif ( $post->post_status != 'trash' ) {
 			$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
 		}

wp-includes/script-loader.php

@@ -444,7 +444,7 @@ function wp_default_styles( &$styles ) {
 	// Any rtl stylesheets that don't have a .dev version for ltr
 	$no_suffix = array( 'farbtastic' );
 
-	$styles->add( 'wp-admin', "/wp-admin/css/wp-admin$suffix.css", array(), '20100506' );
+	$styles->add( 'wp-admin', "/wp-admin/css/wp-admin$suffix.css", array(), '20100515' );
 
 	$styles->add( 'ie', "/wp-admin/css/ie$suffix.css", array(), '20100219' );
 	$styles->add_data( 'ie', 'conditional', 'lte IE 7' );