Sanitize browser-bound add_query_arg() outputs. fixes #3937
git-svn-id: http://svn.automattic.com/wordpress/trunk@5007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
0cd477441e
commit
2a11c99459
|
@ -1935,7 +1935,7 @@ function wp_import_upload_form( $action ) {
|
||||||
if (strpos($size, 'g') !== false)
|
if (strpos($size, 'g') !== false)
|
||||||
$bytes = $size * 1024 * 1024 * 1024;
|
$bytes = $size * 1024 * 1024 * 1024;
|
||||||
?>
|
?>
|
||||||
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action ?>">
|
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
|
||||||
<p>
|
<p>
|
||||||
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
|
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
|
||||||
<input type="file" id="upload" name="import" size="25" />
|
<input type="file" id="upload" name="import" size="25" />
|
||||||
|
|
|
@ -174,7 +174,7 @@ Event.observe( window, 'load', hide_text );
|
||||||
<h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
|
<h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
|
||||||
<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
|
<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
|
||||||
|
|
||||||
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo add_query_arg('step', 2) ?>" style="margin: auto; width: 50%;">
|
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
|
||||||
<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
|
<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
|
||||||
<input type="hidden" name="action" value="save" />
|
<input type="hidden" name="action" value="save" />
|
||||||
<p class="submit">
|
<p class="submit">
|
||||||
|
@ -188,7 +188,7 @@ Event.observe( window, 'load', hide_text );
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Reset Header Image and Color'); ?></h2>
|
<h2><?php _e('Reset Header Image and Color'); ?></h2>
|
||||||
<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
|
<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
|
||||||
<form method="post" action="<?php echo add_query_arg('step', 1) ?>">
|
<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
|
||||||
<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
|
<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
@ -240,7 +240,7 @@ Event.observe( window, 'load', hide_text );
|
||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
|
|
||||||
<form method="POST" action="<?php echo add_query_arg('step', 3) ?>">
|
<form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
|
||||||
|
|
||||||
<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
|
<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
|
||||||
<div id="testWrap">
|
<div id="testWrap">
|
||||||
|
|
|
@ -101,7 +101,7 @@ $total_pages = ceil( $total / 20 );
|
||||||
$r = '';
|
$r = '';
|
||||||
if ( 1 < $page ) {
|
if ( 1 < $page ) {
|
||||||
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
|
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
|
||||||
$r .= '<a class="prev" href="' . add_query_arg( $args ) . '">« '. __('Previous Page') .'</a>' . "\n";
|
$r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
|
||||||
}
|
}
|
||||||
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
||||||
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
|
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
|
||||||
|
@ -111,7 +111,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
||||||
$p = false;
|
$p = false;
|
||||||
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
|
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
|
||||||
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
|
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
|
||||||
$r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
|
$r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
|
||||||
$in = true;
|
$in = true;
|
||||||
elseif ( $in == true ) :
|
elseif ( $in == true ) :
|
||||||
$r .= "...\n";
|
$r .= "...\n";
|
||||||
|
@ -122,7 +122,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
||||||
}
|
}
|
||||||
if ( ( $page ) * 20 < $total || -1 == $total ) {
|
if ( ( $page ) * 20 < $total || -1 == $total ) {
|
||||||
$args['apage'] = $page + 1;
|
$args['apage'] = $page + 1;
|
||||||
$r .= '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' »</a>' . "\n";
|
$r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
|
||||||
}
|
}
|
||||||
echo "<p class='pagenav'>$r</p>";
|
echo "<p class='pagenav'>$r</p>";
|
||||||
?>
|
?>
|
||||||
|
@ -248,7 +248,7 @@ $total_pages = ceil( $total / 20 );
|
||||||
$r = '';
|
$r = '';
|
||||||
if ( 1 < $page ) {
|
if ( 1 < $page ) {
|
||||||
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
|
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
|
||||||
$r .= '<a class="prev" href="' . add_query_arg( $args ) . '">« '. __('Previous Page') .'</a>' . "\n";
|
$r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";
|
||||||
}
|
}
|
||||||
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
||||||
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
|
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
|
||||||
|
@ -258,7 +258,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
||||||
$p = false;
|
$p = false;
|
||||||
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
|
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
|
||||||
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
|
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
|
||||||
$r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
|
$r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
|
||||||
$in = true;
|
$in = true;
|
||||||
elseif ( $in == true ) :
|
elseif ( $in == true ) :
|
||||||
$r .= "...\n";
|
$r .= "...\n";
|
||||||
|
@ -269,7 +269,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
|
||||||
}
|
}
|
||||||
if ( ( $page ) * 20 < $total || -1 == $total ) {
|
if ( ( $page ) * 20 < $total || -1 == $total ) {
|
||||||
$args['apage'] = $page + 1;
|
$args['apage'] = $page + 1;
|
||||||
$r .= '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' »</a>' . "\n";
|
$r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";
|
||||||
}
|
}
|
||||||
echo "<p class='pagenav'>$r</p>";
|
echo "<p class='pagenav'>$r</p>";
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -150,7 +150,7 @@ class WP_Scripts {
|
||||||
$ver .= '&' . $this->args[$handle];
|
$ver .= '&' . $this->args[$handle];
|
||||||
$src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
|
$src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
|
||||||
$src = add_query_arg('ver', $ver, $src);
|
$src = add_query_arg('ver', $ver, $src);
|
||||||
$src = apply_filters( 'script_loader_src', $src );
|
$src = attribute_escape(apply_filters( 'script_loader_src', $src ));
|
||||||
echo "<script type='text/javascript' src='$src'></script>\n";
|
echo "<script type='text/javascript' src='$src'></script>\n";
|
||||||
$this->print_scripts_l10n( $handle );
|
$this->print_scripts_l10n( $handle );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue