Sanitize browser-bound add_query_arg() outputs. fixes #3937

git-svn-id: http://svn.automattic.com/wordpress/trunk@5007 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-03-09 04:36:24 +00:00
parent 0cd477441e
commit 2a11c99459
4 changed files with 11 additions and 11 deletions

View File

@ -1935,7 +1935,7 @@ function wp_import_upload_form( $action ) {
if (strpos($size, 'g') !== false) if (strpos($size, 'g') !== false)
$bytes = $size * 1024 * 1024 * 1024; $bytes = $size * 1024 * 1024 * 1024;
?> ?>
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action ?>"> <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
<p> <p>
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> ) <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
<input type="file" id="upload" name="import" size="25" /> <input type="file" id="upload" name="import" size="25" />

View File

@ -174,7 +174,7 @@ Event.observe( window, 'load', hide_text );
<h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p> <h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p> <p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo add_query_arg('step', 2) ?>" style="margin: auto; width: 50%;"> <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" /> <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
<input type="hidden" name="action" value="save" /> <input type="hidden" name="action" value="save" />
<p class="submit"> <p class="submit">
@ -188,7 +188,7 @@ Event.observe( window, 'load', hide_text );
<div class="wrap"> <div class="wrap">
<h2><?php _e('Reset Header Image and Color'); ?></h2> <h2><?php _e('Reset Header Image and Color'); ?></h2>
<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p> <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
<form method="post" action="<?php echo add_query_arg('step', 1) ?>"> <form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" /> <input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
</form> </form>
</div> </div>
@ -240,7 +240,7 @@ Event.observe( window, 'load', hide_text );
<div class="wrap"> <div class="wrap">
<form method="POST" action="<?php echo add_query_arg('step', 3) ?>"> <form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p> <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
<div id="testWrap"> <div id="testWrap">

View File

@ -101,7 +101,7 @@ $total_pages = ceil( $total / 20 );
$r = ''; $r = '';
if ( 1 < $page ) { if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
$r .= '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n"; $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
} }
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@ -111,7 +111,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
$p = false; $p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
$r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n"; $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
$in = true; $in = true;
elseif ( $in == true ) : elseif ( $in == true ) :
$r .= "...\n"; $r .= "...\n";
@ -122,7 +122,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
} }
if ( ( $page ) * 20 < $total || -1 == $total ) { if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1; $args['apage'] = $page + 1;
$r .= '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n"; $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
} }
echo "<p class='pagenav'>$r</p>"; echo "<p class='pagenav'>$r</p>";
?> ?>
@ -248,7 +248,7 @@ $total_pages = ceil( $total / 20 );
$r = ''; $r = '';
if ( 1 < $page ) { if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
$r .= '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n"; $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
} }
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@ -258,7 +258,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
$p = false; $p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
$r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n"; $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
$in = true; $in = true;
elseif ( $in == true ) : elseif ( $in == true ) :
$r .= "...\n"; $r .= "...\n";
@ -269,7 +269,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
} }
if ( ( $page ) * 20 < $total || -1 == $total ) { if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1; $args['apage'] = $page + 1;
$r .= '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n"; $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
} }
echo "<p class='pagenav'>$r</p>"; echo "<p class='pagenav'>$r</p>";
?> ?>

View File

@ -150,7 +150,7 @@ class WP_Scripts {
$ver .= '&amp;' . $this->args[$handle]; $ver .= '&amp;' . $this->args[$handle];
$src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src; $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
$src = add_query_arg('ver', $ver, $src); $src = add_query_arg('ver', $ver, $src);
$src = apply_filters( 'script_loader_src', $src ); $src = attribute_escape(apply_filters( 'script_loader_src', $src ));
echo "<script type='text/javascript' src='$src'></script>\n"; echo "<script type='text/javascript' src='$src'></script>\n";
$this->print_scripts_l10n( $handle ); $this->print_scripts_l10n( $handle );
} }