s/attribute_escape/attr/. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
430a8cb2cf
commit
2d489767bb
|
@ -474,7 +474,7 @@ case 'add-cat' : // From Manage->Categories
|
|||
$cat_full_name = $_cat->name . ' — ' . $cat_full_name;
|
||||
$level++;
|
||||
}
|
||||
$cat_full_name = attribute_escape($cat_full_name);
|
||||
$cat_full_name = attr($cat_full_name);
|
||||
|
||||
$x = new WP_Ajax_Response( array(
|
||||
'what' => 'cat',
|
||||
|
@ -552,7 +552,7 @@ case 'add-tag' : // From Manage->Tags
|
|||
die('0');
|
||||
|
||||
$tag_full_name = $tag->name;
|
||||
$tag_full_name = attribute_escape($tag_full_name);
|
||||
$tag_full_name = attr($tag_full_name);
|
||||
|
||||
$x = new WP_Ajax_Response( array(
|
||||
'what' => 'tag',
|
||||
|
|
|
@ -287,7 +287,7 @@ class Custom_Image_Header {
|
|||
<input type="button" class="button" value="<?php _ea('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
|
||||
<input type="button" class="button" value="<?php _ea('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php _ea('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
|
||||
<?php wp_nonce_field('custom-header') ?>
|
||||
<input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form>
|
||||
<input type="hidden" name="textcolor" id="textcolor" value="#<?php attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form>
|
||||
<?php } ?>
|
||||
|
||||
<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;display:none;"> </div>
|
||||
|
@ -296,7 +296,7 @@ class Custom_Image_Header {
|
|||
<h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
|
||||
<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
|
||||
|
||||
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
|
||||
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
|
||||
<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
|
||||
<input type="hidden" name="action" value="save" />
|
||||
<?php wp_nonce_field('custom-header') ?>
|
||||
|
@ -311,7 +311,7 @@ class Custom_Image_Header {
|
|||
<div class="wrap">
|
||||
<h2><?php _e('Reset Header Image and Color'); ?></h2>
|
||||
<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
|
||||
<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
|
||||
<form method="post" action="<?php echo attr(add_query_arg('step', 1)) ?>">
|
||||
<?php wp_nonce_field('custom-header'); ?>
|
||||
<input type="submit" class="button" name="resetheader" value="<?php _ea('Restore Original Header'); ?>" />
|
||||
</form>
|
||||
|
@ -372,7 +372,7 @@ class Custom_Image_Header {
|
|||
|
||||
<div class="wrap">
|
||||
|
||||
<form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
|
||||
<form method="POST" action="<?php echo attr(add_query_arg('step', 3)) ?>">
|
||||
|
||||
<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
|
||||
<div id="testWrap" style="position: relative">
|
||||
|
|
|
@ -62,7 +62,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
|
|||
if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) {
|
||||
?>
|
||||
|
||||
<a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>">
|
||||
<a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>">
|
||||
<?php echo $thumb; ?>
|
||||
</a>
|
||||
|
||||
|
@ -74,7 +74,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
|
|||
|
||||
case 'media':
|
||||
?>
|
||||
<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
|
||||
<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
|
||||
<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
|
||||
<p>
|
||||
<?php
|
||||
|
@ -83,7 +83,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
|
|||
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
|
||||
if ( current_user_can('delete_post', $post->ID) )
|
||||
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
$action_count = count($actions);
|
||||
$i = 0;
|
||||
echo '<div class="row-actions">';
|
||||
|
@ -182,7 +182,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
|
|||
case 'actions':
|
||||
?>
|
||||
<td <?php echo $attributes ?>>
|
||||
<a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
|
||||
<a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
|
||||
<a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a>
|
||||
</td>
|
||||
<?php
|
||||
|
|
|
@ -49,12 +49,12 @@ _fill_empty_category($category);
|
|||
<table class="form-table">
|
||||
<tr class="form-field form-required">
|
||||
<th scope="row" valign="top"><label for="cat_name"><?php _e('Category Name') ?></label></th>
|
||||
<td><input name="cat_name" id="cat_name" type="text" value="<?php echo attribute_escape($category->name); ?>" size="40" aria-required="true" /><br />
|
||||
<td><input name="cat_name" id="cat_name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /><br />
|
||||
<?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></td>
|
||||
</tr>
|
||||
<tr class="form-field">
|
||||
<th scope="row" valign="top"><label for="category_nicename"><?php _e('Category Slug') ?></label></th>
|
||||
<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attribute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
|
||||
<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
|
||||
<?php _e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
|
||||
</tr>
|
||||
<tr class="form-field">
|
||||
|
|
|
@ -83,7 +83,7 @@ else
|
|||
|
||||
require_once('admin-header.php');
|
||||
|
||||
$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attribute_escape($_GET['mode']);
|
||||
$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']);
|
||||
|
||||
$default_status = get_user_option('edit_comments_last_view');
|
||||
if ( empty($default_status) )
|
||||
|
@ -94,10 +94,10 @@ if ( !in_array($comment_status, array('all', 'moderated', 'approved', 'spam')) )
|
|||
if ( $comment_status != $default_status )
|
||||
update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status);
|
||||
|
||||
$comment_type = !empty($_GET['comment_type']) ? attribute_escape($_GET['comment_type']) : '';
|
||||
$comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : '';
|
||||
|
||||
$search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : '';
|
||||
$search = attribute_escape( $search_dirty ); ?>
|
||||
$search = attr( $search_dirty ); ?>
|
||||
|
||||
<div class="wrap">
|
||||
<?php screen_icon(); ?>
|
||||
|
@ -164,7 +164,7 @@ foreach ( $stati as $status => $label ) {
|
|||
/*
|
||||
// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
|
||||
if ( !empty( $_GET['s'] ) )
|
||||
$link = add_query_arg( 's', attribute_escape( stripslashes( $_GET['s'] ) ), $link );
|
||||
$link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link );
|
||||
*/
|
||||
$status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf(
|
||||
_n( $label[0], $label[1], $num_comments->$status ),
|
||||
|
@ -364,8 +364,8 @@ if ( $page_links )
|
|||
<input type="hidden" name="mode" value="<?php echo attr($mode); ?>" />
|
||||
<input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" />
|
||||
<input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
|
||||
<input type="hidden" name="p" value="<?php echo attribute_escape( $post_id ); ?>" />
|
||||
<input type="hidden" name="comment_type" value="<?php echo attribute_escape( $comment_type ); ?>" />
|
||||
<input type="hidden" name="p" value="<?php echo attr( $post_id ); ?>" />
|
||||
<input type="hidden" name="comment_type" value="<?php echo attr( $comment_type ); ?>" />
|
||||
<?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>
|
||||
</form>
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ $post_ID = isset($post_ID) ? (int) $post_ID : 0;
|
|||
$action = isset($action) ? $action : '';
|
||||
if ( isset($_GET['message']) )
|
||||
$_GET['message'] = absint( $_GET['message'] );
|
||||
$messages[1] = sprintf( __( 'Post updated. Continue editing below or <a href="%s">go back</a>.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
|
||||
$messages[1] = sprintf( __( 'Post updated. Continue editing below or <a href="%s">go back</a>.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
|
||||
$messages[2] = __('Custom field updated.');
|
||||
$messages[3] = __('Custom field deleted.');
|
||||
$messages[4] = __('Post updated.');
|
||||
|
@ -169,15 +169,15 @@ if ( 'private' == $post->post_status ) {
|
|||
?><?php echo wp_specialchars( $visibility_trans ); ?></span></b> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
|
||||
|
||||
<div id="post-visibility-select" class="hide-if-js">
|
||||
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attribute_escape($post->post_password); ?>" />
|
||||
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
|
||||
<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> />
|
||||
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attribute_escape( $visibility ); ?>" />
|
||||
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
|
||||
|
||||
|
||||
<input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
|
||||
<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
|
||||
<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
|
||||
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /><br /></span>
|
||||
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
|
||||
<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
|
||||
|
||||
<p>
|
||||
|
@ -271,7 +271,7 @@ add_meta_box('submitdiv', __('Publish'), 'post_submit_meta_box', 'post', 'side',
|
|||
function post_tags_meta_box($post, $box) {
|
||||
$tax_name = substr($box['id'], 8);
|
||||
$taxonomy = get_taxonomy($tax_name);
|
||||
$helps = isset($taxonomy->helps) ? attribute_escape($taxonomy->helps) : __('Separate tags with commas.');
|
||||
$helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.');
|
||||
?>
|
||||
<div class="tagsdiv" id="<?php echo $tax_name; ?>">
|
||||
<p class="jaxtag">
|
||||
|
@ -293,7 +293,7 @@ function post_tags_meta_box($post, $box) {
|
|||
foreach ( get_object_taxonomies('post') as $tax_name ) {
|
||||
if ( !is_taxonomy_hierarchical($tax_name) ) {
|
||||
$taxonomy = get_taxonomy($tax_name);
|
||||
$label = isset($taxonomy->label) ? attribute_escape($taxonomy->label) : $tax_name;
|
||||
$label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name;
|
||||
|
||||
add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core');
|
||||
}
|
||||
|
@ -384,7 +384,7 @@ add_meta_box('postexcerpt', __('Excerpt'), 'post_excerpt_meta_box', 'post', 'nor
|
|||
* @param object $post
|
||||
*/
|
||||
function post_trackback_meta_box($post) {
|
||||
$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
|
||||
$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
|
||||
if ('' != $post->pinged) {
|
||||
$pings = '<p>'. __('Already pinged:') . '</p><ul>';
|
||||
$already_pinged = explode("\n", trim($post->pinged));
|
||||
|
@ -497,7 +497,7 @@ if ( 'publish' == $post->post_status || 'private' == $post->post_status )
|
|||
*/
|
||||
function post_slug_meta_box($post) {
|
||||
?>
|
||||
<label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
|
||||
<label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
|
||||
<?php
|
||||
}
|
||||
if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) )
|
||||
|
@ -574,7 +574,7 @@ else
|
|||
<input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
|
||||
<input type="hidden" id="hiddenaction" name="action" value="<?php echo attr($form_action) ?>" />
|
||||
<input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
|
||||
<input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
|
||||
<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
|
||||
<input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
|
||||
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
|
||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
|
||||
|
@ -595,7 +595,7 @@ else
|
|||
<div id="post-body-content">
|
||||
<div id="titlediv">
|
||||
<div id="titlewrap">
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
|
||||
</div>
|
||||
<div class="inside">
|
||||
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
|
||||
|
|
|
@ -26,8 +26,8 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . attr($com
|
|||
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
|
||||
<?php
|
||||
|
||||
$email = attribute_escape( $comment->comment_author_email );
|
||||
$url = attribute_escape( $comment->comment_author_url );
|
||||
$email = attr( $comment->comment_author_email );
|
||||
$url = attr( $comment->comment_author_url );
|
||||
// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
|
||||
?>
|
||||
|
||||
|
@ -90,7 +90,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
|
|||
<tbody>
|
||||
<tr valign="top">
|
||||
<td class="first"><?php _e( 'Name:' ); ?></td>
|
||||
<td><input type="text" name="newcomment_author" size="30" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
|
||||
<td><input type="text" name="newcomment_author" size="30" value="<?php echo attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td class="first">
|
||||
|
|
|
@ -67,7 +67,7 @@ _fill_empty_link_category($category);
|
|||
</tr>
|
||||
<tr class="form-field">
|
||||
<th scope="row" valign="top"><label for="slug"><?php _e('Link Category slug') ?></label></th>
|
||||
<td><input name="slug" id="slug" type="text" value="<?php echo attribute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
|
||||
<td><input name="slug" id="slug" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
|
||||
<?php _e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
|
||||
</tr>
|
||||
<tr class="form-field">
|
||||
|
|
|
@ -404,7 +404,7 @@ do_meta_boxes('link', 'advanced', $link);
|
|||
if ( $link_id ) : ?>
|
||||
<input type="hidden" name="action" value="save" />
|
||||
<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
|
||||
<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
|
||||
<input type="hidden" name="order_by" value="<?php echo attr($order_by); ?>" />
|
||||
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
|
||||
<?php else: ?>
|
||||
<input type="hidden" name="action" value="add" />
|
||||
|
|
|
@ -18,7 +18,7 @@ if ( ! isset( $temp_ID ) )
|
|||
|
||||
if ( isset($_GET['message']) )
|
||||
$_GET['message'] = absint( $_GET['message'] );
|
||||
$messages[1] = sprintf( __( 'Page updated. Continue editing below or <a href="%s">go back</a>.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
|
||||
$messages[1] = sprintf( __( 'Page updated. Continue editing below or <a href="%s">go back</a>.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
|
||||
$messages[2] = __('Custom field updated.');
|
||||
$messages[3] = __('Custom field deleted.');
|
||||
$messages[4] = sprintf(__('Page updated. <a href="%s">View page</a>'), get_permalink($post_ID));
|
||||
|
@ -73,9 +73,9 @@ function page_submit_meta_box($post) {
|
|||
<div id="minor-publishing-actions">
|
||||
<div id="save-action">
|
||||
<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status ) { ?>
|
||||
<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />
|
||||
<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attr( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />
|
||||
<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
|
||||
<input type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />
|
||||
<input type="submit" name="save" id="save-post" value="<?php echo attr( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />
|
||||
<?php } ?>
|
||||
</div>
|
||||
|
||||
|
@ -162,13 +162,13 @@ if ( 'private' == $post->post_status ) {
|
|||
?><?php echo wp_specialchars( $visibility_trans ); ?></span></b> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
|
||||
|
||||
<div id="post-visibility-select" class="hide-if-js">
|
||||
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attribute_escape($post->post_password); ?>" />
|
||||
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attribute_escape( $visibility ); ?>" />
|
||||
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
|
||||
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
|
||||
|
||||
|
||||
<input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
|
||||
<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
|
||||
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /><br /></span>
|
||||
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
|
||||
<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
|
||||
|
||||
<p>
|
||||
|
@ -349,7 +349,7 @@ add_meta_box('pagecommentstatusdiv', __('Discussion'), 'page_comments_status_met
|
|||
*/
|
||||
function page_slug_meta_box($post){
|
||||
?>
|
||||
<label class="hidden" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
|
||||
<label class="hidden" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
|
||||
<?php
|
||||
}
|
||||
add_meta_box('pageslugdiv', __('Page Slug'), 'page_slug_meta_box', 'page', 'normal', 'core');
|
||||
|
@ -419,7 +419,7 @@ if (isset($mode) && 'bookmarklet' == $mode)
|
|||
<input type="hidden" id="user-id" name="user_ID" value="<?php echo $user_ID ?>" />
|
||||
<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
|
||||
<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
|
||||
<input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
|
||||
<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
|
||||
<?php echo $form_extra ?>
|
||||
<input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
|
||||
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
|
||||
|
@ -442,7 +442,7 @@ $side_meta_boxes = do_meta_boxes('page', 'side', $post);
|
|||
<div id="post-body-content">
|
||||
<div id="titlediv">
|
||||
<div id="titlewrap">
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
|
||||
</div>
|
||||
<div class="inside">
|
||||
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
|
||||
|
|
|
@ -175,7 +175,7 @@ endif;
|
|||
</p>
|
||||
|
||||
<?php if ( isset($_GET['post_status'] ) ) : ?>
|
||||
<input type="hidden" name="post_status" value="<?php echo attribute_escape($_GET['post_status']) ?>" />
|
||||
<input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($posts) { ?>
|
||||
|
|
|
@ -21,17 +21,17 @@ do_action('edit_tag_form_pre', $tag); ?>
|
|||
<form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate">
|
||||
<input type="hidden" name="action" value="editedtag" />
|
||||
<input type="hidden" name="tag_ID" value="<?php echo $tag->term_id ?>" />
|
||||
<input type="hidden" name="taxonomy" value="<?php echo attribute_escape($taxonomy) ?>" />
|
||||
<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy) ?>" />
|
||||
<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?>
|
||||
<table class="form-table">
|
||||
<tr class="form-field form-required">
|
||||
<th scope="row" valign="top"><label for="name"><?php _e('Tag name') ?></label></th>
|
||||
<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attribute_escape($tag->name); ?>" size="40" aria-required="true" />
|
||||
<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attr($tag->name); ?>" size="40" aria-required="true" />
|
||||
<p><?php _e('The name is how the tag appears on your site.'); ?></p></td>
|
||||
</tr>
|
||||
<tr class="form-field">
|
||||
<th scope="row" valign="top"><label for="slug"><?php _e('Tag slug') ?></label></th>
|
||||
<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attribute_escape(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
|
||||
<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
|
||||
<p><?php _e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td>
|
||||
</tr>
|
||||
<tr class="form-field">
|
||||
|
|
|
@ -170,7 +170,7 @@ endif; ?>
|
|||
<div id="col-right">
|
||||
<div class="col-wrap">
|
||||
<form id="posts-filter" action="" method="get">
|
||||
<input type="hidden" name="taxonomy" value="<?php echo attribute_escape($taxonomy); ?>" />
|
||||
<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" />
|
||||
<div class="tablenav">
|
||||
<?php
|
||||
$pagenum = isset( $_GET['pagenum'] ) ? absint( $_GET['pagenum'] ) : 0;
|
||||
|
@ -276,7 +276,7 @@ else
|
|||
<div id="ajax-response"></div>
|
||||
<form name="addtag" id="addtag" method="post" action="edit-tags.php" class="add:the-list: validate">
|
||||
<input type="hidden" name="action" value="addtag" />
|
||||
<input type="hidden" name="taxonomy" value="<?php echo attribute_escape($taxonomy); ?>" />
|
||||
<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" />
|
||||
<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('add-tag'); ?>
|
||||
|
||||
<div class="form-field form-required">
|
||||
|
|
|
@ -92,7 +92,7 @@ if ( !isset( $_GET['paged'] ) )
|
|||
if ( empty($_GET['mode']) )
|
||||
$mode = 'list';
|
||||
else
|
||||
$mode = attribute_escape($_GET['mode']); ?>
|
||||
$mode = attr($_GET['mode']); ?>
|
||||
|
||||
<div class="wrap">
|
||||
<?php screen_icon(); ?>
|
||||
|
@ -170,7 +170,7 @@ endif;
|
|||
</p>
|
||||
|
||||
<?php if ( isset($_GET['post_status'] ) ) : ?>
|
||||
<input type="hidden" name="post_status" value="<?php echo attribute_escape($_GET['post_status']) ?>" />
|
||||
<input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
|
||||
<?php endif; ?>
|
||||
<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
|
||||
|
||||
|
|
|
@ -215,7 +215,7 @@ class Dotclear_Import {
|
|||
echo '<form action="admin.php?import=dotclear&step=1" method="post">';
|
||||
wp_nonce_field('import-dotclear');
|
||||
$this->db_form();
|
||||
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attribute_escape(__('Import Categories')).'" /></p>';
|
||||
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr(__('Import Categories')).'" /></p>';
|
||||
echo '</form></div>';
|
||||
}
|
||||
|
||||
|
@ -632,7 +632,7 @@ class Dotclear_Import {
|
|||
|
||||
echo '<form action="admin.php?import=dotclear&step=2" method="post">';
|
||||
wp_nonce_field('import-dotclear');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Users')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Users')));
|
||||
echo '</form>';
|
||||
|
||||
}
|
||||
|
@ -645,7 +645,7 @@ class Dotclear_Import {
|
|||
|
||||
echo '<form action="admin.php?import=dotclear&step=3" method="post">';
|
||||
wp_nonce_field('import-dotclear');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Posts')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Posts')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
@ -659,7 +659,7 @@ class Dotclear_Import {
|
|||
|
||||
echo '<form action="admin.php?import=dotclear&step=4" method="post">';
|
||||
wp_nonce_field('import-dotclear');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Comments')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Comments')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
@ -671,7 +671,7 @@ class Dotclear_Import {
|
|||
|
||||
echo '<form action="admin.php?import=dotclear&step=5" method="post">';
|
||||
wp_nonce_field('import-dotclear');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Links')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Links')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
@ -684,7 +684,7 @@ class Dotclear_Import {
|
|||
|
||||
echo '<form action="admin.php?import=dotclear&step=6" method="post">';
|
||||
wp_nonce_field('import-dotclear');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Finish')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Finish')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
|
|
@ -184,9 +184,9 @@ class LJ_API_Import {
|
|||
<input type="hidden" name="step" value="<?php echo get_option( 'ljapi_step' ) ?>" />
|
||||
<p><?php _e( 'It looks like you attempted to import your LiveJournal posts previously and got interrupted.' ) ?></p>
|
||||
<p class="submit">
|
||||
<input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Continue previous import' ) ) ?>" />
|
||||
<input type="submit" class="button-primary" value="<?php echo attr( __( 'Continue previous import' ) ) ?>" />
|
||||
</p>
|
||||
<p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attribute_escape( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p>
|
||||
<p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p>
|
||||
<p>
|
||||
<?php else : ?>
|
||||
<input type="hidden" name="step" value="1" />
|
||||
|
@ -223,7 +223,7 @@ class LJ_API_Import {
|
|||
<p><?php _e( "<strong>WARNING:</strong> This can take a really long time if you have a lot of entries in your LiveJournal, or a lot of comments. Ideally, you should only start this process if you can leave your computer alone while it finishes the import." ) ?></p>
|
||||
|
||||
<p class="submit">
|
||||
<input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Connect to LiveJournal and Import' ) ) ?>" />
|
||||
<input type="submit" class="button-primary" value="<?php echo attr( __( 'Connect to LiveJournal and Import' ) ) ?>" />
|
||||
</p>
|
||||
|
||||
<p><?php _e( '<strong>NOTE:</strong> If the import process is interrupted for <em>any</em> reason, come back to this page and it will continue from where it stopped automatically.' ) ?></p>
|
||||
|
@ -724,7 +724,7 @@ class LJ_API_Import {
|
|||
if ( empty( $this->username ) || empty( $this->password ) ) {
|
||||
?>
|
||||
<p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p>
|
||||
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attribute_escape( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
||||
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
||||
<?php
|
||||
return false;
|
||||
}
|
||||
|
@ -736,7 +736,7 @@ class LJ_API_Import {
|
|||
delete_option( 'ljapi_protected_password' );
|
||||
?>
|
||||
<p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p>
|
||||
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attribute_escape( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
||||
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
||||
<?php
|
||||
return false;
|
||||
} else {
|
||||
|
@ -816,7 +816,7 @@ class LJ_API_Import {
|
|||
<form action="admin.php?import=livejournal" method="post" id="ljapi-auto-repost">
|
||||
<?php wp_nonce_field( 'lj-api-import' ) ?>
|
||||
<input type="hidden" name="step" id="step" value="1" />
|
||||
<p><input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
|
||||
<p><input type="submit" class="button-primary" value="<?php echo attr( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
|
||||
</form>
|
||||
<?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?>
|
||||
<?php
|
||||
|
@ -866,7 +866,7 @@ class LJ_API_Import {
|
|||
<p><strong><?php printf( __( 'Imported comment batch %d of <strong>approximately</strong> %d' ), get_option( 'ljapi_comment_batch' ), $batch ) ?></strong></p>
|
||||
<?php wp_nonce_field( 'lj-api-import' ) ?>
|
||||
<input type="hidden" name="step" id="step" value="2" />
|
||||
<p><input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
|
||||
<p><input type="submit" class="button-primary" value="<?php echo attr( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
|
||||
</form>
|
||||
<?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?>
|
||||
<?php
|
||||
|
@ -942,7 +942,7 @@ class LJ_API_Import {
|
|||
$str .= wp_nonce_field( 'lj-api-import', '_wpnonce', true, false );
|
||||
$str .= wp_referer_field( false );
|
||||
$str .= '<input type="hidden" name="step" id="step" value="' . $next_step . '" />';
|
||||
$str .= '<p><input type="submit" class="button-primary" value="' . attribute_escape( $label ) . '" /> <span id="auto-message"></span></p>';
|
||||
$str .= '<p><input type="submit" class="button-primary" value="' . attr( $label ) . '" /> <span id="auto-message"></span></p>';
|
||||
$str .= '</form>';
|
||||
|
||||
return $str;
|
||||
|
|
|
@ -39,14 +39,14 @@ class MT_Import {
|
|||
<p><?php _e('Howdy! We’re about to begin importing all of your Movable Type or Typepad entries into WordPress. To begin, either choose a file to upload and click "Upload file and import," or use FTP to upload your MT export file as <code>mt-export.txt</code> in your <code>/wp-content/</code> directory and then click "Import mt-export.txt"'); ?></p>
|
||||
|
||||
<?php wp_import_upload_form( add_query_arg('step', 1) ); ?>
|
||||
<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)); ?>" class="import-upload-form">
|
||||
<form method="post" action="<?php echo attr(add_query_arg('step', 1)); ?>" class="import-upload-form">
|
||||
|
||||
<?php wp_nonce_field('import-upload'); ?>
|
||||
<p>
|
||||
<input type="hidden" name="upload_type" value="ftp" />
|
||||
<?php _e('Or use <code>mt-export.txt</code> in your <code>/wp-content/</code> directory'); ?></p>
|
||||
<p class="submit">
|
||||
<input type="submit" class="button" value="<?php echo attribute_escape(__('Import mt-export.txt')); ?>" />
|
||||
<input type="submit" class="button" value="<?php echo attr(__('Import mt-export.txt')); ?>" />
|
||||
</p>
|
||||
</form>
|
||||
<p><?php _e('The importer is smart enough not to import duplicates, so you can run this multiple times without worry if—for whatever reason—it doesn\'t finish. If you get an <strong>out of memory</strong> error try splitting up the import file into pieces.'); ?> </p>
|
||||
|
|
|
@ -70,7 +70,7 @@ class Textpattern_Import {
|
|||
echo '<form action="admin.php?import=textpattern&step=1" method="post">';
|
||||
wp_nonce_field('import-textpattern');
|
||||
$this->db_form();
|
||||
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attribute_escape(__('Import')).'" /></p>';
|
||||
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr(__('Import')).'" /></p>';
|
||||
echo '</form>';
|
||||
echo '</div>';
|
||||
}
|
||||
|
@ -505,7 +505,7 @@ class Textpattern_Import {
|
|||
|
||||
echo '<form action="admin.php?import=textpattern&step=2" method="post">';
|
||||
wp_nonce_field('import-textpattern');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Users')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Users')));
|
||||
echo '</form>';
|
||||
|
||||
}
|
||||
|
@ -518,7 +518,7 @@ class Textpattern_Import {
|
|||
|
||||
echo '<form action="admin.php?import=textpattern&step=3" method="post">';
|
||||
wp_nonce_field('import-textpattern');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Posts')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Posts')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
@ -532,7 +532,7 @@ class Textpattern_Import {
|
|||
|
||||
echo '<form action="admin.php?import=textpattern&step=4" method="post">';
|
||||
wp_nonce_field('import-textpattern');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Comments')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Comments')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
@ -544,7 +544,7 @@ class Textpattern_Import {
|
|||
|
||||
echo '<form action="admin.php?import=textpattern&step=5" method="post">';
|
||||
wp_nonce_field('import-textpattern');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Links')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Links')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
@ -557,7 +557,7 @@ class Textpattern_Import {
|
|||
|
||||
echo '<form action="admin.php?import=textpattern&step=6" method="post">';
|
||||
wp_nonce_field('import-textpattern');
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Finish')));
|
||||
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Finish')));
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
|
|
|
@ -233,7 +233,7 @@ class WP_Import {
|
|||
}
|
||||
|
||||
echo '<p class="submit">';
|
||||
echo '<input type="submit" class="button" value="'.attribute_escape( __('Submit') ).'" />'.'<br />';
|
||||
echo '<input type="submit" class="button" value="'.attr( __('Submit') ).'" />'.'<br />';
|
||||
echo '</p>';
|
||||
echo '</form>';
|
||||
|
||||
|
|
|
@ -184,7 +184,7 @@ function check_all_tagrows() {
|
|||
<ul style="list-style:none">
|
||||
|
||||
<?php foreach ( $this->all_tags as $tag ) { ?>
|
||||
<li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attribute_escape($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id), $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>
|
||||
<li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id), $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>
|
||||
|
||||
<?php } ?>
|
||||
</ul>
|
||||
|
|
|
@ -59,7 +59,7 @@ function get_default_link_to_edit() {
|
|||
$link->link_url = '';
|
||||
|
||||
if ( isset( $_GET['name'] ) )
|
||||
$link->link_name = attribute_escape( $_GET['name']);
|
||||
$link->link_name = attr( $_GET['name']);
|
||||
else
|
||||
$link->link_name = '';
|
||||
|
||||
|
|
|
@ -820,8 +820,8 @@ class Plugin_Upgrader_Skin extends WP_Upgrader_Skin {
|
|||
echo '<iframe style="border:0;overflow:hidden" width="100%" height="170px" src="' . wp_nonce_url('update.php?action=activate-plugin&plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) .'"></iframe>';
|
||||
}
|
||||
$update_actions = array(
|
||||
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attribute_escape(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
|
||||
'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attribute_escape(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'
|
||||
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
|
||||
'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'
|
||||
);
|
||||
if ( $this->plugin_active )
|
||||
unset( $update_actions['activate_plugin'] );
|
||||
|
@ -871,13 +871,13 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin {
|
|||
$plugin_file = $this->upgrader->plugin_info();
|
||||
|
||||
$install_actions = array(
|
||||
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attribute_escape(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
|
||||
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
|
||||
);
|
||||
|
||||
if ( $this->type == 'web' )
|
||||
$install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attribute_escape(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';
|
||||
$install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attr(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';
|
||||
else
|
||||
$install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attribute_escape(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>';
|
||||
$install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>';
|
||||
|
||||
|
||||
if ( ! $this->result || is_wp_error($this->result) )
|
||||
|
@ -936,14 +936,14 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin {
|
|||
$activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
|
||||
|
||||
$install_actions = array(
|
||||
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attribute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
|
||||
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attribute_escape( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>'
|
||||
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
|
||||
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>'
|
||||
);
|
||||
|
||||
if ( $this->type == 'web' )
|
||||
$install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attribute_escape(__('Back to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>';
|
||||
$install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attr(__('Back to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>';
|
||||
else
|
||||
$install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attribute_escape(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>';
|
||||
$install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>';
|
||||
|
||||
if ( ! $this->result || is_wp_error($this->result) )
|
||||
unset( $install_actions['activate'], $install_actions['preview'] );
|
||||
|
@ -995,9 +995,9 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin {
|
|||
$activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
|
||||
|
||||
$update_actions = array(
|
||||
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attribute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
|
||||
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attribute_escape( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>',
|
||||
'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attribute_escape(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>',
|
||||
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
|
||||
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>',
|
||||
'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>',
|
||||
);
|
||||
if ( ( ! $this->result || is_wp_error($this->result) ) || $stylesheet == get_stylesheet() )
|
||||
unset($update_actions['preview'], $update_actions['activate']);
|
||||
|
|
|
@ -371,7 +371,7 @@ function wp_dashboard_quick_press() {
|
|||
<form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
|
||||
<h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
|
||||
<div class="input-text-wrap">
|
||||
<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attribute_escape( $post->post_title ); ?>" />
|
||||
<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attr( $post->post_title ); ?>" />
|
||||
</div>
|
||||
|
||||
<?php if ( current_user_can( 'upload_files' ) ) : ?>
|
||||
|
@ -432,7 +432,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
|
|||
foreach ( $drafts as $draft ) {
|
||||
$url = get_edit_post_link( $draft->ID );
|
||||
$title = _draft_or_post_title( $draft->ID );
|
||||
$item = "<h4><a href='$url' title='" . sprintf( __( 'Edit "%s"' ), attribute_escape( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
|
||||
$item = "<h4><a href='$url' title='" . sprintf( __( 'Edit "%s"' ), attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
|
||||
if ( $the_content = preg_split( '#\s#', strip_tags( $draft->post_content ), 11, PREG_SPLIT_NO_EMPTY ) )
|
||||
$item .= '<p>' . join( ' ', array_slice( $the_content, 0, 10 ) ) . ( 10 < count( $the_content ) ? '…' : '' ) . '</p>';
|
||||
$list[] = $item;
|
||||
|
@ -579,9 +579,9 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
|
|||
|
||||
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
|
||||
<textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
|
||||
<div class="author-email"><?php echo attribute_escape( $comment->comment_author_email ); ?></div>
|
||||
<div class="author"><?php echo attribute_escape( $comment->comment_author ); ?></div>
|
||||
<div class="author-url"><?php echo attribute_escape( $comment->comment_author_url ); ?></div>
|
||||
<div class="author-email"><?php echo attr( $comment->comment_author_email ); ?></div>
|
||||
<div class="author"><?php echo attr( $comment->comment_author ); ?></div>
|
||||
<div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
|
||||
<div class="comment_status"><?php echo $comment->comment_approved; ?></div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -731,12 +731,12 @@ jQuery(function($){
|
|||
<table class="form-table">
|
||||
<tr valign="top">
|
||||
<th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th>
|
||||
<td><input name="hostname" type="text" id="hostname" value="<?php echo attribute_escape($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
||||
<td><input name="hostname" type="text" id="hostname" value="<?php echo attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
||||
</tr>
|
||||
|
||||
<tr valign="top">
|
||||
<th scope="row"><label for="username"><?php _e('Username') ?></label></th>
|
||||
<td><input name="username" type="text" id="username" value="<?php echo attribute_escape($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
||||
<td><input name="username" type="text" id="username" value="<?php echo attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
|
||||
</tr>
|
||||
|
||||
<tr valign="top">
|
||||
|
@ -750,7 +750,7 @@ jQuery(function($){
|
|||
<label for="public_key"><?php _e('Public Key:') ?></label ><br />
|
||||
<label for="private_key"><?php _e('Private Key:') ?></label>
|
||||
</div></th>
|
||||
<td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attribute_escape($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attribute_escape($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
|
||||
<td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
|
||||
<div><?php _e('Enter the location on the server where the keys are located. If a passphrase is needed, enter that in the password field above.') ?></div></td>
|
||||
</tr>
|
||||
|
||||
|
@ -767,10 +767,10 @@ jQuery(function($){
|
|||
</table>
|
||||
|
||||
<?php if ( isset( $_POST['version'] ) ) : ?>
|
||||
<input type="hidden" name="version" value="<?php echo attribute_escape($_POST['version']) ?>" />
|
||||
<input type="hidden" name="version" value="<?php echo attr($_POST['version']) ?>" />
|
||||
<?php endif; ?>
|
||||
<?php if ( isset( $_POST['locale'] ) ) : ?>
|
||||
<input type="hidden" name="locale" value="<?php echo attribute_escape($_POST['locale']) ?>" />
|
||||
<input type="hidden" name="locale" value="<?php echo attr($_POST['locale']) ?>" />
|
||||
<?php endif; ?>
|
||||
<p class="submit">
|
||||
<input id="upgrade" name="upgrade" type="submit" class="button" value="<?php _e('Proceed'); ?>" />
|
||||
|
|
|
@ -26,7 +26,7 @@ function add_filter() {}
|
|||
/**
|
||||
* @ignore
|
||||
*/
|
||||
function attribute_escape() {}
|
||||
function attr() {}
|
||||
|
||||
/**
|
||||
* @ignore
|
||||
|
|
|
@ -78,7 +78,7 @@ function the_media_upload_tabs() {
|
|||
$class = " class='current'";
|
||||
$href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
|
||||
$link = "<a href='" . clean_url($href) . "'$class>$text</a>";
|
||||
echo "\t<li id='" . attribute_escape("tab-$callback") . "'>$link</li>\n";
|
||||
echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n";
|
||||
}
|
||||
echo "</ul>\n";
|
||||
}
|
||||
|
@ -104,7 +104,7 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal
|
|||
|
||||
$html = get_image_tag($id, $htmlalt, $title, $align, $size);
|
||||
|
||||
$rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : '';
|
||||
$rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : '';
|
||||
|
||||
if ( $url )
|
||||
$html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
|
||||
|
@ -424,7 +424,7 @@ function media_upload_form_handler() {
|
|||
$html = $attachment['post_title'];
|
||||
if ( !empty($attachment['url']) ) {
|
||||
if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) )
|
||||
$rel = " rel='attachment wp-att-".attribute_escape($send_id)."'";
|
||||
$rel = " rel='attachment wp-att-".attr($send_id)."'";
|
||||
$html = "<a href='{$attachment['url']}'$rel>$html</a>";
|
||||
}
|
||||
$html = apply_filters('media_send_to_editor', $html, $send_id, $attachment);
|
||||
|
@ -459,9 +459,9 @@ function media_upload_image() {
|
|||
$src = $_POST['insertonly']['src'];
|
||||
if ( !empty($src) && !strpos($src, '://') )
|
||||
$src = "http://$src";
|
||||
$alt = attribute_escape($_POST['insertonly']['alt']);
|
||||
$alt = attr($_POST['insertonly']['alt']);
|
||||
if ( isset($_POST['insertonly']['align']) ) {
|
||||
$align = attribute_escape($_POST['insertonly']['align']);
|
||||
$align = attr($_POST['insertonly']['align']);
|
||||
$class = " class='align$align'";
|
||||
}
|
||||
if ( !empty($src) )
|
||||
|
@ -553,7 +553,7 @@ function media_upload_audio() {
|
|||
$href = $_POST['insertonly']['href'];
|
||||
if ( !empty($href) && !strpos($href, '://') )
|
||||
$href = "http://$href";
|
||||
$title = attribute_escape($_POST['insertonly']['title']);
|
||||
$title = attr($_POST['insertonly']['title']);
|
||||
if ( empty($title) )
|
||||
$title = basename($href);
|
||||
if ( !empty($title) && !empty($href) )
|
||||
|
@ -607,7 +607,7 @@ function media_upload_video() {
|
|||
$href = $_POST['insertonly']['href'];
|
||||
if ( !empty($href) && !strpos($href, '://') )
|
||||
$href = "http://$href";
|
||||
$title = attribute_escape($_POST['insertonly']['title']);
|
||||
$title = attr($_POST['insertonly']['title']);
|
||||
if ( empty($title) )
|
||||
$title = basename($href);
|
||||
if ( !empty($title) && !empty($href) )
|
||||
|
@ -661,7 +661,7 @@ function media_upload_file() {
|
|||
$href = $_POST['insertonly']['href'];
|
||||
if ( !empty($href) && !strpos($href, '://') )
|
||||
$href = "http://$href";
|
||||
$title = attribute_escape($_POST['insertonly']['title']);
|
||||
$title = attr($_POST['insertonly']['title']);
|
||||
if ( empty($title) )
|
||||
$title = basename($href);
|
||||
if ( !empty($title) && !empty($href) )
|
||||
|
@ -825,10 +825,10 @@ function image_link_input_fields($post, $url_type='') {
|
|||
elseif ( $url_type == 'post' )
|
||||
$url = $link;
|
||||
|
||||
return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attribute_escape($url) . "' /><br />
|
||||
return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br />
|
||||
<button type='button' class='button urlnone' title=''>" . __('None') . "</button>
|
||||
<button type='button' class='button urlfile' title='" . attribute_escape($file) . "'>" . __('File URL') . "</button>
|
||||
<button type='button' class='button urlpost' title='" . attribute_escape($link) . "'>" . __('Post URL') . "</button>
|
||||
<button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button>
|
||||
<button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button>
|
||||
";
|
||||
}
|
||||
|
||||
|
@ -988,7 +988,7 @@ function get_attachment_fields_to_edit($post, $errors = null) {
|
|||
'image_url' => array(
|
||||
'label' => __('File URL'),
|
||||
'input' => 'html',
|
||||
'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attribute_escape($image_url) . "' /><br />",
|
||||
'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />",
|
||||
'value' => isset($edit_post->post_url) ? $edit_post->post_url : '',
|
||||
'helps' => __('Location of the uploaded file.'),
|
||||
)
|
||||
|
@ -1085,19 +1085,19 @@ function get_media_item( $attachment_id, $args = null ) {
|
|||
$post = get_post($attachment_id);
|
||||
|
||||
$filename = basename($post->guid);
|
||||
$title = attribute_escape($post->post_title);
|
||||
$title = attr($post->post_title);
|
||||
|
||||
if ( $_tags = get_the_tags($attachment_id) ) {
|
||||
foreach ( $_tags as $tag )
|
||||
$tags[] = $tag->name;
|
||||
$tags = attribute_escape(join(', ', $tags));
|
||||
$tags = attr(join(', ', $tags));
|
||||
}
|
||||
|
||||
$type = '';
|
||||
if ( isset($post_mime_types) ) {
|
||||
$keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
|
||||
$type = array_shift($keys);
|
||||
$type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />";
|
||||
$type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />";
|
||||
}
|
||||
|
||||
$form_fields = get_attachment_fields_to_edit($post, $errors);
|
||||
|
@ -1156,7 +1156,7 @@ function get_media_item( $attachment_id, $args = null ) {
|
|||
|
||||
$delete_href = wp_nonce_url("post.php?action=delete-post&post=$attachment_id", 'delete-post_' . $attachment_id);
|
||||
if ( $send )
|
||||
$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />";
|
||||
$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attr( __( 'Insert into Post' ) ) . "' />";
|
||||
if ( $delete )
|
||||
$delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
|
||||
if ( ( $send || $delete ) && !isset($form_fields['buttons']) )
|
||||
|
@ -1194,7 +1194,7 @@ function get_media_item( $attachment_id, $args = null ) {
|
|||
elseif ( $field['input'] == 'textarea' ) {
|
||||
$item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
|
||||
} else {
|
||||
$item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "'" . $aria_required . "/>";
|
||||
$item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>";
|
||||
}
|
||||
if ( !empty($field['helps']) )
|
||||
$item .= "<p class='help'>" . join( "</p>\n<p class='help'>", array_unique((array) $field['helps']) ) . '</p>';
|
||||
|
@ -1222,7 +1222,7 @@ function get_media_item( $attachment_id, $args = null ) {
|
|||
$item .= "\t</table>\n";
|
||||
|
||||
foreach ( $hidden_fields as $name => $value )
|
||||
$item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n";
|
||||
$item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n";
|
||||
|
||||
if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) {
|
||||
$parent = (int) $_REQUEST['post_id'];
|
||||
|
@ -1303,7 +1303,7 @@ SWFUpload.onload = function() {
|
|||
button_width: "132",
|
||||
button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
|
||||
button_placeholder_id: "flash-browse-button",
|
||||
upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
|
||||
upload_url : "<?php echo attr( $flash_action_url ); ?>",
|
||||
flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>",
|
||||
file_post_name: "async-upload",
|
||||
file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
|
||||
|
@ -1350,7 +1350,7 @@ SWFUpload.onload = function() {
|
|||
<div id="html-upload-ui">
|
||||
<?php do_action('pre-html-upload-ui'); ?>
|
||||
<p id="async-upload-wrap">
|
||||
<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
|
||||
<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attr(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
|
||||
</p>
|
||||
<div class="clear"></div>
|
||||
<?php if ( is_lighttpd_before_150() ): ?>
|
||||
|
@ -1380,7 +1380,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
|
|||
$form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
|
||||
?>
|
||||
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
|
||||
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
|
||||
<?php wp_nonce_field('media-form'); ?>
|
||||
|
||||
|
@ -1412,7 +1412,7 @@ if ( $id ) {
|
|||
}
|
||||
?>
|
||||
</div>
|
||||
<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
|
||||
<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
|
||||
<?php
|
||||
}
|
||||
|
||||
|
@ -1436,7 +1436,7 @@ function media_upload_type_url_form($type = 'file', $errors = null, $id = null)
|
|||
$callback = "type_url_form_$type";
|
||||
?>
|
||||
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
|
||||
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
|
||||
<?php wp_nonce_field('media-form'); ?>
|
||||
|
||||
|
@ -1570,7 +1570,7 @@ jQuery(function($){
|
|||
<a href="#" id="desc"><?php _e('Descending'); ?></a> |
|
||||
<a href="#" id="clear"><?php _e('Clear'); ?></a>
|
||||
</div>
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
|
||||
<?php wp_nonce_field('media-form'); ?>
|
||||
<?php //media_upload_form( $errors ); ?>
|
||||
<table class="widefat" cellspacing="0">
|
||||
|
@ -1585,10 +1585,10 @@ jQuery(function($){
|
|||
</div>
|
||||
|
||||
<p class="ml-submit">
|
||||
<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
|
||||
<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
|
||||
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
|
||||
<input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" />
|
||||
<input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" />
|
||||
<input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" />
|
||||
<input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" />
|
||||
</p>
|
||||
|
||||
<div id="gallery-settings" style="display:none;">
|
||||
|
@ -1662,8 +1662,8 @@ jQuery(function($){
|
|||
</tbody></table>
|
||||
|
||||
<p class="ml-submit">
|
||||
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery' ) ); ?>" />
|
||||
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attribute_escape( __( 'Update gallery settings' ) ); ?>" />
|
||||
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attr( __( 'Insert gallery' ) ); ?>" />
|
||||
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attr( __( 'Update gallery settings' ) ); ?>" />
|
||||
</p>
|
||||
</div>
|
||||
</form>
|
||||
|
@ -1699,15 +1699,15 @@ function media_upload_library_form($errors) {
|
|||
?>
|
||||
|
||||
<form id="filter" action="" method="get">
|
||||
<input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" />
|
||||
<input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" />
|
||||
<input type="hidden" name="type" value="<?php echo attr( $type ); ?>" />
|
||||
<input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" />
|
||||
<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
|
||||
<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attribute_escape( $_GET['post_mime_type'] ) : ''; ?>" />
|
||||
<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" />
|
||||
|
||||
<p id="media-search" class="search-box">
|
||||
<label class="hidden" for="media-search-input"><?php _e('Search Media');?>:</label>
|
||||
<input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
|
||||
<input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
|
||||
<input type="submit" value="<?php echo attr( __( 'Search Media' ) ); ?>" class="button" />
|
||||
</p>
|
||||
|
||||
<ul class="subsubsub">
|
||||
|
@ -1786,7 +1786,7 @@ foreach ($arc_result as $arc_row) {
|
|||
else
|
||||
$default = '';
|
||||
|
||||
echo "<option$default value='" . attribute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";
|
||||
echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
|
||||
echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
|
||||
echo "</option>\n";
|
||||
}
|
||||
|
@ -1794,7 +1794,7 @@ foreach ($arc_result as $arc_row) {
|
|||
</select>
|
||||
<?php } ?>
|
||||
|
||||
<input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter »' ) ); ?>" class="button-secondary" />
|
||||
<input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter »' ) ); ?>" class="button-secondary" />
|
||||
|
||||
</div>
|
||||
|
||||
|
@ -1802,7 +1802,7 @@ foreach ($arc_result as $arc_row) {
|
|||
</div>
|
||||
</form>
|
||||
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="library-form">
|
||||
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
|
||||
|
||||
<?php wp_nonce_field('media-form'); ?>
|
||||
<?php //media_upload_form( $errors ); ?>
|
||||
|
@ -1824,7 +1824,7 @@ jQuery(function($){
|
|||
<?php echo get_media_items(null, $errors); ?>
|
||||
</div>
|
||||
<p class="ml-submit">
|
||||
<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
|
||||
<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
|
||||
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
|
||||
</p>
|
||||
</form>
|
||||
|
@ -1906,7 +1906,7 @@ function type_url_form_image() {
|
|||
<tr>
|
||||
<td></td>
|
||||
<td>
|
||||
<input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attribute_escape(__('Insert into Post')) . '" />
|
||||
<input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attr(__('Insert into Post')) . '" />
|
||||
</td>
|
||||
</tr>
|
||||
</tbody></table>
|
||||
|
@ -1942,7 +1942,7 @@ function type_url_form_audio() {
|
|||
<tr>
|
||||
<td></td>
|
||||
<td>
|
||||
<input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
|
||||
<input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
|
||||
</td>
|
||||
</tr>
|
||||
</tbody></table>
|
||||
|
@ -1977,7 +1977,7 @@ function type_url_form_video() {
|
|||
<tr>
|
||||
<td></td>
|
||||
<td>
|
||||
<input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
|
||||
<input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
|
||||
</td>
|
||||
</tr>
|
||||
</tbody></table>
|
||||
|
@ -2012,7 +2012,7 @@ function type_url_form_file() {
|
|||
<tr>
|
||||
<td></td>
|
||||
<td>
|
||||
<input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
|
||||
<input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
|
||||
</td>
|
||||
</tr>
|
||||
</tbody></table>
|
||||
|
|
|
@ -162,8 +162,8 @@ function install_search_form(){
|
|||
<option value="author"<?php selected('author', $type) ?>><?php _e('Author') ?></option>
|
||||
<option value="tag"<?php selected('tag', $type) ?>><?php _x('Tag', 'Plugin Installer') ?></option>
|
||||
</select>
|
||||
<input type="text" name="s" value="<?php echo attribute_escape($term) ?>" />
|
||||
<input type="submit" name="search" value="<?php echo attribute_escape(__('Search')) ?>" class="button" />
|
||||
<input type="text" name="s" value="<?php echo attr($term) ?>" />
|
||||
<input type="submit" name="search" value="<?php echo attr(__('Search')) ?>" class="button" />
|
||||
</form><?php
|
||||
}
|
||||
|
||||
|
@ -334,12 +334,12 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
|
|||
$author = wp_kses($author, $plugins_allowedtags);
|
||||
|
||||
if( isset($plugin['homepage']) )
|
||||
$title = '<a target="_blank" href="' . attribute_escape($plugin['homepage']) . '">' . $title . '</a>';
|
||||
$title = '<a target="_blank" href="' . attr($plugin['homepage']) . '">' . $title . '</a>';
|
||||
|
||||
$action_links = array();
|
||||
$action_links[] = '<a href="' . admin_url('plugin-install.php?tab=plugin-information&plugin=' . $plugin['slug'] .
|
||||
'&TB_iframe=true&width=600&height=800') . '" class="thickbox onclick" title="' .
|
||||
attribute_escape($name) . '">' . __('Install') . '</a>';
|
||||
attr($name) . '">' . __('Install') . '</a>';
|
||||
|
||||
$action_links = apply_filters('plugin_install_action_links', $action_links, $plugin);
|
||||
?>
|
||||
|
@ -348,7 +348,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
|
|||
<td class="vers"><?php echo $version; ?></td>
|
||||
<td class="vers">
|
||||
<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $plugin['num_ratings']), number_format_i18n($plugin['num_ratings'])) ?>">
|
||||
<div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div>
|
||||
<div class="star star-rating" style="width: <?php echo attr($plugin['rating']) ?>px"></div>
|
||||
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
|
||||
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
|
||||
<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
|
||||
|
@ -416,7 +416,7 @@ function install_plugin_information() {
|
|||
$class = ( $section_name == $section ) ? ' class="current"' : '';
|
||||
$href = add_query_arg( array('tab' => $tab, 'section' => $section_name) );
|
||||
$href = clean_url($href);
|
||||
$san_title = attribute_escape(sanitize_title_with_dashes($title));
|
||||
$san_title = attr(sanitize_title_with_dashes($title));
|
||||
echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n";
|
||||
}
|
||||
echo "</ul>\n";
|
||||
|
@ -505,7 +505,7 @@ function install_plugin_information() {
|
|||
</ul>
|
||||
<h2><?php _e('Average Rating') ?></h2>
|
||||
<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>">
|
||||
<div class="star star-rating" style="width: <?php echo attribute_escape($api->rating) ?>px"></div>
|
||||
<div class="star star-rating" style="width: <?php echo attr($api->rating) ?>px"></div>
|
||||
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
|
||||
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
|
||||
<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
|
||||
|
@ -530,7 +530,7 @@ function install_plugin_information() {
|
|||
$content = links_add_base_url($content, 'http://wordpress.org/extend/plugins/' . $api->slug . '/');
|
||||
$content = links_add_target($content, '_blank');
|
||||
|
||||
$san_title = attribute_escape(sanitize_title_with_dashes($title));
|
||||
$san_title = attr(sanitize_title_with_dashes($title));
|
||||
|
||||
$display = ( $section_name == $section ) ? 'block' : 'none';
|
||||
|
||||
|
|
|
@ -222,7 +222,7 @@ function get_terms_to_edit( $post_id, $taxonomy = 'post_tag' ) {
|
|||
foreach ( $tags as $tag )
|
||||
$tag_names[] = $tag->name;
|
||||
$tags_to_edit = join( ',', $tag_names );
|
||||
$tags_to_edit = attribute_escape( $tags_to_edit );
|
||||
$tags_to_edit = attr( $tags_to_edit );
|
||||
$tags_to_edit = apply_filters( 'terms_to_edit', $tags_to_edit, $taxonomy );
|
||||
|
||||
return $tags_to_edit;
|
||||
|
|
|
@ -118,7 +118,7 @@ function _cat_row( $category, $level, $name_override = false ) {
|
|||
$name = ( $name_override ? $name_override : $pad . ' ' . $category->name );
|
||||
$edit_link = "categories.php?action=edit&cat_ID=$category->term_id";
|
||||
if ( current_user_can( 'manage_categories' ) ) {
|
||||
$edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attribute_escape( $name ) . '</a><br />';
|
||||
$edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attr( $name ) . '</a><br />';
|
||||
$actions = array();
|
||||
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
||||
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick Edit') . '</a>';
|
||||
|
@ -257,7 +257,7 @@ function inline_edit_term_row($type) {
|
|||
<p class="inline-edit-save submit">
|
||||
<a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a>
|
||||
<?php $update_text = ( $is_tag ) ? __( 'Update Tag' ) : __( 'Update Category' ); ?>
|
||||
<a accesskey="s" href="#inline-edit" title="<?php echo attribute_escape( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
|
||||
<a accesskey="s" href="#inline-edit" title="<?php echo attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
|
||||
<img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
|
||||
<span class="error" style="display:none;"></span>
|
||||
<?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?>
|
||||
|
@ -289,7 +289,7 @@ function link_cat_row( $category, $name_override = false ) {
|
|||
$name = ( $name_override ? $name_override : $category->name );
|
||||
$edit_link = "link-category.php?action=edit&cat_ID=$category->term_id";
|
||||
if ( current_user_can( 'manage_categories' ) ) {
|
||||
$edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
|
||||
$edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
|
||||
$actions = array();
|
||||
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
||||
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick Edit') . '</a>';
|
||||
|
@ -649,7 +649,7 @@ function _tag_row( $tag, $class = '', $taxonomy = 'post_tag' ) {
|
|||
$out .= '<th scope="row" class="check-column"> <input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" /></th>';
|
||||
break;
|
||||
case 'name':
|
||||
$out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attribute_escape(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
|
||||
$out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
|
||||
$actions = array();
|
||||
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
||||
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick Edit') . '</a>';
|
||||
|
@ -1247,12 +1247,12 @@ function inline_edit_row( $type ) {
|
|||
wp_nonce_field( 'inlineeditnonce', '_inline_edit', false );
|
||||
$update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' );
|
||||
?>
|
||||
<a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attribute_escape( $update_text ); ?></a>
|
||||
<a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr( $update_text ); ?></a>
|
||||
<img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
|
||||
<?php } else {
|
||||
$update_text = ( $is_page ) ? __( 'Update Pages' ) : __( 'Update Posts' );
|
||||
?>
|
||||
<input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attribute_escape( $update_text ); ?>" />
|
||||
<input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr( $update_text ); ?>" />
|
||||
<?php } ?>
|
||||
<input type="hidden" name="post_view" value="<?php echo $m; ?>" />
|
||||
<br class="clear" />
|
||||
|
@ -1278,7 +1278,7 @@ function get_inline_data($post) {
|
|||
if ( ! current_user_can('edit_' . $post->post_type, $post->ID) )
|
||||
return;
|
||||
|
||||
$title = attribute_escape($post->post_title);
|
||||
$title = attr($post->post_title);
|
||||
|
||||
echo '
|
||||
<div class="hidden" id="inline_' . $post->ID . '">
|
||||
|
@ -1427,22 +1427,22 @@ function _post_row($a_post, $pending_comments, $mode) {
|
|||
case 'title':
|
||||
$attributes = 'class="post-title column-title"' . $style;
|
||||
?>
|
||||
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
|
||||
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
|
||||
<?php
|
||||
if ( 'excerpt' == $mode )
|
||||
the_excerpt();
|
||||
|
||||
$actions = array();
|
||||
if ( current_user_can('edit_post', $post->ID) ) {
|
||||
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attribute_escape(__('Edit this post')) . '">' . __('Edit') . '</a>';
|
||||
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attribute_escape(__('Edit this post inline')) . '">' . __('Quick Edit') . '</a>';
|
||||
$actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
|
||||
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
|
||||
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr(__('Edit this post inline')) . '">' . __('Quick Edit') . '</a>';
|
||||
$actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
|
||||
}
|
||||
if ( in_array($post->post_status, array('pending', 'draft')) ) {
|
||||
if ( current_user_can('edit_post', $post->ID) )
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
|
||||
} else {
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
}
|
||||
$actions = apply_filters('post_row_actions', $actions, $post);
|
||||
$action_count = count($actions);
|
||||
|
@ -1643,19 +1643,19 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
|
|||
$attributes = 'class="post-title page-title column-title"' . $style;
|
||||
$edit_link = get_edit_post_link( $page->ID );
|
||||
?>
|
||||
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
|
||||
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
|
||||
<?php
|
||||
$actions = array();
|
||||
if ( current_user_can('edit_page', $page->ID) ) {
|
||||
$actions['edit'] = '<a href="' . $edit_link . '" title="' . attribute_escape(__('Edit this page')) . '">' . __('Edit') . '</a>';
|
||||
$actions['edit'] = '<a href="' . $edit_link . '" title="' . attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
|
||||
$actions['inline'] = '<a href="#" class="editinline">' . __('Quick Edit') . '</a>';
|
||||
$actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
|
||||
$actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
|
||||
}
|
||||
if ( in_array($post->post_status, array('pending', 'draft')) ) {
|
||||
if ( current_user_can('edit_page', $page->ID) )
|
||||
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
|
||||
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
|
||||
} else {
|
||||
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
}
|
||||
$actions = apply_filters('page_row_actions', $actions, $page);
|
||||
$action_count = count($actions);
|
||||
|
@ -2114,9 +2114,9 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
|||
comment_text(); ?>
|
||||
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
|
||||
<textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
|
||||
<div class="author-email"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author_email ); ?></div>
|
||||
<div class="author"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author ); ?></div>
|
||||
<div class="author-url"><?php echo attribute_escape( $comment->comment_author_url ); ?></div>
|
||||
<div class="author-email"><?php if ( $user_can ) echo attr( $comment->comment_author_email ); ?></div>
|
||||
<div class="author"><?php if ( $user_can ) echo attr( $comment->comment_author ); ?></div>
|
||||
<div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
|
||||
<div class="comment_status"><?php echo $comment->comment_approved; ?></div>
|
||||
</div>
|
||||
<?php
|
||||
|
@ -2417,7 +2417,7 @@ function _list_meta_row( $entry, &$count ) {
|
|||
}
|
||||
}
|
||||
|
||||
$entry['meta_key'] = attribute_escape($entry['meta_key']);
|
||||
$entry['meta_key'] = attr($entry['meta_key']);
|
||||
$entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
|
||||
$entry['meta_id'] = (int) $entry['meta_id'];
|
||||
|
||||
|
@ -2427,8 +2427,8 @@ function _list_meta_row( $entry, &$count ) {
|
|||
$r .= "\n\t\t<td class='left'><label class='hidden' for='meta[{$entry['meta_id']}][key]'>" . __( 'Key' ) . "</label><input name='meta[{$entry['meta_id']}][key]' id='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' />";
|
||||
|
||||
$r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' ";
|
||||
$r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' />";
|
||||
$r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attribute_escape(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
|
||||
$r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attr(__( 'Delete' ))."' />";
|
||||
$r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attr(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
|
||||
$r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
|
||||
$r .= "</td>";
|
||||
|
||||
|
@ -2472,7 +2472,7 @@ function meta_form() {
|
|||
<?php
|
||||
|
||||
foreach ( $keys as $key ) {
|
||||
$key = attribute_escape( $key );
|
||||
$key = attr( $key );
|
||||
echo "\n<option value='$key'>$key</option>";
|
||||
}
|
||||
?>
|
||||
|
@ -2782,7 +2782,7 @@ function wp_import_upload_form( $action ) {
|
|||
<p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php
|
||||
else :
|
||||
?>
|
||||
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
|
||||
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr($action) ?>">
|
||||
<p>
|
||||
<?php wp_nonce_field('import-upload'); ?>
|
||||
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
|
||||
|
@ -2805,7 +2805,7 @@ function wp_import_upload_form( $action ) {
|
|||
*/
|
||||
function wp_remember_old_slug() {
|
||||
global $post;
|
||||
$name = attribute_escape($post->post_name); // just in case
|
||||
$name = attr($post->post_name); // just in case
|
||||
if ( strlen($name) )
|
||||
echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
|
||||
}
|
||||
|
@ -3171,15 +3171,15 @@ function find_posts_div($found_action = '') {
|
|||
/**
|
||||
* Display the post password.
|
||||
*
|
||||
* The password is passed through {@link attribute_escape()} to ensure that it
|
||||
* The password is passed through {@link attr()} to ensure that it
|
||||
* is safe for placing in an html attribute.
|
||||
*
|
||||
* @uses attribute_escape
|
||||
* @uses attr
|
||||
* @since 2.7.0
|
||||
*/
|
||||
function the_post_password() {
|
||||
global $post;
|
||||
if ( isset( $post->post_password ) ) echo attribute_escape( $post->post_password );
|
||||
if ( isset( $post->post_password ) ) echo attr( $post->post_password );
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -3297,12 +3297,12 @@ function _draft_or_post_title($post_id = 0)
|
|||
* A simple wrapper to display the "s" parameter in a GET URI. This function
|
||||
* should only be used when {@link the_search_query()} cannot.
|
||||
*
|
||||
* @uses attribute_escape
|
||||
* @uses attr
|
||||
* @since 2.7.0
|
||||
*
|
||||
*/
|
||||
function _admin_search_query() {
|
||||
echo isset($_GET['s']) ? attribute_escape( stripslashes( $_GET['s'] ) ) : '';
|
||||
echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : '';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -158,8 +158,8 @@ function install_theme_search_form() {
|
|||
<option value="author" <?php selected('author', $type) ?>><?php _e('Author'); ?></option>
|
||||
<option value="tag" <?php selected('tag', $type) ?>><?php _e('Tag'); ?></option>
|
||||
</select>
|
||||
<input type="text" name="s" size="30" value="<?php echo attribute_escape($term) ?>" />
|
||||
<input type="submit" name="search" value="<?php echo attribute_escape(__('Search')); ?>" class="button" />
|
||||
<input type="text" name="s" size="30" value="<?php echo attr($term) ?>" />
|
||||
<input type="submit" name="search" value="<?php echo attr(__('Search')); ?>" class="button" />
|
||||
</form>
|
||||
<?php
|
||||
}
|
||||
|
@ -202,7 +202,7 @@ function install_themes_dashboard() {
|
|||
if ( isset($trans[$feature]) )
|
||||
$feature_name = $trans[$feature];
|
||||
$feature_name = wp_specialchars( $feature_name );
|
||||
$feature = attribute_escape($feature);
|
||||
$feature = attr($feature);
|
||||
?>
|
||||
|
||||
<li>
|
||||
|
@ -218,7 +218,7 @@ function install_themes_dashboard() {
|
|||
|
||||
</div>
|
||||
<br class="clear" />
|
||||
<input type="submit" name="search" value="<?php echo attribute_escape(__('Find Themes')); ?>" class="button" />
|
||||
<input type="submit" name="search" value="<?php echo attr(__('Find Themes')); ?>" class="button" />
|
||||
</form>
|
||||
<?php
|
||||
}
|
||||
|
@ -301,8 +301,8 @@ function display_theme($theme, $actions = null, $show_details = true) {
|
|||
if ( !is_array($actions) ) {
|
||||
$actions = array();
|
||||
$actions[] = '<a href="' . admin_url('theme-install.php?tab=theme-information&theme=' . $theme->slug .
|
||||
'&TB_iframe=true&tbWidth=500&tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attribute_escape(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . '</a>';
|
||||
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attribute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>';
|
||||
'&TB_iframe=true&tbWidth=500&tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attr(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . '</a>';
|
||||
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>';
|
||||
$actions = apply_filters('theme_install_action_links', $actions, $theme);
|
||||
}
|
||||
|
||||
|
@ -310,7 +310,7 @@ function display_theme($theme, $actions = null, $show_details = true) {
|
|||
?>
|
||||
<a class='thickbox thickbox-preview screenshot'
|
||||
href='<? echo clean_url($preview_link); ?>'
|
||||
title='<?php echo attribute_escape(sprintf(__('Preview "%s"'), $name)); ?>'>
|
||||
title='<?php echo attr(sprintf(__('Preview "%s"'), $name)); ?>'>
|
||||
<img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' />
|
||||
</a>
|
||||
<h3><?php echo $name ?></h3>
|
||||
|
@ -331,7 +331,7 @@ function display_theme($theme, $actions = null, $show_details = true) {
|
|||
<p><strong><?php _e('Downloaded:') ?></strong> <?php printf(_n('%s time', '%s times', $theme->downloaded), number_format_i18n($theme->downloaded)) ?></p>
|
||||
<?php endif; ?>
|
||||
<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $theme->num_ratings), number_format_i18n($theme->num_ratings)) ?>">
|
||||
<div class="star star-rating" style="width: <?php echo attribute_escape($theme->rating) ?>px"></div>
|
||||
<div class="star star-rating" style="width: <?php echo attr($theme->rating) ?>px"></div>
|
||||
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
|
||||
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
|
||||
<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
|
||||
|
|
|
@ -366,16 +366,16 @@ function get_others_pending($user_id) {
|
|||
*/
|
||||
function get_user_to_edit( $user_id ) {
|
||||
$user = new WP_User( $user_id );
|
||||
$user->user_login = attribute_escape($user->user_login);
|
||||
$user->user_email = attribute_escape($user->user_email);
|
||||
$user->user_login = attr($user->user_login);
|
||||
$user->user_email = attr($user->user_email);
|
||||
$user->user_url = clean_url($user->user_url);
|
||||
$user->first_name = attribute_escape($user->first_name);
|
||||
$user->last_name = attribute_escape($user->last_name);
|
||||
$user->display_name = attribute_escape($user->display_name);
|
||||
$user->nickname = attribute_escape($user->nickname);
|
||||
$user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attribute_escape($user->aim) : '';
|
||||
$user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attribute_escape($user->yim) : '';
|
||||
$user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attribute_escape($user->jabber) : '';
|
||||
$user->first_name = attr($user->first_name);
|
||||
$user->last_name = attr($user->last_name);
|
||||
$user->display_name = attr($user->display_name);
|
||||
$user->nickname = attr($user->nickname);
|
||||
$user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attr($user->aim) : '';
|
||||
$user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attr($user->yim) : '';
|
||||
$user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attr($user->jabber) : '';
|
||||
$user->description = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : '';
|
||||
|
||||
return $user;
|
||||
|
|
|
@ -165,7 +165,7 @@ if ( $links ) {
|
|||
|
||||
foreach ($links as $link) {
|
||||
$link = sanitize_bookmark($link);
|
||||
$link->link_name = attribute_escape($link->link_name);
|
||||
$link->link_name = attr($link->link_name);
|
||||
$link->link_category = wp_get_link_cats($link->link_id);
|
||||
$short_url = str_replace('http://', '', $link->link_url);
|
||||
$short_url = preg_replace('/^www\./i', '', $short_url);
|
||||
|
@ -194,7 +194,7 @@ if ( $links ) {
|
|||
break;
|
||||
case 'name':
|
||||
|
||||
echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $link->link_name)) . "'>$link->link_name</a></strong><br />";
|
||||
echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $link->link_name)) . "'>$link->link_name</a></strong><br />";
|
||||
$actions = array();
|
||||
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
||||
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("link.php?action=delete&link_id=$link->link_id", 'delete-bookmark_' . $link->link_id) . "' onclick=\"if ( confirm('" . js_escape(sprintf( __("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
|
||||
|
|
|
@ -35,7 +35,7 @@ function add_filter() {}
|
|||
/**
|
||||
* @ignore
|
||||
*/
|
||||
function attribute_escape() {}
|
||||
function attr() {}
|
||||
|
||||
/**
|
||||
* @ignore
|
||||
|
|
|
@ -35,7 +35,7 @@ function add_filter() {}
|
|||
/**
|
||||
* @ignore
|
||||
*/
|
||||
function attribute_escape() {}
|
||||
function attr() {}
|
||||
|
||||
/**
|
||||
* @ignore
|
||||
|
|
|
@ -78,7 +78,7 @@ if ( isset($_GET['inline']) ) {
|
|||
<?php wp_nonce_field('media-form'); ?>
|
||||
<div id="media-items"> </div>
|
||||
<p>
|
||||
<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
|
||||
<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
|
||||
</p>
|
||||
</form>
|
||||
</div>
|
||||
|
|
|
@ -39,7 +39,7 @@ $menu[5] = array( __('Posts'), 'edit_posts', 'edit.php', '', 'open-if-no-js menu
|
|||
if ( $tax->hierarchical || ! in_array('post', (array) $tax->object_type, true) )
|
||||
continue;
|
||||
|
||||
$submenu['edit.php'][$i] = array( attribute_escape($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name );
|
||||
$submenu['edit.php'][$i] = array( attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name );
|
||||
++$i;
|
||||
}
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ include('admin-header.php');
|
|||
|
||||
<label for="close_comments_for_old_posts">
|
||||
<input name="close_comments_for_old_posts" type="checkbox" id="close_comments_for_old_posts" value="1" <?php checked('1', get_option('close_comments_for_old_posts')); ?> />
|
||||
<?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attribute_escape(get_option('close_comments_days_old')) . '" class="small-text" />') ?>
|
||||
<?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attr(get_option('close_comments_days_old')) . '" class="small-text" />') ?>
|
||||
<br />
|
||||
<label for="thread_comments">
|
||||
<input name="thread_comments" type="checkbox" id="thread_comments" value="1" <?php checked('1', get_option('thread_comments')); ?> />
|
||||
|
@ -83,7 +83,7 @@ $default_comments_page .= '>' . __('last') . '</option><option value="oldest"';
|
|||
if ( 'oldest' == get_option('default_comments_page') ) $default_comments_page .= ' selected="selected"';
|
||||
$default_comments_page .= '>' . __('first') . '</option></select>';
|
||||
|
||||
printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attribute_escape(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page );
|
||||
printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attr(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page );
|
||||
|
||||
?></label>
|
||||
<br />
|
||||
|
|
|
@ -210,7 +210,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
|
|||
$custom = TRUE;
|
||||
|
||||
foreach ( $date_formats as $format ) {
|
||||
echo "\t<label title='" . attribute_escape($format) . "'><input type='radio' name='date_format' value='" . attribute_escape($format) . "'";
|
||||
echo "\t<label title='" . attr($format) . "'><input type='radio' name='date_format' value='" . attr($format) . "'";
|
||||
if ( get_option('date_format') === $format ) { // checked() uses "==" rather than "==="
|
||||
echo " checked='checked'";
|
||||
$custom = FALSE;
|
||||
|
@ -220,7 +220,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
|
|||
|
||||
echo ' <label><input type="radio" name="date_format" id="date_format_custom_radio" value="\c\u\s\t\o\m"';
|
||||
checked( $custom );
|
||||
echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attribute_escape( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n";
|
||||
echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attr( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n";
|
||||
|
||||
echo "\t<p>" . __('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click "Save Changes" to update sample output.') . "</p>\n";
|
||||
?>
|
||||
|
@ -242,7 +242,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
|
|||
$custom = TRUE;
|
||||
|
||||
foreach ( $time_formats as $format ) {
|
||||
echo "\t<label title='" . attribute_escape($format) . "'><input type='radio' name='time_format' value='" . attribute_escape($format) . "'";
|
||||
echo "\t<label title='" . attr($format) . "'><input type='radio' name='time_format' value='" . attr($format) . "'";
|
||||
if ( get_option('time_format') === $format ) { // checked() uses "==" rather than "==="
|
||||
echo " checked='checked'";
|
||||
$custom = FALSE;
|
||||
|
@ -252,7 +252,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
|
|||
|
||||
echo ' <label><input type="radio" name="time_format" id="time_format_custom_radio" value="\c\u\s\t\o\m"';
|
||||
checked( $custom );
|
||||
echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attribute_escape( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n";
|
||||
echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attr( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n";
|
||||
?>
|
||||
</fieldset>
|
||||
</td>
|
||||
|
|
|
@ -27,14 +27,14 @@ include('admin-header.php');
|
|||
<table class="form-table">
|
||||
<tr valign="top">
|
||||
<th scope="row"><label for="upload_path"><?php _e('Store uploads in this folder'); ?></label></th>
|
||||
<td><input name="upload_path" type="text" id="upload_path" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" />
|
||||
<td><input name="upload_path" type="text" id="upload_path" value="<?php echo attr(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" />
|
||||
<span class="setting-description"><?php _e('Default is <code>wp-content/uploads</code>'); ?></span>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr valign="top">
|
||||
<th scope="row"><label for="upload_url_path"><?php _e('Full URL path to files'); ?></label></th>
|
||||
<td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attribute_escape( get_option('upload_url_path')); ?>" class="regular-text code" />
|
||||
<td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attr( get_option('upload_url_path')); ?>" class="regular-text code" />
|
||||
<span class="setting-description"><?php _e('Configuring this is optional. By default, it should be blank.'); ?></span>
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
@ -173,7 +173,7 @@ $structures = array(
|
|||
</label>
|
||||
</th>
|
||||
<td>
|
||||
<input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attribute_escape($permalink_structure); ?>" class="regular-text code" />
|
||||
<input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attr($permalink_structure); ?>" class="regular-text code" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
@ -188,11 +188,11 @@ $structures = array(
|
|||
<table class="form-table">
|
||||
<tr>
|
||||
<th><label for="category_base"><?php _e('Category base'); ?></label></th>
|
||||
<td><input name="category_base" id="category_base" type="text" value="<?php echo attribute_escape($category_base); ?>" class="regular-text code" /></td>
|
||||
<td><input name="category_base" id="category_base" type="text" value="<?php echo attr($category_base); ?>" class="regular-text code" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><label for="tag_base"><?php _e('Tag base'); ?></label></th>
|
||||
<td><input name="tag_base" id="tag_base" type="text" value="<?php echo attribute_escape($tag_base); ?>" class="regular-text code" /></td>
|
||||
<td><input name="tag_base" id="tag_base" type="text" value="<?php echo attr($tag_base); ?>" class="regular-text code" /></td>
|
||||
</tr>
|
||||
<?php do_settings_fields('permalink', 'optional'); ?>
|
||||
</table>
|
||||
|
|
|
@ -99,7 +99,7 @@ $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name
|
|||
|
||||
foreach ( (array) $options as $option) :
|
||||
$disabled = '';
|
||||
$option->option_name = attribute_escape($option->option_name);
|
||||
$option->option_name = attr($option->option_name);
|
||||
if ( is_serialized($option->option_value) ) {
|
||||
if ( is_serialized_string($option->option_value) ) {
|
||||
// this is a serialized string, so we should display it
|
||||
|
@ -122,7 +122,7 @@ foreach ( (array) $options as $option) :
|
|||
<td>";
|
||||
|
||||
if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
|
||||
else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attribute_escape($value) . "'$disabled />";
|
||||
else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attr($value) . "'$disabled />";
|
||||
|
||||
echo "</td>
|
||||
</tr>";
|
||||
|
|
|
@ -116,7 +116,7 @@ default:
|
|||
$docs_select = '<select name="docs-list" id="docs-list">';
|
||||
$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
|
||||
foreach ( $functions as $function) {
|
||||
$docs_select .= '<option value="' . attribute_escape( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
|
||||
$docs_select .= '<option value="' . attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
|
||||
}
|
||||
$docs_select .= '</select>';
|
||||
}
|
||||
|
@ -132,7 +132,7 @@ default:
|
|||
<div id="message" class="updated fade"><p><?php _e('This plugin has been deactivated because your changes resulted in a <strong>fatal error</strong>.') ?></p>
|
||||
<?php
|
||||
if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $file) ) { ?>
|
||||
<iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&plugin=<?php echo attribute_escape($file); ?>&_wpnonce=<?php echo attribute_escape($_GET['_error_nonce']); ?>"></iframe>
|
||||
<iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&plugin=<?php echo attr($file); ?>&_wpnonce=<?php echo attr($_GET['_error_nonce']); ?>"></iframe>
|
||||
<?php } ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
@ -150,8 +150,8 @@ default:
|
|||
$selected = " selected='selected'";
|
||||
else
|
||||
$selected = '';
|
||||
$plugin_name = attribute_escape($plugin_name);
|
||||
$plugin_key = attribute_escape($plugin_key);
|
||||
$plugin_name = attr($plugin_name);
|
||||
$plugin_key = attr($plugin_key);
|
||||
echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>";
|
||||
}
|
||||
?>
|
||||
|
@ -208,7 +208,7 @@ foreach ( $plugin_files as $plugin_file ) :
|
|||
<input type="hidden" name="plugin" value="<?php echo $plugin ?>" />
|
||||
</div>
|
||||
<?php if ( count( $functions ) ) : ?>
|
||||
<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attribute_escape(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
|
||||
<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attr(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
|
||||
<?php endif; ?>
|
||||
<?php if ( is_writeable($real_file) ) : ?>
|
||||
<?php if ( in_array($file, (array) get_option('active_plugins')) ) { ?>
|
||||
|
|
|
@ -139,7 +139,7 @@ if ( !empty($action) ) {
|
|||
<input type="hidden" name="action" value="delete-selected" />
|
||||
<?php
|
||||
foreach ( (array)$plugins as $plugin )
|
||||
echo '<input type="hidden" name="checked[]" value="' . attribute_escape($plugin) . '" />';
|
||||
echo '<input type="hidden" name="checked[]" value="' . attr($plugin) . '" />';
|
||||
?>
|
||||
<?php wp_nonce_field('bulk-manage-plugins') ?>
|
||||
<input type="submit" name="submit" value="<?php _e('Yes, Delete these files') ?>" class="button" />
|
||||
|
@ -194,7 +194,7 @@ if ( !empty($invalid) )
|
|||
<div id="message" class="updated fade"><p><?php _e('Plugin could not be activated because it triggered a <strong>fatal error</strong>.') ?></p>
|
||||
<?php
|
||||
if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin) ) { ?>
|
||||
<iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&plugin=' . attribute_escape($plugin) . '&_wpnonce=' . attribute_escape($_GET['_error_nonce'])); ?>"></iframe>
|
||||
<iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&plugin=' . attr($plugin) . '&_wpnonce=' . attr($_GET['_error_nonce'])); ?>"></iframe>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
@ -369,7 +369,7 @@ function print_plugins_table($plugins, $context = '') {
|
|||
$class = $is_active ? 'active' : 'inactive';
|
||||
echo "
|
||||
<tr class='$class'>
|
||||
<th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attribute_escape($plugin_file) . "' /></th>
|
||||
<th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attr($plugin_file) . "' /></th>
|
||||
<td class='plugin-title'><strong>{$plugin_data['Title']}</strong>";
|
||||
$i = 0;
|
||||
echo '<div class="row-actions">';
|
||||
|
@ -432,8 +432,8 @@ function print_plugin_actions($context) {
|
|||
|
||||
<form method="post" action="<?php echo admin_url('plugins.php') ?>">
|
||||
<?php wp_nonce_field('bulk-manage-plugins') ?>
|
||||
<input type="hidden" name="plugin_status" value="<?php echo attribute_escape($status) ?>" />
|
||||
<input type="hidden" name="paged" value="<?php echo attribute_escape($page) ?>" />
|
||||
<input type="hidden" name="plugin_status" value="<?php echo attr($status) ?>" />
|
||||
<input type="hidden" name="paged" value="<?php echo attr($page) ?>" />
|
||||
|
||||
<ul class="subsubsub">
|
||||
<?php
|
||||
|
|
|
@ -135,12 +135,12 @@ switch ($_REQUEST['ajax']) {
|
|||
<h3 class="tb"><label for="this_photo_description"><?php _e('Description') ?></label></h3>
|
||||
<div class="titlediv">
|
||||
<div class="titlewrap">
|
||||
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>
|
||||
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="centered"><input type="hidden" name="this_photo" value="<?php echo attribute_escape($image); ?>" id="this_photo" />
|
||||
<a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attribute_escape(__('Click to insert.')); ?>" title="<?php echo attribute_escape(__('Click to insert.')); ?>" /></a></p>
|
||||
<p class="centered"><input type="hidden" name="this_photo" value="<?php echo attr($image); ?>" id="this_photo" />
|
||||
<a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attr(__('Click to insert.')); ?>" title="<?php echo attr(__('Click to insert.')); ?>" /></a></p>
|
||||
|
||||
<p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p>
|
||||
|
||||
|
@ -168,7 +168,7 @@ switch ($_REQUEST['ajax']) {
|
|||
<h3 class="tb"><label for="photo_description"><?php _e('Description') ?></label></h3>
|
||||
<div id="titlediv">
|
||||
<div class="titlewrap">
|
||||
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>
|
||||
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
@ -377,7 +377,7 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
|
|||
jQuery('#extra_fields').show();
|
||||
switch(tab_name) {
|
||||
case 'video' :
|
||||
jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attribute_escape($selection); ?>'}, function() {
|
||||
jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attr($selection); ?>'}, function() {
|
||||
<?php
|
||||
$content = '';
|
||||
if ( preg_match("/youtube\.com\/watch/i", $url) ) {
|
||||
|
@ -516,7 +516,7 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
|
|||
|
||||
<div id="titlediv">
|
||||
<div class="titlewrap">
|
||||
<input name="title" id="title" class="text" value="<?php echo attribute_escape($title);?>"/>
|
||||
<input name="title" id="title" class="text" value="<?php echo attr($title);?>"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -125,7 +125,7 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
|
|||
$theme_name = $a_theme['Name'];
|
||||
if ($theme_name == $theme) $selected = " selected='selected'";
|
||||
else $selected = '';
|
||||
$theme_name = attribute_escape($theme_name);
|
||||
$theme_name = attr($theme_name);
|
||||
echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -188,14 +188,14 @@ foreach ( $cols as $col => $theme_name ) {
|
|||
$parent_theme = $themes[$theme_name]['Parent Theme'];
|
||||
$preview_link = clean_url( get_option('home') . '/');
|
||||
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) );
|
||||
$preview_text = attribute_escape( sprintf( __('Preview of "%s"'), $title ) );
|
||||
$preview_text = attr( sprintf( __('Preview of "%s"'), $title ) );
|
||||
$tags = $themes[$theme_name]['Tags'];
|
||||
$thickbox_class = 'thickbox thickbox-preview';
|
||||
$activate_link = wp_nonce_url("themes.php?action=activate&template=".urlencode($template)."&stylesheet=".urlencode($stylesheet), 'switch-theme_' . $template);
|
||||
$activate_text = attribute_escape( sprintf( __('Activate "%s"'), $title ) );
|
||||
$activate_text = attr( sprintf( __('Activate "%s"'), $title ) );
|
||||
$actions = array();
|
||||
$actions[] = '<a href="' . $activate_link . '" class="activatelink" title="' . $activate_text . '">' . __('Activate') . '</a>';
|
||||
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attribute_escape(sprintf(__('Preview "%s"'), $theme_name)) . '">' . __('Preview') . '</a>';
|
||||
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $theme_name)) . '">' . __('Preview') . '</a>';
|
||||
if ( current_user_can('update_themes') )
|
||||
$actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . js_escape(sprintf( __("You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>';
|
||||
$actions = apply_filters('theme_action_links', $actions, $themes[$theme_name]);
|
||||
|
|
|
@ -84,7 +84,7 @@ if ( ! $is_opera ) {
|
|||
|
||||
<p><?php _e('Use Press This to clip text, images and videos from any web page. Then edit and add more straight from Press This before you save or publish it in a post on your blog.'); ?></p>
|
||||
<p><?php _e('Drag-and-drop the following link to your bookmarks bar or right click it and add it to your favorites for a posting shortcut.') ?></p>
|
||||
<p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attribute_escape(__('Press This')) ?>"><?php _e('Press This') ?></a></p>
|
||||
<p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attr(__('Press This')) ?>"><?php _e('Press This') ?></a></p>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
|
|
@ -46,9 +46,9 @@ function list_core_update( $update ) {
|
|||
echo '<a href="' . $update->package . '" class="button">' . $download . '</a> ';
|
||||
if ( 'en_US' != $update->locale )
|
||||
if ( !isset( $update->dismissed ) || !$update->dismissed )
|
||||
echo '<input id="dismiss" class="button" type="submit" value="' . attribute_escape(__('Hide this update')) . '" name="dismiss" />';
|
||||
echo '<input id="dismiss" class="button" type="submit" value="' . attr(__('Hide this update')) . '" name="dismiss" />';
|
||||
else
|
||||
echo '<input id="undismiss" class="button" type="submit" value="' . attribute_escape(__('Bring back this update')) . '" name="undismiss" />';
|
||||
echo '<input id="undismiss" class="button" type="submit" value="' . attr(__('Bring back this update')) . '" name="undismiss" />';
|
||||
echo '</p>';
|
||||
echo '</form>';
|
||||
|
||||
|
|
|
@ -329,10 +329,10 @@ foreach ($arc_result as $arc_row) {
|
|||
|
||||
<td class="media-icon"><?php
|
||||
if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?>
|
||||
<a href="media.php?action=edit&attachment_id=<?php echo $post->ID; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $thumb; ?></a>
|
||||
<a href="media.php?action=edit&attachment_id=<?php echo $post->ID; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $thumb; ?></a>
|
||||
<?php } ?></td>
|
||||
|
||||
<td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
|
||||
<td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
|
||||
<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
|
||||
|
||||
<div class="row-actions">
|
||||
|
@ -342,7 +342,7 @@ foreach ($arc_result as $arc_row) {
|
|||
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
|
||||
if ( current_user_can('delete_post', $post->ID) )
|
||||
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
|
||||
if ( current_user_can('edit_post', $post->ID) )
|
||||
$actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>';
|
||||
$actions = apply_filters( 'media_row_actions', $actions, $post );
|
||||
|
|
|
@ -28,10 +28,10 @@ if ( empty($doaction) ) {
|
|||
}
|
||||
|
||||
if ( empty($_REQUEST) ) {
|
||||
$referer = '<input type="hidden" name="wp_http_referer" value="'. attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
|
||||
$referer = '<input type="hidden" name="wp_http_referer" value="'. attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
|
||||
} elseif ( isset($_REQUEST['wp_http_referer']) ) {
|
||||
$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
|
||||
$referer = '<input type="hidden" name="wp_http_referer" value="' . attribute_escape($redirect) . '" />';
|
||||
$referer = '<input type="hidden" name="wp_http_referer" value="' . attr($redirect) . '" />';
|
||||
} else {
|
||||
$redirect = 'users.php';
|
||||
$referer = '';
|
||||
|
@ -291,7 +291,7 @@ unset($role_links);
|
|||
<form class="search-form" action="" method="get">
|
||||
<p class="search-box">
|
||||
<label class="hidden" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label>
|
||||
<input type="text" id="user-search-input" name="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" />
|
||||
<input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" />
|
||||
<input type="submit" value="<?php _e( 'Search Users' ); ?>" class="button" />
|
||||
</p>
|
||||
</form>
|
||||
|
@ -388,7 +388,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
|
|||
<?php
|
||||
foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
|
||||
$var = 'new_' . $var;
|
||||
$$var = isset($_REQUEST[$formpost]) ? attribute_escape(stripslashes($_REQUEST[$formpost])) : '';
|
||||
$$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : '';
|
||||
}
|
||||
unset($name);
|
||||
?>
|
||||
|
|
|
@ -356,7 +356,7 @@ $i = 0;
|
|||
foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) {
|
||||
if ( 'wp_inactive_widgets' == $sidebar )
|
||||
continue; ?>
|
||||
<div id="<?php echo attribute_escape( $sidebar ); ?>" class="widgets-holder-wrap">
|
||||
<div id="<?php echo attr( $sidebar ); ?>" class="widgets-holder-wrap">
|
||||
<h3 class="sidebar-name"><?php echo wp_specialchars( $registered_sidebar['name'] ); ?>
|
||||
<span><img src="images/loading-publish.gif" class="ajax-feedback" title="" alt="" /></span></h3>
|
||||
<?php wp_list_widget_controls( $sidebar, $i ); // Show the control forms for each of the widgets in this sidebar ?>
|
||||
|
|
12
wp-app.php
12
wp-app.php
|
@ -352,9 +352,9 @@ class AtomServer {
|
|||
if( !current_user_can( 'edit_posts' ) )
|
||||
$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
|
||||
|
||||
$entries_url = attribute_escape($this->get_entries_url());
|
||||
$categories_url = attribute_escape($this->get_categories_url());
|
||||
$media_url = attribute_escape($this->get_attachments_url());
|
||||
$entries_url = attr($this->get_entries_url());
|
||||
$categories_url = attr($this->get_categories_url());
|
||||
$media_url = attr($this->get_attachments_url());
|
||||
foreach ($this->media_content_types as $med) {
|
||||
$accepted_media_types = $accepted_media_types . "<accept>" . $med . "</accept>";
|
||||
}
|
||||
|
@ -392,12 +392,12 @@ EOD;
|
|||
if( !current_user_can( 'edit_posts' ) )
|
||||
$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
|
||||
|
||||
$home = attribute_escape(get_bloginfo_rss('home'));
|
||||
$home = attr(get_bloginfo_rss('home'));
|
||||
|
||||
$categories = "";
|
||||
$cats = get_categories("hierarchical=0&hide_empty=0");
|
||||
foreach ((array) $cats as $cat) {
|
||||
$categories .= " <category term=\"" . attribute_escape($cat->name) . "\" />\n";
|
||||
$categories .= " <category term=\"" . attr($cat->name) . "\" />\n";
|
||||
}
|
||||
$output = <<<EOD
|
||||
<app:categories xmlns:app="$this->ATOMPUB_NS"
|
||||
|
@ -1332,7 +1332,7 @@ list($content_type, $content) = prep_atom_text_construct(get_the_content()); ?>
|
|||
function redirect($url) {
|
||||
|
||||
log_app('Status','302: Redirect');
|
||||
$escaped_url = attribute_escape($url);
|
||||
$escaped_url = attr($url);
|
||||
$content = <<<EOD
|
||||
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
|
||||
<html>
|
||||
|
|
|
@ -64,7 +64,7 @@ if ( post_password_required($commentstatus) ) { // and it doesn't match the coo
|
|||
|
||||
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
|
||||
<?php if ( is_user_logged_in() ) : ?>
|
||||
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attribute_escape(__('Log out of this account')); ?>"><?php _e('Log out »'); ?></a></p>
|
||||
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attr(__('Log out of this account')); ?>"><?php _e('Log out »'); ?></a></p>
|
||||
<?php else : ?>
|
||||
<p>
|
||||
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
|
||||
|
@ -90,7 +90,7 @@ if ( post_password_required($commentstatus) ) { // and it doesn't match the coo
|
|||
|
||||
<p>
|
||||
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
|
||||
<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
|
||||
<input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" />
|
||||
<input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" />
|
||||
</p>
|
||||
<?php do_action('comment_form', $post->ID); ?>
|
||||
|
|
|
@ -68,7 +68,7 @@ if ( post_password_required() ) : ?>
|
|||
|
||||
<p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p>
|
||||
|
||||
<p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php echo attribute_escape(__('Submit Comment')); ?>" />
|
||||
<p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php echo attr(__('Submit Comment')); ?>" />
|
||||
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
|
||||
</p>
|
||||
<?php do_action('comment_form', $post->ID); ?>
|
||||
|
|
|
@ -89,7 +89,7 @@ if ( post_password_required($post) ) { // and it doesn't match the cookie
|
|||
|
||||
<p>
|
||||
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
|
||||
<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
|
||||
<input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" />
|
||||
<input name="submit" type="submit" tabindex="5" value="Say It!" />
|
||||
</p>
|
||||
<?php do_action('comment_form', $post->ID); ?>
|
||||
|
|
|
@ -166,7 +166,7 @@ function kubrick_theme_page_head() {
|
|||
kUpdate(ColorPicker_targetInput.id);
|
||||
}
|
||||
function PopupWindow_populate(contents) {
|
||||
contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php echo attribute_escape(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
|
||||
contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php echo attr(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
|
||||
this.contents = contents;
|
||||
this.populated = false;
|
||||
}
|
||||
|
@ -380,43 +380,43 @@ function kubrick_theme_page() {
|
|||
<div id="nonJsForm">
|
||||
<form method="post" action="">
|
||||
<?php wp_nonce_field('kubrick-header'); ?>
|
||||
<div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attribute_escape(__('Save')); ?>" /></div>
|
||||
<label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
|
||||
<label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
|
||||
<label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
|
||||
<input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
|
||||
<input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attribute_escape(__('Toggle Text')); ?>" />
|
||||
<input type="submit" name="defaults" value="<?php echo attribute_escape(__('Use Defaults')); ?>" />
|
||||
<div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attr(__('Save')); ?>" /></div>
|
||||
<label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attr(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
|
||||
<label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attr(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
|
||||
<label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attr(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
|
||||
<input type="hidden" name="hi" id="hi" value="<?php echo attr(kubrick_header_image()); ?>" />
|
||||
<input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attr(__('Toggle Text')); ?>" />
|
||||
<input type="submit" name="defaults" value="<?php echo attr(__('Use Defaults')); ?>" />
|
||||
<input type="submit" class="defbutton" name="submitform" value=" <?php _e('Save'); ?> " />
|
||||
<input type="hidden" name="action" value="save" />
|
||||
<input type="hidden" name="njform" value="true" />
|
||||
</form>
|
||||
</div>
|
||||
<div id="jsForm">
|
||||
<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
|
||||
<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attr($_SERVER['REQUEST_URI']); ?>">
|
||||
<?php wp_nonce_field('kubrick-header'); ?>
|
||||
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attribute_escape(__('Font Color')); ?>"></input>
|
||||
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attribute_escape(__('Upper Color')); ?>"></input>
|
||||
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attribute_escape(__('Lower Color')); ?>"></input>
|
||||
<input type="button" class="button-secondary" name="revert" value="<?php echo attribute_escape(__('Revert')); ?>" onclick="kRevert()" />
|
||||
<input type="button" class="button-secondary" value="<?php echo attribute_escape(__('Advanced')); ?>" onclick="toggleAdvanced()" />
|
||||
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attr(__('Font Color')); ?>"></input>
|
||||
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attr(__('Upper Color')); ?>"></input>
|
||||
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attr(__('Lower Color')); ?>"></input>
|
||||
<input type="button" class="button-secondary" name="revert" value="<?php echo attr(__('Revert')); ?>" onclick="kRevert()" />
|
||||
<input type="button" class="button-secondary" value="<?php echo attr(__('Advanced')); ?>" onclick="toggleAdvanced()" />
|
||||
<input type="hidden" name="action" value="save" />
|
||||
<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" />
|
||||
<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" />
|
||||
<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" />
|
||||
<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" />
|
||||
<input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
|
||||
<p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php echo attribute_escape(__('Update Header')); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
|
||||
<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attr(kubrick_header_display()); ?>" />
|
||||
<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attr(kubrick_header_color()); ?>" />
|
||||
<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attr(kubrick_upper_color()); ?>" />
|
||||
<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attr(kubrick_lower_color()); ?>" />
|
||||
<input type="hidden" name="headerimage" id="headerimage" value="<?php echo attr(kubrick_header_image()); ?>" />
|
||||
<p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php echo attr(__('Update Header')); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
|
||||
</form>
|
||||
<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
|
||||
<div id="advanced">
|
||||
<form id="jsAdvanced" style="display:none;" action="">
|
||||
<?php wp_nonce_field('kubrick-header'); ?>
|
||||
<label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br />
|
||||
<label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br />
|
||||
<label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br />
|
||||
<input type="button" class="button-secondary" name="default" value="<?php echo attribute_escape(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br />
|
||||
<input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attribute_escape(__('Toggle Text Display')); ?>"></input><br />
|
||||
<label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attr(kubrick_header_color()); ?>" /><br />
|
||||
<label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attr(kubrick_upper_color()); ?>" /><br />
|
||||
<label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attr(kubrick_lower_color()); ?>" /><br />
|
||||
<input type="button" class="button-secondary" name="default" value="<?php echo attr(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br />
|
||||
<input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attr(__('Toggle Text Display')); ?>"></input><br />
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -421,7 +421,7 @@ function the_author_posts_link($deprecated = '') {
|
|||
printf(
|
||||
'<a href="%1$s" title="%2$s">%3$s</a>',
|
||||
get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
|
||||
sprintf( __( 'Posts by %s' ), attribute_escape( get_the_author() ) ),
|
||||
sprintf( __( 'Posts by %s' ), attr( get_the_author() ) ),
|
||||
get_the_author()
|
||||
);
|
||||
}
|
||||
|
@ -544,7 +544,7 @@ function wp_list_authors($args = '') {
|
|||
if ( ! $hide_empty )
|
||||
$link = $name;
|
||||
} else {
|
||||
$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>';
|
||||
$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attr($author->display_name)) . '">' . $name . '</a>';
|
||||
|
||||
if ( (! empty($feed_image)) || (! empty($feed)) ) {
|
||||
$link .= ' ';
|
||||
|
|
|
@ -72,8 +72,8 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
|
|||
if ( !empty($bookmark->link_url) )
|
||||
$the_link = clean_url($bookmark->link_url);
|
||||
|
||||
$desc = attribute_escape(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
|
||||
$name = attribute_escape(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
|
||||
$desc = attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
|
||||
$name = attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
|
||||
$title = $desc;
|
||||
|
||||
if ( $show_updated )
|
||||
|
|
|
@ -345,7 +345,7 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) {
|
|||
if ( in_array($field, $format_to_edit) ) {
|
||||
$value = format_to_edit($value);
|
||||
} else {
|
||||
$value = attribute_escape($value);
|
||||
$value = attr($value);
|
||||
}
|
||||
} else if ( 'db' == $context ) {
|
||||
$value = apply_filters("pre_$field", $value);
|
||||
|
@ -355,7 +355,7 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) {
|
|||
}
|
||||
|
||||
if ( 'attribute' == $context )
|
||||
$value = attribute_escape($value);
|
||||
$value = attr($value);
|
||||
else if ( 'js' == $context )
|
||||
$value = js_escape($value);
|
||||
|
||||
|
|
|
@ -661,7 +661,7 @@ function wp_generate_tag_cloud( $tags, $args = '' ) {
|
|||
$tag_link = '#' != $tag->link ? clean_url( $tag->link ) : '#';
|
||||
$tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key;
|
||||
$tag_name = $tags[ $key ]->name;
|
||||
$a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attribute_escape( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
|
||||
$a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
|
||||
( $smallest + ( ( $count - $min_count ) * $font_step ) )
|
||||
. "$unit;'>$tag_name</a>";
|
||||
}
|
||||
|
|
|
@ -48,13 +48,13 @@ class WP_Styles extends WP_Dependencies {
|
|||
}
|
||||
|
||||
if ( isset($this->registered[$handle]->args) )
|
||||
$media = attribute_escape( $this->registered[$handle]->args );
|
||||
$media = attr( $this->registered[$handle]->args );
|
||||
else
|
||||
$media = 'all';
|
||||
|
||||
$href = $this->_css_href( $this->registered[$handle]->src, $ver, $handle );
|
||||
$rel = isset($this->registered[$handle]->extra['alt']) && $this->registered[$handle]->extra['alt'] ? 'alternate stylesheet' : 'stylesheet';
|
||||
$title = isset($this->registered[$handle]->extra['title']) ? "title='" . attribute_escape( $this->registered[$handle]->extra['title'] ) . "'" : '';
|
||||
$title = isset($this->registered[$handle]->extra['title']) ? "title='" . attr( $this->registered[$handle]->extra['title'] ) . "'" : '';
|
||||
|
||||
$end_cond = $tag = '';
|
||||
if ( isset($this->registered[$handle]->extra['conditional']) && $this->registered[$handle]->extra['conditional'] ) {
|
||||
|
|
|
@ -1187,7 +1187,7 @@ class Walker_Page extends Walker {
|
|||
|
||||
$css_class = implode(' ', apply_filters('page_css_class', $css_class, $page));
|
||||
|
||||
$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attribute_escape(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>';
|
||||
$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>';
|
||||
|
||||
if ( !empty($show_date) ) {
|
||||
if ( 'modified' == $show_date )
|
||||
|
@ -1325,13 +1325,13 @@ class Walker_Category extends Walker {
|
|||
function start_el(&$output, $category, $depth, $args) {
|
||||
extract($args);
|
||||
|
||||
$cat_name = attribute_escape( $category->name);
|
||||
$cat_name = attr( $category->name);
|
||||
$cat_name = apply_filters( 'list_cats', $cat_name, $category );
|
||||
$link = '<a href="' . get_category_link( $category->term_id ) . '" ';
|
||||
if ( $use_desc_for_title == 0 || empty($category->description) )
|
||||
$link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"';
|
||||
else
|
||||
$link .= 'title="' . attribute_escape( apply_filters( 'category_description', $category->description, $category )) . '"';
|
||||
$link .= 'title="' . attr( apply_filters( 'category_description', $category->description, $category )) . '"';
|
||||
$link .= '>';
|
||||
$link .= $cat_name . '</a>';
|
||||
|
||||
|
|
|
@ -945,7 +945,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c
|
|||
if ( !empty( $css_class ) ) {
|
||||
echo ' class="'.$css_class.'" ';
|
||||
}
|
||||
$title = attribute_escape( get_the_title() );
|
||||
$title = attr( get_the_title() );
|
||||
|
||||
echo apply_filters( 'comments_popup_link_attributes', '' );
|
||||
|
||||
|
|
|
@ -369,14 +369,14 @@ function sanitize_comment_cookies() {
|
|||
if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
|
||||
$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
|
||||
$comment_author = stripslashes($comment_author);
|
||||
$comment_author = attribute_escape($comment_author);
|
||||
$comment_author = attr($comment_author);
|
||||
$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
|
||||
}
|
||||
|
||||
if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
|
||||
$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
|
||||
$comment_author_email = stripslashes($comment_author_email);
|
||||
$comment_author_email = attribute_escape($comment_author_email);
|
||||
$comment_author_email = attr($comment_author_email);
|
||||
$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
|
||||
}
|
||||
|
||||
|
|
|
@ -60,8 +60,8 @@ class WP_Widget_Pages extends WP_Widget {
|
|||
function form( $instance ) {
|
||||
//Defaults
|
||||
$instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') );
|
||||
$title = attribute_escape( $instance['title'] );
|
||||
$exclude = attribute_escape( $instance['exclude'] );
|
||||
$title = attr( $instance['title'] );
|
||||
$exclude = attr( $instance['exclude'] );
|
||||
?>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></label></p>
|
||||
<p>
|
||||
|
@ -210,7 +210,7 @@ class WP_Widget_Archives extends WP_Widget {
|
|||
|
||||
if ( $d ) {
|
||||
?>
|
||||
<select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attribute_escape(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>
|
||||
<select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>
|
||||
<?php
|
||||
} else {
|
||||
?>
|
||||
|
@ -239,7 +239,7 @@ class WP_Widget_Archives extends WP_Widget {
|
|||
$count = $instance['count'] ? 'checked="checked"' : '';
|
||||
$dropdown = $instance['dropdown'] ? 'checked="checked"' : '';
|
||||
?>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" /></label></p>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>
|
||||
<p>
|
||||
<label for="<?php echo $this->get_field_id('count'); ?>"><input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <?php _e('Show post counts'); ?></label>
|
||||
<br />
|
||||
|
@ -273,9 +273,9 @@ class WP_Widget_Meta extends WP_Widget {
|
|||
<ul>
|
||||
<?php wp_register(); ?>
|
||||
<li><?php wp_loginout(); ?></li>
|
||||
<li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attribute_escape(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
|
||||
<li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attribute_escape(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
|
||||
<li><a href="http://wordpress.org/" title="<?php echo attribute_escape(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>
|
||||
<li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
|
||||
<li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
|
||||
<li><a href="http://wordpress.org/" title="<?php echo attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>
|
||||
<?php wp_meta(); ?>
|
||||
</ul>
|
||||
<?php
|
||||
|
@ -293,7 +293,7 @@ class WP_Widget_Meta extends WP_Widget {
|
|||
$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
|
||||
$title = strip_tags($instance['title']);
|
||||
?>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" /></label></p>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
|
@ -333,7 +333,7 @@ class WP_Widget_Calendar extends WP_Widget {
|
|||
?>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>">
|
||||
<?php _e('Title:'); ?>
|
||||
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" />
|
||||
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />
|
||||
</label></p>
|
||||
<?php
|
||||
}
|
||||
|
@ -381,7 +381,7 @@ class WP_Widget_Text extends WP_Widget {
|
|||
?>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>">
|
||||
<?php _e('Title:'); ?>
|
||||
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" />
|
||||
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />
|
||||
</label></p>
|
||||
|
||||
<textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id('text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo $text; ?></textarea>
|
||||
|
@ -463,7 +463,7 @@ class WP_Widget_Categories extends WP_Widget {
|
|||
function form( $instance ) {
|
||||
//Defaults
|
||||
$instance = wp_parse_args( (array) $instance, array( 'title' => '') );
|
||||
$title = attribute_escape( $instance['title'] );
|
||||
$title = attr( $instance['title'] );
|
||||
$count = (bool) $instance['count'];
|
||||
$hierarchical = (bool) $instance['hierarchical'];
|
||||
$dropdown = (bool) $instance['dropdown'];
|
||||
|
@ -566,7 +566,7 @@ class WP_Widget_Recent_Posts extends WP_Widget {
|
|||
}
|
||||
|
||||
function form( $instance ) {
|
||||
$title = attribute_escape($instance['title']);
|
||||
$title = attr($instance['title']);
|
||||
if ( !$number = (int) $instance['number'] )
|
||||
$number = 5;
|
||||
?>
|
||||
|
@ -653,7 +653,7 @@ class WP_Widget_Recent_Comments extends WP_Widget {
|
|||
}
|
||||
|
||||
function form( $instance ) {
|
||||
$title = attribute_escape($instance['title']);
|
||||
$title = attr($instance['title']);
|
||||
if ( !$number = (int) $instance['number'] )
|
||||
$number = 5;
|
||||
?>
|
||||
|
@ -702,7 +702,7 @@ class WP_Widget_RSS extends WP_Widget {
|
|||
$link = '';
|
||||
|
||||
if ( ! is_wp_error($rss) ) {
|
||||
$desc = attribute_escape(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
|
||||
$desc = attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
|
||||
if ( empty($title) )
|
||||
$title = htmlentities(strip_tags($rss->get_title()));
|
||||
$link = clean_url(strip_tags($rss->get_permalink()));
|
||||
|
@ -716,7 +716,7 @@ class WP_Widget_RSS extends WP_Widget {
|
|||
$title = apply_filters('widget_title', $title );
|
||||
$url = clean_url(strip_tags($url));
|
||||
$icon = includes_url('images/rss.png');
|
||||
$title = "<a class='rsswidget' href='$url' title='" . attribute_escape(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
|
||||
$title = "<a class='rsswidget' href='$url' title='" . attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
|
||||
|
||||
echo $before_widget;
|
||||
echo $before_title . $title . $after_title;
|
||||
|
@ -787,11 +787,11 @@ function wp_widget_rss_output( $rss, $args = array() ) {
|
|||
while ( stristr($link, 'http') != $link )
|
||||
$link = substr($link, 1);
|
||||
$link = clean_url(strip_tags($link));
|
||||
$title = attribute_escape(strip_tags($item->get_title()));
|
||||
$title = attr(strip_tags($item->get_title()));
|
||||
if ( empty($title) )
|
||||
$title = __('Untitled');
|
||||
|
||||
$desc = str_replace(array("\n", "\r"), ' ', attribute_escape(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
|
||||
$desc = str_replace(array("\n", "\r"), ' ', attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
|
||||
$desc = wp_html_excerpt( $desc, 360 ) . ' […]';
|
||||
$desc = wp_specialchars( $desc );
|
||||
|
||||
|
@ -850,9 +850,9 @@ function wp_widget_rss_form( $args, $inputs = null ) {
|
|||
extract( $args );
|
||||
extract( $inputs, EXTR_SKIP);
|
||||
|
||||
$number = attribute_escape( $number );
|
||||
$title = attribute_escape( $title );
|
||||
$url = attribute_escape( $url );
|
||||
$number = attr( $number );
|
||||
$title = attr( $title );
|
||||
$url = attr( $url );
|
||||
$items = (int) $items;
|
||||
if ( $items < 1 || 20 < $items )
|
||||
$items = 10;
|
||||
|
@ -984,7 +984,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
|
|||
?>
|
||||
<p><label for="<?php echo $this->get_field_id('title'); ?>">
|
||||
<?php _e('Title:') ?>
|
||||
<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attribute_escape( $instance['title'] ); ?>" />
|
||||
<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attr( $instance['title'] ); ?>" />
|
||||
</label></p>
|
||||
<?php
|
||||
}
|
||||
|
|
|
@ -1006,8 +1006,8 @@ function get_links($category = -1, $before = '', $after = '<br />', $between = '
|
|||
if ( '' != $rel )
|
||||
$rel = ' rel="' . $rel . '"';
|
||||
|
||||
$desc = attribute_escape(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display'));
|
||||
$name = attribute_escape(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display'));
|
||||
$desc = attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display'));
|
||||
$name = attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display'));
|
||||
$title = $desc;
|
||||
|
||||
if ( $show_updated )
|
||||
|
|
|
@ -18,7 +18,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
|
|||
if ( is_singular() )
|
||||
printf(ent2ncr(__('Comments on: %s')), get_the_title_rss());
|
||||
elseif ( is_search() )
|
||||
printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attribute_escape(get_search_query()));
|
||||
printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attr(get_search_query()));
|
||||
else
|
||||
printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
|
||||
?></title>
|
||||
|
@ -32,7 +32,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
|
|||
<link rel="self" type="application/atom+xml" href="<?php echo get_post_comments_feed_link('', 'atom'); ?>" />
|
||||
<id><?php echo get_post_comments_feed_link('', 'atom'); ?></id>
|
||||
<?php } elseif(is_search()) { ?>
|
||||
<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attribute_escape(get_search_query()); ?>" />
|
||||
<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attr(get_search_query()); ?>" />
|
||||
<link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link('', 'atom'); ?>" />
|
||||
<id><?php echo get_search_comments_feed_link('', 'atom'); ?></id>
|
||||
<?php } else { ?>
|
||||
|
|
|
@ -20,7 +20,7 @@ echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>';
|
|||
if ( is_singular() )
|
||||
printf(ent2ncr(__('Comments on: %s')), get_the_title_rss());
|
||||
elseif ( is_search() )
|
||||
printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attribute_escape($wp_query->query_vars['s']));
|
||||
printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attr($wp_query->query_vars['s']));
|
||||
else
|
||||
printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
|
||||
?></title>
|
||||
|
|
|
@ -338,7 +338,7 @@ function get_the_category_rss($type = 'rss') {
|
|||
if ( 'rdf' == $type )
|
||||
$the_list .= "\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n";
|
||||
elseif ( 'atom' == $type )
|
||||
$the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attribute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $cat_name ) );
|
||||
$the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attr( $cat_name ) );
|
||||
else
|
||||
$the_list .= "\t\t<category><![CDATA[" . @html_entity_decode( $cat_name, ENT_COMPAT, get_option('blog_charset') ) . "]]></category>\n";
|
||||
}
|
||||
|
|
|
@ -1270,7 +1270,7 @@ function translate_smiley($smiley) {
|
|||
|
||||
$smiley = trim(reset($smiley));
|
||||
$img = $wpsmiliestrans[$smiley];
|
||||
$smiley_masked = attribute_escape($smiley);
|
||||
$smiley_masked = attr($smiley);
|
||||
|
||||
return " <img src='$siteurl/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> ";
|
||||
}
|
||||
|
|
|
@ -385,7 +385,7 @@ function wp_protect_special_option( $option ) {
|
|||
/**
|
||||
* Print option value after sanitizing for forms.
|
||||
*
|
||||
* @uses attribute_escape Sanitizes value.
|
||||
* @uses attr Sanitizes value.
|
||||
* @since 1.5.0
|
||||
* @package WordPress
|
||||
* @subpackage Option
|
||||
|
@ -393,7 +393,7 @@ function wp_protect_special_option( $option ) {
|
|||
* @param string $option Option name.
|
||||
*/
|
||||
function form_option( $option ) {
|
||||
echo attribute_escape (get_option( $option ) );
|
||||
echo attr (get_option( $option ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1741,7 +1741,7 @@ function wp_nonce_url( $actionurl, $action = -1 ) {
|
|||
* @return string Nonce field.
|
||||
*/
|
||||
function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) {
|
||||
$name = attribute_escape( $name );
|
||||
$name = attr( $name );
|
||||
$nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';
|
||||
if ( $echo )
|
||||
echo $nonce_field;
|
||||
|
@ -1766,7 +1766,7 @@ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $ec
|
|||
* @return string Referer field.
|
||||
*/
|
||||
function wp_referer_field( $echo = true) {
|
||||
$ref = attribute_escape( $_SERVER['REQUEST_URI'] );
|
||||
$ref = attr( $_SERVER['REQUEST_URI'] );
|
||||
$referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
|
||||
|
||||
if ( $echo )
|
||||
|
@ -1792,7 +1792,7 @@ function wp_referer_field( $echo = true) {
|
|||
function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
|
||||
$jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
|
||||
$ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
|
||||
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape( stripslashes( $ref ) ) . '" />';
|
||||
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attr( stripslashes( $ref ) ) . '" />';
|
||||
if ( $echo )
|
||||
echo $orig_referer_field;
|
||||
return $orig_referer_field;
|
||||
|
|
|
@ -120,8 +120,8 @@ function get_search_form() {
|
|||
|
||||
$form = '<form role="search" method="get" id="searchform" action="' . get_option('home') . '/" >
|
||||
<div><label class="hidden" for="s">' . __('Search for:') . '</label>
|
||||
<input type="text" value="' . attribute_escape(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
|
||||
<input type="submit" id="searchsubmit" value="'.attribute_escape(__('Search')).'" />
|
||||
<input type="text" value="' . attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
|
||||
<input type="submit" id="searchsubmit" value="'.attr(__('Search')).'" />
|
||||
</div>
|
||||
</form>';
|
||||
|
||||
|
@ -688,7 +688,7 @@ function single_month_title($prefix = '', $display = true ) {
|
|||
*/
|
||||
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
|
||||
$text = wptexturize($text);
|
||||
$title_text = attribute_escape($text);
|
||||
$title_text = attr($text);
|
||||
$url = clean_url($url);
|
||||
|
||||
if ('link' == $format)
|
||||
|
@ -1434,8 +1434,8 @@ function feed_links( $args ) {
|
|||
|
||||
$args = wp_parse_args( $args, $defaults );
|
||||
|
||||
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
|
||||
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
|
||||
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
|
||||
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1467,27 +1467,27 @@ function feed_links_extra( $args ) {
|
|||
$post = &get_post( $id = 0 );
|
||||
|
||||
if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
|
||||
$title = attribute_escape(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
|
||||
$title = attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
|
||||
$href = get_post_comments_feed_link( $post->ID );
|
||||
}
|
||||
} elseif ( is_category() ) {
|
||||
$cat_id = intval( get_query_var('cat') );
|
||||
|
||||
$title = attribute_escape(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) ));
|
||||
$title = attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) ));
|
||||
$href = get_category_feed_link( $cat_id );
|
||||
} elseif ( is_tag() ) {
|
||||
$tag_id = intval( get_query_var('tag_id') );
|
||||
$tag = get_tag( $tag_id );
|
||||
|
||||
$title = attribute_escape(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name ));
|
||||
$title = attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name ));
|
||||
$href = get_tag_feed_link( $tag_id );
|
||||
} elseif ( is_author() ) {
|
||||
$author_id = intval( get_query_var('author') );
|
||||
|
||||
$title = attribute_escape(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) ));
|
||||
$title = attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) ));
|
||||
$href = get_author_feed_link( $author_id );
|
||||
} elseif ( is_search() ) {
|
||||
$title = attribute_escape(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
|
||||
$title = attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
|
||||
$href = get_search_feed_link();
|
||||
}
|
||||
|
||||
|
@ -1678,14 +1678,14 @@ function get_search_query() {
|
|||
/**
|
||||
* Display the contents of the search query variable.
|
||||
*
|
||||
* The search query string is passed through {@link attribute_escape()}
|
||||
* The search query string is passed through {@link attr()}
|
||||
* to ensure that it is safe for placing in an html attribute.
|
||||
*
|
||||
* @uses attribute_escape
|
||||
* @uses attr
|
||||
* @since 2.1.0
|
||||
*/
|
||||
function the_search_query() {
|
||||
echo attribute_escape( apply_filters( 'the_search_query', get_search_query() ) );
|
||||
echo attr( apply_filters( 'the_search_query', get_search_query() ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -619,9 +619,9 @@ function edit_tag_link( $link = '', $before = '', $after = '', $tag = null ) {
|
|||
*/
|
||||
function get_search_feed_link($search_query = '', $feed = '') {
|
||||
if ( empty($search_query) )
|
||||
$search = attribute_escape(get_search_query());
|
||||
$search = attr(get_search_query());
|
||||
else
|
||||
$search = attribute_escape(stripslashes($search_query));
|
||||
$search = attr(stripslashes($search_query));
|
||||
|
||||
if ( empty($feed) )
|
||||
$feed = get_default_feed();
|
||||
|
@ -644,9 +644,9 @@ function get_search_feed_link($search_query = '', $feed = '') {
|
|||
*/
|
||||
function get_search_comments_feed_link($search_query = '', $feed = '') {
|
||||
if ( empty($search_query) )
|
||||
$search = attribute_escape(get_search_query());
|
||||
$search = attr(get_search_query());
|
||||
else
|
||||
$search = attribute_escape(stripslashes($search_query));
|
||||
$search = attr(stripslashes($search_query));
|
||||
|
||||
if ( empty($feed) )
|
||||
$feed = get_default_feed();
|
||||
|
@ -730,7 +730,7 @@ function edit_post_link( $link = 'Edit This', $before = '', $after = '' ) {
|
|||
return;
|
||||
}
|
||||
|
||||
$link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>';
|
||||
$link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attr( __( 'Edit post' ) ) . '">' . $link . '</a>';
|
||||
echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after;
|
||||
}
|
||||
|
||||
|
@ -940,7 +940,7 @@ function get_adjacent_post_rel_link($title = '%title', $in_same_cat = false, $ex
|
|||
$title = apply_filters('the_title', $title, $post);
|
||||
|
||||
$link = $previous ? "<link rel='prev' title='" : "<link rel='next' title='";
|
||||
$link .= attribute_escape( $title );
|
||||
$link .= attr( $title );
|
||||
$link .= "' href='" . get_permalink($post) . "' />\n";
|
||||
|
||||
$adjacent = $previous ? 'previous' : 'next';
|
||||
|
@ -1064,7 +1064,7 @@ function get_boundary_post_rel_link($title = '%title', $in_same_cat = false, $ex
|
|||
$title = apply_filters('the_title', $title, $post);
|
||||
|
||||
$link = $start ? "<link rel='start' title='" : "<link rel='end' title='";
|
||||
$link .= attribute_escape($title);
|
||||
$link .= attr($title);
|
||||
$link .= "' href='" . get_permalink($post) . "' />\n";
|
||||
|
||||
$boundary = $start ? 'start' : 'end';
|
||||
|
@ -1092,7 +1092,7 @@ function start_post_rel_link($title = '%title', $in_same_cat = false, $excluded_
|
|||
* @return string
|
||||
*/
|
||||
function get_index_rel_link() {
|
||||
$link = "<link rel='index' title='" . attribute_escape(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n";
|
||||
$link = "<link rel='index' title='" . attr(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n";
|
||||
return apply_filters( "index_rel_link", $link );
|
||||
}
|
||||
|
||||
|
@ -1127,7 +1127,7 @@ function get_parent_post_rel_link($title = '%title') {
|
|||
$title = apply_filters('the_title', $title, $post);
|
||||
|
||||
$link = "<link rel='up' title='";
|
||||
$link .= attribute_escape( $title );
|
||||
$link .= attr( $title );
|
||||
$link .= "' href='" . get_permalink($post) . "' />\n";
|
||||
|
||||
return apply_filters( "parent_post_rel_link", $link );
|
||||
|
|
|
@ -200,10 +200,10 @@ function get_image_tag($id, $alt, $title, $align, $size='medium') {
|
|||
list( $img_src, $width, $height ) = image_downsize($id, $size);
|
||||
$hwstring = image_hwstring($width, $height);
|
||||
|
||||
$class = 'align'.attribute_escape($align).' size-'.attribute_escape($size).' wp-image-'.$id;
|
||||
$class = 'align'.attr($align).' size-'.attr($size).' wp-image-'.$id;
|
||||
$class = apply_filters('get_image_tag_class', $class, $id, $align, $size);
|
||||
|
||||
$html = '<img src="'.attribute_escape($img_src).'" alt="'.attribute_escape($alt).'" title="'.attribute_escape($title).'" '.$hwstring.'class="'.$class.'" />';
|
||||
$html = '<img src="'.attr($img_src).'" alt="'.attr($alt).'" title="'.attr($title).'" '.$hwstring.'class="'.$class.'" />';
|
||||
|
||||
$html = apply_filters( 'get_image_tag', $html, $id, $alt, $title, $align, $size );
|
||||
|
||||
|
@ -542,7 +542,7 @@ function wp_get_attachment_image($attachment_id, $size = 'thumbnail', $icon = fa
|
|||
'title' => trim(strip_tags( $attachment->post_title )),
|
||||
);
|
||||
$attr = apply_filters( 'wp_get_attachment_image_attributes', $attr, $attachment );
|
||||
$attr = array_map( 'attribute_escape', $attr );
|
||||
$attr = array_map( 'attr', $attr );
|
||||
$html = rtrim("<img $hwstring");
|
||||
foreach ( $attr as $name => $value ) {
|
||||
$html .= " $name=" . '"' . $value . '"';
|
||||
|
|
|
@ -1499,7 +1499,7 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
|
|||
if ( false === $alt)
|
||||
$safe_alt = '';
|
||||
else
|
||||
$safe_alt = attribute_escape( $alt );
|
||||
$safe_alt = attr( $alt );
|
||||
|
||||
if ( !is_numeric($size) )
|
||||
$size = '96';
|
||||
|
|
|
@ -63,7 +63,7 @@ function the_title($before = '', $after = '', $echo = true) {
|
|||
* an array. See the function for what can be override in the $args parameter.
|
||||
*
|
||||
* The title before it is displayed will have the tags stripped and {@link
|
||||
* attribute_escape()} before it is passed to the user or displayed. The default
|
||||
* attr()} before it is passed to the user or displayed. The default
|
||||
* as with {@link the_title()}, is to display the title.
|
||||
*
|
||||
* @since 2.3.0
|
||||
|
@ -83,7 +83,7 @@ function the_title_attribute( $args = '' ) {
|
|||
|
||||
|
||||
$title = $before . $title . $after;
|
||||
$title = attribute_escape(strip_tags($title));
|
||||
$title = attr(strip_tags($title));
|
||||
|
||||
if ( $echo )
|
||||
echo $title;
|
||||
|
@ -924,10 +924,10 @@ function wp_get_attachment_link($id = 0, $size = 'thumbnail', $permalink = false
|
|||
if ( $permalink )
|
||||
$url = get_attachment_link($_post->ID);
|
||||
|
||||
$post_title = attribute_escape($_post->post_title);
|
||||
$post_title = attr($_post->post_title);
|
||||
|
||||
if ( $text ) {
|
||||
$link_text = attribute_escape($text);
|
||||
$link_text = attr($text);
|
||||
} elseif ( ( is_int($size) && $size != 0 ) or ( is_string($size) && $size != 'none' ) or $size != false ) {
|
||||
$link_text = wp_get_attachment_image($id, $size, $icon);
|
||||
}
|
||||
|
@ -961,7 +961,7 @@ function get_the_attachment_link($id = 0, $fullsize = false, $max_dims = false,
|
|||
if ( $permalink )
|
||||
$url = get_attachment_link($_post->ID);
|
||||
|
||||
$post_title = attribute_escape($_post->post_title);
|
||||
$post_title = attr($_post->post_title);
|
||||
|
||||
$innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims);
|
||||
return "<a href='$url' title='$post_title'>$innerHTML</a>";
|
||||
|
@ -1057,7 +1057,7 @@ function get_attachment_icon( $id = 0, $fullsize = false, $max_dims = false ) {
|
|||
$constraint = '';
|
||||
}
|
||||
|
||||
$post_title = attribute_escape($post->post_title);
|
||||
$post_title = attr($post->post_title);
|
||||
|
||||
$icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>";
|
||||
|
||||
|
@ -1085,7 +1085,7 @@ function get_attachment_innerHTML($id = 0, $fullsize = false, $max_dims = false)
|
|||
return $innerHTML;
|
||||
|
||||
|
||||
$innerHTML = attribute_escape($post->post_title);
|
||||
$innerHTML = attr($post->post_title);
|
||||
|
||||
return apply_filters('attachment_innerHTML', $innerHTML, $post->ID);
|
||||
}
|
||||
|
|
|
@ -869,7 +869,7 @@ function sanitize_post_field($field, $value, $post_id, $context) {
|
|||
else
|
||||
$value = format_to_edit($value);
|
||||
} else {
|
||||
$value = attribute_escape($value);
|
||||
$value = attr($value);
|
||||
}
|
||||
} else if ( 'db' == $context ) {
|
||||
if ( $prefixed ) {
|
||||
|
@ -888,7 +888,7 @@ function sanitize_post_field($field, $value, $post_id, $context) {
|
|||
}
|
||||
|
||||
if ( 'attribute' == $context )
|
||||
$value = attribute_escape($value);
|
||||
$value = attr($value);
|
||||
else if ( 'js' == $context )
|
||||
$value = js_escape($value);
|
||||
|
||||
|
|
|
@ -873,7 +873,7 @@ function wp_rss( $url, $num_items = -1 ) {
|
|||
printf(
|
||||
'<li><a href="%1$s" title="%2$s">%3$s</a></li>',
|
||||
clean_url( $item['link'] ),
|
||||
attribute_escape( strip_tags( $item['description'] ) ),
|
||||
attr( strip_tags( $item['description'] ) ),
|
||||
htmlentities( $item['title'] )
|
||||
);
|
||||
}
|
||||
|
|
|
@ -74,10 +74,10 @@ function wp_default_scripts( &$scripts ) {
|
|||
$scripts->localize( 'quicktags', 'quicktagsL10n', array(
|
||||
'quickLinks' => __('(Quick Links)'),
|
||||
'wordLookup' => __('Enter a word to look up:'),
|
||||
'dictionaryLookup' => attribute_escape(__('Dictionary lookup')),
|
||||
'lookup' => attribute_escape(__('lookup')),
|
||||
'closeAllOpenTags' => attribute_escape(__('Close all open tags')),
|
||||
'closeTags' => attribute_escape(__('close tags')),
|
||||
'dictionaryLookup' => attr(__('Dictionary lookup')),
|
||||
'lookup' => attr(__('lookup')),
|
||||
'closeAllOpenTags' => attr(__('Close all open tags')),
|
||||
'closeTags' => attr(__('close tags')),
|
||||
'enterURL' => __('Enter the URL'),
|
||||
'enterImageURL' => __('Enter the URL of the image'),
|
||||
'enterImageDescription' => __('Enter a description of the image'),
|
||||
|
@ -212,7 +212,7 @@ function wp_default_scripts( &$scripts ) {
|
|||
$scripts->add( 'ajaxcat', "/wp-admin/js/cat$suffix.js", array( 'wp-lists' ), '20090102' );
|
||||
$scripts->add_data( 'ajaxcat', 'group', 1 );
|
||||
$scripts->localize( 'ajaxcat', 'catL10n', array(
|
||||
'add' => attribute_escape(__('Add')),
|
||||
'add' => attr(__('Add')),
|
||||
'how' => __('Separate multiple categories with commas.'),
|
||||
'l10n_print_after' => 'try{convertEntities(catL10n);}catch(e){};'
|
||||
) );
|
||||
|
@ -266,8 +266,8 @@ function wp_default_scripts( &$scripts ) {
|
|||
$scripts->add_data( 'post', 'group', 1 );
|
||||
$scripts->localize( 'post', 'postL10n', array(
|
||||
'tagsUsed' => __('Tags used on this post:'),
|
||||
'add' => attribute_escape(__('Add')),
|
||||
'addTag' => attribute_escape(__('Add new tag')),
|
||||
'add' => attr(__('Add')),
|
||||
'addTag' => attr(__('Add new tag')),
|
||||
'separate' => __('Separate tags with commas'),
|
||||
'cancel' => __('Cancel'),
|
||||
'edit' => __('Edit'),
|
||||
|
@ -604,7 +604,7 @@ function _print_scripts() {
|
|||
|
||||
$ver = md5("$wp_scripts->concat_version");
|
||||
$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&load=" . trim($wp_scripts->concat, ', ') . "&ver=$ver";
|
||||
echo "<script type='text/javascript' src='" . attribute_escape($src) . "'></script>\n";
|
||||
echo "<script type='text/javascript' src='" . attr($src) . "'></script>\n";
|
||||
}
|
||||
|
||||
if ( !empty($wp_scripts->print_html) )
|
||||
|
@ -671,7 +671,7 @@ function print_admin_styles() {
|
|||
$dir = $wp_styles->text_direction;
|
||||
$ver = md5("$wp_styles->concat_version{$dir}");
|
||||
$href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}&load=" . trim($wp_styles->concat, ', ') . "&ver=$ver";
|
||||
echo "<link rel='stylesheet' href='" . attribute_escape($href) . "' type='text/css' media='all' />\n";
|
||||
echo "<link rel='stylesheet' href='" . attr($href) . "' type='text/css' media='all' />\n";
|
||||
}
|
||||
|
||||
if ( !empty($wp_styles->print_html) )
|
||||
|
|
|
@ -991,7 +991,7 @@ function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) {
|
|||
if ( 'description' == $field )
|
||||
$value = format_to_edit($value);
|
||||
else
|
||||
$value = attribute_escape($value);
|
||||
$value = attr($value);
|
||||
} else if ( 'db' == $context ) {
|
||||
$value = apply_filters("pre_term_$field", $value, $taxonomy);
|
||||
$value = apply_filters("pre_${taxonomy}_$field", $value);
|
||||
|
@ -1009,7 +1009,7 @@ function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) {
|
|||
}
|
||||
|
||||
if ( 'attribute' == $context )
|
||||
$value = attribute_escape($value);
|
||||
$value = attr($value);
|
||||
else if ( 'js' == $context )
|
||||
$value = js_escape($value);
|
||||
|
||||
|
@ -2260,7 +2260,7 @@ function get_the_taxonomies($post = 0) {
|
|||
$links = array();
|
||||
|
||||
foreach ( $terms as $term )
|
||||
$links[] = "<a href='" . attribute_escape(get_term_link($term, $taxonomy)) . "'>$term->name</a>";
|
||||
$links[] = "<a href='" . attr(get_term_link($term, $taxonomy)) . "'>$term->name</a>";
|
||||
|
||||
if ( $links )
|
||||
$taxonomies[$taxonomy] = wp_sprintf($t['template'], $t['label'], $links, $terms);
|
||||
|
|
|
@ -932,7 +932,7 @@ function preview_theme_ob_filter_callback( $matches ) {
|
|||
$link = add_query_arg( array('preview' => 1, 'template' => $_GET['template'], 'stylesheet' => @$_GET['stylesheet'] ), $matches[3] );
|
||||
if ( 0 === strpos($link, 'preview=1') )
|
||||
$link = "?$link";
|
||||
return $matches[1] . attribute_escape( $link ) . $matches[4];
|
||||
return $matches[1] . attr( $link ) . $matches[4];
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -62,15 +62,15 @@ function wp_version_check() {
|
|||
foreach( explode( "\n\n", $body ) as $entry) {
|
||||
$returns = explode("\n", $entry);
|
||||
$new_option = new stdClass();
|
||||
$new_option->response = attribute_escape( $returns[0] );
|
||||
$new_option->response = attr( $returns[0] );
|
||||
if ( isset( $returns[1] ) )
|
||||
$new_option->url = clean_url( $returns[1] );
|
||||
if ( isset( $returns[2] ) )
|
||||
$new_option->package = clean_url( $returns[2] );
|
||||
if ( isset( $returns[3] ) )
|
||||
$new_option->current = attribute_escape( $returns[3] );
|
||||
$new_option->current = attr( $returns[3] );
|
||||
if ( isset( $returns[4] ) )
|
||||
$new_option->locale = attribute_escape( $returns[4] );
|
||||
$new_option->locale = attr( $returns[4] );
|
||||
$new_options[] = $new_option;
|
||||
}
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ if ((empty ($link_cat)) || ($link_cat == 'all') || ($link_cat == '0')) {
|
|||
<?php the_generator( 'comment' ); ?>
|
||||
<opml version="1.0">
|
||||
<head>
|
||||
<title>Links for <?php echo attribute_escape(get_bloginfo('name', 'display').$cat_name); ?></title>
|
||||
<title>Links for <?php echo attr(get_bloginfo('name', 'display').$cat_name); ?></title>
|
||||
<dateCreated><?php echo gmdate("D, d M Y H:i:s"); ?> GMT</dateCreated>
|
||||
</head>
|
||||
<body>
|
||||
|
@ -44,14 +44,14 @@ foreach ((array) $cats as $cat) {
|
|||
$catname = apply_filters('link_category', $cat->name);
|
||||
|
||||
?>
|
||||
<outline type="category" title="<?php echo attribute_escape($catname); ?>">
|
||||
<outline type="category" title="<?php echo attr($catname); ?>">
|
||||
<?php
|
||||
|
||||
$bookmarks = get_bookmarks("category={$cat->term_id}");
|
||||
foreach ((array) $bookmarks as $bookmark) {
|
||||
$title = attribute_escape(apply_filters('link_title', $bookmark->link_name));
|
||||
$title = attr(apply_filters('link_title', $bookmark->link_name));
|
||||
?>
|
||||
<outline text="<?php echo $title; ?>" type="link" xmlUrl="<?php echo attribute_escape($bookmark->link_rss); ?>" htmlUrl="<?php echo attribute_escape($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />
|
||||
<outline text="<?php echo $title; ?>" type="link" xmlUrl="<?php echo attr($bookmark->link_rss); ?>" htmlUrl="<?php echo attr($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />
|
||||
<?php
|
||||
|
||||
}
|
||||
|
|
10
wp-login.php
10
wp-login.php
|
@ -307,7 +307,7 @@ case 'retrievepassword' :
|
|||
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
|
||||
<p>
|
||||
<label><?php _e('Username or E-mail:') ?><br />
|
||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape($user_login); ?>" size="20" tabindex="10" /></label>
|
||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr($user_login); ?>" size="20" tabindex="10" /></label>
|
||||
</p>
|
||||
<?php do_action('lostpassword_form'); ?>
|
||||
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="<?php _ea('Get New Password'); ?>" tabindex="100" /></p>
|
||||
|
@ -374,11 +374,11 @@ case 'register' :
|
|||
<form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post">
|
||||
<p>
|
||||
<label><?php _e('Username') ?><br />
|
||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
|
||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
|
||||
</p>
|
||||
<p>
|
||||
<label><?php _e('E-mail') ?><br />
|
||||
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
|
||||
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
|
||||
</p>
|
||||
<?php do_action('register_form'); ?>
|
||||
<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
|
||||
|
@ -460,7 +460,7 @@ default:
|
|||
login_header(__('Log In'), '', $errors);
|
||||
|
||||
if ( isset($_POST['log']) )
|
||||
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attribute_escape(stripslashes($_POST['log'])) : '';
|
||||
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attr(stripslashes($_POST['log'])) : '';
|
||||
?>
|
||||
|
||||
<?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
|
||||
|
@ -477,7 +477,7 @@ default:
|
|||
<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> <?php _ea('Remember Me'); ?></label></p>
|
||||
<p class="submit">
|
||||
<input type="submit" name="wp-submit" id="wp-submit" value="<?php _ea('Log In'); ?>" tabindex="100" />
|
||||
<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
|
||||
<input type="hidden" name="redirect_to" value="<?php echo attr($redirect_to); ?>" />
|
||||
<input type="hidden" name="testcookie" value="1" />
|
||||
</p>
|
||||
</form>
|
||||
|
|
Loading…
Reference in New Issue