diff --git a/wp-admin/edit-attachment-rows.php b/wp-admin/edit-attachment-rows.php
index 4a83dd65cc..8d0cd4d591 100644
--- a/wp-admin/edit-attachment-rows.php
+++ b/wp-admin/edit-attachment-rows.php
@@ -62,7 +62,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) {
?>
-
">
+ ">
@@ -74,7 +74,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
case 'media':
?>
-
>">
+ | >">
ID))); ?>
$column_display_name ) {
$actions['edit'] = '' . __('Edit') . '';
if ( current_user_can('delete_post', $post->ID) )
$actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "";
- $actions['view'] = '' . __('View') . '';
+ $actions['view'] = '' . __('View') . '';
$action_count = count($actions);
$i = 0;
echo ' ';
@@ -182,7 +182,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
case 'actions':
?>
>
- "> |
+ "> |
|
|
-
+ |
|
|
-
+ |
|
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 990963dc77..64cb81b529 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -83,7 +83,7 @@ else
require_once('admin-header.php');
-$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attribute_escape($_GET['mode']);
+$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']);
$default_status = get_user_option('edit_comments_last_view');
if ( empty($default_status) )
@@ -94,10 +94,10 @@ if ( !in_array($comment_status, array('all', 'moderated', 'approved', 'spam')) )
if ( $comment_status != $default_status )
update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status);
-$comment_type = !empty($_GET['comment_type']) ? attribute_escape($_GET['comment_type']) : '';
+$comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : '';
$search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : '';
-$search = attribute_escape( $search_dirty ); ?>
+$search = attr( $search_dirty ); ?>
@@ -164,7 +164,7 @@ foreach ( $stati as $status => $label ) {
/*
// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
if ( !empty( $_GET['s'] ) )
- $link = add_query_arg( 's', attribute_escape( stripslashes( $_GET['s'] ) ), $link );
+ $link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link );
*/
$status_links[] = " " . sprintf(
_n( $label[0], $label[1], $num_comments->$status ),
@@ -364,8 +364,8 @@ if ( $page_links )
-
-
+
+
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index 211aa00055..6d73925975 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -16,7 +16,7 @@ $post_ID = isset($post_ID) ? (int) $post_ID : 0;
$action = isset($action) ? $action : '';
if ( isset($_GET['message']) )
$_GET['message'] = absint( $_GET['message'] );
-$messages[1] = sprintf( __( 'Post updated. Continue editing below or go back.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
+$messages[1] = sprintf( __( 'Post updated. Continue editing below or go back.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
$messages[2] = __('Custom field updated.');
$messages[3] = __('Custom field deleted.');
$messages[4] = __('Post updated.');
@@ -169,15 +169,15 @@ if ( 'private' == $post->post_status ) {
?>
";
diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php
index 1e583c2307..595edb66d7 100644
--- a/wp-admin/plugin-editor.php
+++ b/wp-admin/plugin-editor.php
@@ -116,7 +116,7 @@ default:
$docs_select = ' ';
}
@@ -132,7 +132,7 @@ default:
@@ -150,8 +150,8 @@ default:
$selected = " selected='selected'";
else
$selected = '';
- $plugin_name = attribute_escape($plugin_name);
- $plugin_key = attribute_escape($plugin_key);
+ $plugin_name = attr($plugin_name);
+ $plugin_key = attr($plugin_key);
echo "\n\t ";
}
?>
@@ -208,7 +208,7 @@ foreach ( $plugin_files as $plugin_file ) :
-
+
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 60a28cfeb5..bea219f806 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -139,7 +139,7 @@ if ( !empty($action) ) {
';
+ echo '';
?>
@@ -194,7 +194,7 @@ if ( !empty($invalid) )
fatal error.') ?>
-
+
@@ -369,7 +369,7 @@ function print_plugins_table($plugins, $context = '') {
$class = $is_active ? 'active' : 'inactive';
echo "
- |
+ |
{$plugin_data['Title']}";
$i = 0;
echo '';
@@ -432,8 +432,8 @@ function print_plugin_actions($context) {
diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php
index ab8cd0242b..952dd04eda 100644
--- a/wp-admin/update-core.php
+++ b/wp-admin/update-core.php
@@ -46,9 +46,9 @@ function list_core_update( $update ) {
echo '' . $download . ' ';
if ( 'en_US' != $update->locale )
if ( !isset( $update->dismissed ) || !$update->dismissed )
- echo '';
+ echo '';
else
- echo '';
+ echo '';
echo '';
echo '';
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 2431117e01..a5593d0c97 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -329,10 +329,10 @@ foreach ($arc_result as $arc_row) {
| ID, array(80, 60), true ) ) { ?>
- ">
+ ">
|
- ">
+ | ">
ID))); ?>
@@ -342,7 +342,7 @@ foreach ($arc_result as $arc_row) {
$actions['edit'] = ' ' . __('Edit') . '';
if ( current_user_can('delete_post', $post->ID) )
$actions['delete'] = " ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "";
- $actions['view'] = ' ' . __('View') . '';
+ $actions['view'] = ' ' . __('View') . '';
if ( current_user_can('edit_post', $post->ID) )
$actions['attach'] = ' '.__('Attach').'';
$actions = apply_filters( 'media_row_actions', $actions, $post );
diff --git a/wp-admin/users.php b/wp-admin/users.php
index f10b853c50..cf696645ff 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -28,10 +28,10 @@ if ( empty($doaction) ) {
}
if ( empty($_REQUEST) ) {
- $referer = ' ';
+ $referer = ' ';
} elseif ( isset($_REQUEST['wp_http_referer']) ) {
$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
- $referer = ' ';
+ $referer = ' ';
} else {
$redirect = 'users.php';
$referer = '';
@@ -291,7 +291,7 @@ unset($role_links);
@@ -388,7 +388,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
$var = 'new_' . $var;
- $$var = isset($_REQUEST[$formpost]) ? attribute_escape(stripslashes($_REQUEST[$formpost])) : '';
+ $$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : '';
}
unset($name);
?>
diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php
index 0cee948436..3d3501c2fb 100644
--- a/wp-admin/widgets.php
+++ b/wp-admin/widgets.php
@@ -356,7 +356,7 @@ $i = 0;
foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) {
if ( 'wp_inactive_widgets' == $sidebar )
continue; ?>
- | |