Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
05c7b40a29
commit
3ebf837ced
|
@ -132,7 +132,7 @@ function _wp_ajax_delete_comment_response( $comment_id ) {
|
||||||
$total = (int) @$_POST['_total'];
|
$total = (int) @$_POST['_total'];
|
||||||
$per_page = (int) @$_POST['_per_page'];
|
$per_page = (int) @$_POST['_per_page'];
|
||||||
$page = (int) @$_POST['_page'];
|
$page = (int) @$_POST['_page'];
|
||||||
$url = clean_url( @$_POST['_url'], null, 'url' );
|
$url = esc_url_raw( @$_POST['_url'] );
|
||||||
// JS didn't send us everything we need to know. Just die with success message
|
// JS didn't send us everything we need to know. Just die with success message
|
||||||
if ( !$total || !$per_page || !$page || !$url )
|
if ( !$total || !$per_page || !$page || !$url )
|
||||||
die( (string) time() );
|
die( (string) time() );
|
||||||
|
|
|
@ -278,7 +278,7 @@ class Custom_Image_Header {
|
||||||
<h2><?php _e('Your Header Image'); ?></h2>
|
<h2><?php _e('Your Header Image'); ?></h2>
|
||||||
<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
|
<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
|
||||||
|
|
||||||
<div id="headimg" style="background-image: url(<?php clean_url(header_image()) ?>);">
|
<div id="headimg" style="background-image: url(<?php esc_url(header_image()) ?>);">
|
||||||
<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
|
<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
|
||||||
<div id="desc"><?php bloginfo('description');?></div>
|
<div id="desc"><?php bloginfo('description');?></div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -354,7 +354,7 @@ class Custom_Image_Header {
|
||||||
// Add the meta-data
|
// Add the meta-data
|
||||||
wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
|
wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
|
||||||
|
|
||||||
set_theme_mod('header_image', clean_url($url));
|
set_theme_mod('header_image', esc_url($url));
|
||||||
do_action('wp_create_file_in_uploads', $file, $id); // For replication
|
do_action('wp_create_file_in_uploads', $file, $id); // For replication
|
||||||
return $this->finished();
|
return $this->finished();
|
||||||
} elseif ( $width > HEADER_IMAGE_WIDTH ) {
|
} elseif ( $width > HEADER_IMAGE_WIDTH ) {
|
||||||
|
|
|
@ -87,10 +87,10 @@ function post_submit_meta_box($post) {
|
||||||
<div id="preview-action">
|
<div id="preview-action">
|
||||||
<?php
|
<?php
|
||||||
if ( 'publish' == $post->post_status ) {
|
if ( 'publish' == $post->post_status ) {
|
||||||
$preview_link = clean_url(get_permalink($post->ID));
|
$preview_link = esc_url(get_permalink($post->ID));
|
||||||
$preview_button = __('Preview Changes');
|
$preview_button = __('Preview Changes');
|
||||||
} else {
|
} else {
|
||||||
$preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
|
$preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
|
||||||
$preview_button = __('Preview');
|
$preview_button = __('Preview');
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -572,7 +572,7 @@ else
|
||||||
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
|
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
|
||||||
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
|
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
|
||||||
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
|
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
|
||||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
|
<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
|
||||||
<?php
|
<?php
|
||||||
if ( 'draft' != $post->post_status )
|
if ( 'draft' != $post->post_status )
|
||||||
wp_original_referer_field(true, 'previous');
|
wp_original_referer_field(true, 'previous');
|
||||||
|
|
|
@ -130,7 +130,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
|
||||||
|
|
||||||
<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
|
<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
|
||||||
<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
|
<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
|
||||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
|
<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
|
||||||
<?php wp_original_referer_field(true, 'previous'); ?>
|
<?php wp_original_referer_field(true, 'previous'); ?>
|
||||||
<input type="hidden" name="noredir" value="1" />
|
<input type="hidden" name="noredir" value="1" />
|
||||||
|
|
||||||
|
|
|
@ -81,10 +81,10 @@ function page_submit_meta_box($post) {
|
||||||
<div id="preview-action">
|
<div id="preview-action">
|
||||||
<?php
|
<?php
|
||||||
if ( 'publish' == $post->post_status ) {
|
if ( 'publish' == $post->post_status ) {
|
||||||
$preview_link = clean_url(get_permalink($post->ID));
|
$preview_link = esc_url(get_permalink($post->ID));
|
||||||
$preview_button = __('Preview Changes');
|
$preview_button = __('Preview Changes');
|
||||||
} else {
|
} else {
|
||||||
$preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
|
$preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
|
||||||
$preview_button = __('Preview');
|
$preview_button = __('Preview');
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -420,7 +420,7 @@ if (isset($mode) && 'bookmarklet' == $mode)
|
||||||
<?php echo $form_extra ?>
|
<?php echo $form_extra ?>
|
||||||
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
|
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
|
||||||
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
|
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
|
||||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
|
<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
|
||||||
<?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>
|
<?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>
|
||||||
|
|
||||||
<div id="poststuff" class="metabox-holder<?php echo 2 == $screen_layout_columns ? ' has-right-sidebar' : ''; ?>">
|
<div id="poststuff" class="metabox-holder<?php echo 2 == $screen_layout_columns ? ' has-right-sidebar' : ''; ?>">
|
||||||
|
|
|
@ -251,8 +251,8 @@ do_action('restrict_manage_posts');
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<div class="view-switch">
|
<div class="view-switch">
|
||||||
<a href="<?php echo clean_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
|
<a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
|
||||||
<a href="<?php echo clean_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
|
<a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="clear"></div>
|
<div class="clear"></div>
|
||||||
|
|
|
@ -186,7 +186,7 @@ class LJ_API_Import {
|
||||||
<p class="submit">
|
<p class="submit">
|
||||||
<input type="submit" class="button-primary" value="<?php esc_attr_e( 'Continue previous import' ) ?>" />
|
<input type="submit" class="button-primary" value="<?php esc_attr_e( 'Continue previous import' ) ?>" />
|
||||||
</p>
|
</p>
|
||||||
<p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p>
|
<p class="submitbox"><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p>
|
||||||
<p>
|
<p>
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
<input type="hidden" name="step" value="1" />
|
<input type="hidden" name="step" value="1" />
|
||||||
|
@ -724,7 +724,7 @@ class LJ_API_Import {
|
||||||
if ( empty( $this->username ) || empty( $this->password ) ) {
|
if ( empty( $this->username ) || empty( $this->password ) ) {
|
||||||
?>
|
?>
|
||||||
<p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p>
|
<p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p>
|
||||||
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
<p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
||||||
<?php
|
<?php
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -736,7 +736,7 @@ class LJ_API_Import {
|
||||||
delete_option( 'ljapi_protected_password' );
|
delete_option( 'ljapi_protected_password' );
|
||||||
?>
|
?>
|
||||||
<p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p>
|
<p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p>
|
||||||
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
<p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
|
||||||
<?php
|
<?php
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -30,10 +30,10 @@ function edit_link( $link_id = '' ) {
|
||||||
wp_die( __( 'Cheatin’ uh?' ));
|
wp_die( __( 'Cheatin’ uh?' ));
|
||||||
|
|
||||||
$_POST['link_url'] = esc_html( $_POST['link_url'] );
|
$_POST['link_url'] = esc_html( $_POST['link_url'] );
|
||||||
$_POST['link_url'] = clean_url($_POST['link_url']);
|
$_POST['link_url'] = esc_url($_POST['link_url']);
|
||||||
$_POST['link_name'] = esc_html( $_POST['link_name'] );
|
$_POST['link_name'] = esc_html( $_POST['link_name'] );
|
||||||
$_POST['link_image'] = esc_html( $_POST['link_image'] );
|
$_POST['link_image'] = esc_html( $_POST['link_image'] );
|
||||||
$_POST['link_rss'] = clean_url($_POST['link_rss']);
|
$_POST['link_rss'] = esc_url($_POST['link_rss']);
|
||||||
if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
|
if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
|
||||||
$_POST['link_visible'] = 'Y';
|
$_POST['link_visible'] = 'Y';
|
||||||
|
|
||||||
|
@ -54,7 +54,7 @@ function edit_link( $link_id = '' ) {
|
||||||
*/
|
*/
|
||||||
function get_default_link_to_edit() {
|
function get_default_link_to_edit() {
|
||||||
if ( isset( $_GET['linkurl'] ) )
|
if ( isset( $_GET['linkurl'] ) )
|
||||||
$link->link_url = clean_url( $_GET['linkurl']);
|
$link->link_url = esc_url( $_GET['linkurl']);
|
||||||
else
|
else
|
||||||
$link->link_url = '';
|
$link->link_url = '';
|
||||||
|
|
||||||
|
|
|
@ -932,7 +932,7 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin {
|
||||||
$stylesheet = $this->upgrader->result['destination_name'];
|
$stylesheet = $this->upgrader->result['destination_name'];
|
||||||
$template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet;
|
$template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet;
|
||||||
|
|
||||||
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(clean_url(get_option('home'))) ) );
|
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) );
|
||||||
$activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
|
$activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
|
||||||
|
|
||||||
$install_actions = array(
|
$install_actions = array(
|
||||||
|
@ -991,7 +991,7 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin {
|
||||||
$stylesheet = $this->upgrader->result['destination_name'];
|
$stylesheet = $this->upgrader->result['destination_name'];
|
||||||
$template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet;
|
$template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet;
|
||||||
|
|
||||||
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(clean_url(get_option('home'))) ) );
|
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) );
|
||||||
$activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
|
$activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
|
||||||
|
|
||||||
$update_actions = array(
|
$update_actions = array(
|
||||||
|
|
|
@ -89,7 +89,7 @@ function get_comment_to_edit( $id ) {
|
||||||
|
|
||||||
$comment->comment_author = format_to_edit( $comment->comment_author );
|
$comment->comment_author = format_to_edit( $comment->comment_author );
|
||||||
$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
|
$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
|
||||||
$comment->comment_author_url = clean_url($comment->comment_author_url);
|
$comment->comment_author_url = esc_url($comment->comment_author_url);
|
||||||
$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
|
$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
|
||||||
|
|
||||||
return $comment;
|
return $comment;
|
||||||
|
|
|
@ -115,12 +115,12 @@ function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_
|
||||||
$wp_dashboard_control_callbacks[$widget_id] = $control_callback;
|
$wp_dashboard_control_callbacks[$widget_id] = $control_callback;
|
||||||
if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) {
|
if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) {
|
||||||
list($url) = explode( '#', add_query_arg( 'edit', false ), 2 );
|
list($url) = explode( '#', add_query_arg( 'edit', false ), 2 );
|
||||||
$widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
|
$widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
|
||||||
add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' );
|
add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' );
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 );
|
list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 );
|
||||||
$widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
|
$widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
|
||||||
}
|
}
|
||||||
$side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary');
|
$side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary');
|
||||||
$location = 'normal';
|
$location = 'normal';
|
||||||
|
@ -357,14 +357,14 @@ function wp_dashboard_quick_press() {
|
||||||
$drafts = false;
|
$drafts = false;
|
||||||
if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) {
|
if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) {
|
||||||
$view = get_permalink( $_POST['post_ID'] );
|
$view = get_permalink( $_POST['post_ID'] );
|
||||||
$edit = clean_url( get_edit_post_link( $_POST['post_ID'] ) );
|
$edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) );
|
||||||
if ( 'post-quickpress-publish' == $_POST['action'] ) {
|
if ( 'post-quickpress-publish' == $_POST['action'] ) {
|
||||||
if ( current_user_can('publish_posts') )
|
if ( current_user_can('publish_posts') )
|
||||||
printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( $view ), $edit );
|
printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit );
|
||||||
else
|
else
|
||||||
printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
|
printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
|
||||||
} else {
|
} else {
|
||||||
printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
|
printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
|
||||||
$drafts_query = new WP_Query( array(
|
$drafts_query = new WP_Query( array(
|
||||||
'post_type' => 'post',
|
'post_type' => 'post',
|
||||||
'post_status' => 'draft',
|
'post_status' => 'draft',
|
||||||
|
@ -384,7 +384,7 @@ function wp_dashboard_quick_press() {
|
||||||
$post = get_default_post_to_edit();
|
$post = get_default_post_to_edit();
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
|
<form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
|
||||||
<h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
|
<h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
|
||||||
<div class="input-text-wrap">
|
<div class="input-text-wrap">
|
||||||
<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo esc_attr( $post->post_title ); ?>" />
|
<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo esc_attr( $post->post_title ); ?>" />
|
||||||
|
@ -525,12 +525,12 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
|
||||||
$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
|
$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
|
||||||
$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
|
$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
|
||||||
$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
|
$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
|
||||||
$comment_link = '<a class="comment-link" href="' . clean_url(get_comment_link()) . '">#</a>';
|
$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
|
||||||
|
|
||||||
$delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
$delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
||||||
$approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
|
$approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
|
||||||
$unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
|
$unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
|
||||||
$spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
$spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
||||||
|
|
||||||
$actions = array();
|
$actions = array();
|
||||||
|
|
||||||
|
@ -641,10 +641,10 @@ function wp_dashboard_incoming_links_output() {
|
||||||
$link = '';
|
$link = '';
|
||||||
$content = '';
|
$content = '';
|
||||||
$date = '';
|
$date = '';
|
||||||
$link = clean_url( strip_tags( $item->get_link() ) );
|
$link = esc_url( strip_tags( $item->get_link() ) );
|
||||||
|
|
||||||
$author = $item->get_author();
|
$author = $item->get_author();
|
||||||
$site_link = clean_url( strip_tags( $author->get_link() ) );
|
$site_link = esc_url( strip_tags( $author->get_link() ) );
|
||||||
|
|
||||||
if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
|
if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
|
||||||
$publisher = __( 'Somebody' );
|
$publisher = __( 'Somebody' );
|
||||||
|
@ -780,7 +780,7 @@ function wp_dashboard_plugins_output() {
|
||||||
|
|
||||||
list($link, $frag) = explode( '#', $item->get_link() );
|
list($link, $frag) = explode( '#', $item->get_link() );
|
||||||
|
|
||||||
$link = clean_url($link);
|
$link = esc_url($link);
|
||||||
if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) )
|
if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) )
|
||||||
$slug = $matches[1];
|
$slug = $matches[1];
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -77,7 +77,7 @@ function the_media_upload_tabs() {
|
||||||
if ( $current == $callback )
|
if ( $current == $callback )
|
||||||
$class = " class='current'";
|
$class = " class='current'";
|
||||||
$href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
|
$href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
|
||||||
$link = "<a href='" . clean_url($href) . "'$class>$text</a>";
|
$link = "<a href='" . esc_url($href) . "'$class>$text</a>";
|
||||||
echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n";
|
echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n";
|
||||||
}
|
}
|
||||||
echo "</ul>\n";
|
echo "</ul>\n";
|
||||||
|
@ -107,7 +107,7 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal
|
||||||
$rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : '';
|
$rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : '';
|
||||||
|
|
||||||
if ( $url )
|
if ( $url )
|
||||||
$html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
|
$html = '<a href="' . esc_url($url) . "\"$rel>$html</a>";
|
||||||
|
|
||||||
$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
|
$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
|
||||||
|
|
||||||
|
@ -1745,7 +1745,7 @@ if ( empty($_GET['post_mime_type']) || $_GET['post_mime_type'] == 'all' )
|
||||||
$class = ' class="current"';
|
$class = ' class="current"';
|
||||||
else
|
else
|
||||||
$class = '';
|
$class = '';
|
||||||
$type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
|
$type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
|
||||||
foreach ( $post_mime_types as $mime_type => $label ) {
|
foreach ( $post_mime_types as $mime_type => $label ) {
|
||||||
$class = '';
|
$class = '';
|
||||||
|
|
||||||
|
@ -1755,7 +1755,7 @@ foreach ( $post_mime_types as $mime_type => $label ) {
|
||||||
if ( isset($_GET['post_mime_type']) && wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
|
if ( isset($_GET['post_mime_type']) && wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
|
||||||
$class = ' class="current"';
|
$class = ' class="current"';
|
||||||
|
|
||||||
$type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
|
$type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
|
||||||
}
|
}
|
||||||
echo implode(' | </li>', $type_links) . '</li>';
|
echo implode(' | </li>', $type_links) . '</li>';
|
||||||
unset($type_links);
|
unset($type_links);
|
||||||
|
@ -2059,7 +2059,7 @@ add_filter('flash_uploader', 'media_upload_use_flash');
|
||||||
*/
|
*/
|
||||||
function media_upload_flash_bypass() {
|
function media_upload_flash_bypass() {
|
||||||
echo '<p class="upload-flash-bypass">';
|
echo '<p class="upload-flash-bypass">';
|
||||||
printf( __('You are using the Flash uploader. Problems? Try the <a href="%s">Browser uploader</a> instead.'), clean_url(add_query_arg('flash', 0)) );
|
printf( __('You are using the Flash uploader. Problems? Try the <a href="%s">Browser uploader</a> instead.'), esc_url(add_query_arg('flash', 0)) );
|
||||||
echo '</p>';
|
echo '</p>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2074,7 +2074,7 @@ function media_upload_html_bypass($flash = true) {
|
||||||
if ( $flash ) {
|
if ( $flash ) {
|
||||||
// the user manually selected the browser uploader, so let them switch back to Flash
|
// the user manually selected the browser uploader, so let them switch back to Flash
|
||||||
echo ' ';
|
echo ' ';
|
||||||
printf( __('Try the <a href="%s">Flash uploader</a> instead.'), clean_url(add_query_arg('flash', 1)) );
|
printf( __('Try the <a href="%s">Flash uploader</a> instead.'), esc_url(add_query_arg('flash', 1)) );
|
||||||
}
|
}
|
||||||
echo "</p>\n";
|
echo "</p>\n";
|
||||||
}
|
}
|
||||||
|
|
|
@ -138,7 +138,7 @@ function install_dashboard() {
|
||||||
$tags = array();
|
$tags = array();
|
||||||
foreach ( (array)$api_tags as $tag )
|
foreach ( (array)$api_tags as $tag )
|
||||||
$tags[ $tag['name'] ] = (object) array(
|
$tags[ $tag['name'] ] = (object) array(
|
||||||
'link' => clean_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
|
'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
|
||||||
'name' => $tag['name'],
|
'name' => $tag['name'],
|
||||||
'id' => sanitize_title_with_dashes($tag['name']),
|
'id' => sanitize_title_with_dashes($tag['name']),
|
||||||
'count' => $tag['count'] );
|
'count' => $tag['count'] );
|
||||||
|
@ -273,7 +273,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
|
||||||
<?php do_action('install_plugins_table_header'); ?>
|
<?php do_action('install_plugins_table_header'); ?>
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
$url = clean_url($_SERVER['REQUEST_URI']);
|
$url = esc_url($_SERVER['REQUEST_URI']);
|
||||||
if ( ! empty($term) )
|
if ( ! empty($term) )
|
||||||
$url = add_query_arg('s', $term, $url);
|
$url = add_query_arg('s', $term, $url);
|
||||||
if ( ! empty($type) )
|
if ( ! empty($type) )
|
||||||
|
@ -427,7 +427,7 @@ function install_plugin_information() {
|
||||||
|
|
||||||
$class = ( $section_name == $section ) ? ' class="current"' : '';
|
$class = ( $section_name == $section ) ? ' class="current"' : '';
|
||||||
$href = add_query_arg( array('tab' => $tab, 'section' => $section_name) );
|
$href = add_query_arg( array('tab' => $tab, 'section' => $section_name) );
|
||||||
$href = clean_url($href);
|
$href = esc_url($href);
|
||||||
$san_title = esc_attr(sanitize_title_with_dashes($title));
|
$san_title = esc_attr(sanitize_title_with_dashes($title));
|
||||||
echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n";
|
echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n";
|
||||||
}
|
}
|
||||||
|
|
|
@ -333,7 +333,7 @@ function get_default_post_to_edit() {
|
||||||
else if ( !empty( $post_title ) ) {
|
else if ( !empty( $post_title ) ) {
|
||||||
$text = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) );
|
$text = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) );
|
||||||
$text = funky_javascript_fix( $text);
|
$text = funky_javascript_fix( $text);
|
||||||
$popupurl = clean_url($_REQUEST['popupurl']);
|
$popupurl = esc_url($_REQUEST['popupurl']);
|
||||||
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
|
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1897,7 +1897,7 @@ function user_row( $user_object, $style = '', $role = '' ) {
|
||||||
if ($current_user->ID == $user_object->ID) {
|
if ($current_user->ID == $user_object->ID) {
|
||||||
$edit_link = 'profile.php';
|
$edit_link = 'profile.php';
|
||||||
} else {
|
} else {
|
||||||
$edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
|
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
|
||||||
}
|
}
|
||||||
$edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />";
|
$edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />";
|
||||||
|
|
||||||
|
@ -2092,10 +2092,10 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
||||||
else
|
else
|
||||||
$ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
|
$ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
|
||||||
|
|
||||||
$delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
$delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
||||||
$approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
|
$approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
|
||||||
$unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
|
$unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
|
||||||
$spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
$spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
||||||
|
|
||||||
echo "<tr id='comment-$comment->comment_ID' class='$the_comment_status'>";
|
echo "<tr id='comment-$comment->comment_ID' class='$the_comment_status'>";
|
||||||
$columns = get_column_headers('edit-comments');
|
$columns = get_column_headers('edit-comments');
|
||||||
|
|
|
@ -309,9 +309,9 @@ function display_theme($theme, $actions = null, $show_details = true) {
|
||||||
$actions = implode ( ' | ', $actions );
|
$actions = implode ( ' | ', $actions );
|
||||||
?>
|
?>
|
||||||
<a class='thickbox thickbox-preview screenshot'
|
<a class='thickbox thickbox-preview screenshot'
|
||||||
href='<? echo clean_url($preview_link); ?>'
|
href='<? echo esc_url($preview_link); ?>'
|
||||||
title='<?php echo esc_attr(sprintf(__('Preview “%s”'), $name)); ?>'>
|
title='<?php echo esc_attr(sprintf(__('Preview “%s”'), $name)); ?>'>
|
||||||
<img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' />
|
<img src='<?php echo esc_url($theme->screenshot_url); ?>' width='150' />
|
||||||
</a>
|
</a>
|
||||||
<h3><?php echo $name ?></h3>
|
<h3><?php echo $name ?></h3>
|
||||||
<span class='action-links'><?php echo $actions ?></span>
|
<span class='action-links'><?php echo $actions ?></span>
|
||||||
|
@ -374,7 +374,7 @@ function display_themes($themes, $page = 1, $totalpages = 1) {
|
||||||
<div class="tablenav">
|
<div class="tablenav">
|
||||||
<div class="alignleft actions"><?php do_action('install_themes_table_header'); ?></div>
|
<div class="alignleft actions"><?php do_action('install_themes_table_header'); ?></div>
|
||||||
<?php
|
<?php
|
||||||
$url = clean_url($_SERVER['REQUEST_URI']);
|
$url = esc_url($_SERVER['REQUEST_URI']);
|
||||||
if ( ! empty($term) )
|
if ( ! empty($term) )
|
||||||
$url = add_query_arg('s', $term, $url);
|
$url = add_query_arg('s', $term, $url);
|
||||||
if ( ! empty($type) )
|
if ( ! empty($type) )
|
||||||
|
@ -502,7 +502,7 @@ function install_theme_information() {
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<div class='available-theme'>
|
<div class='available-theme'>
|
||||||
<img src='<?php echo clean_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" />
|
<img src='<?php echo esc_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" />
|
||||||
<h3><?php echo $api->name; ?></h3>
|
<h3><?php echo $api->name; ?></h3>
|
||||||
<p><?php printf(__('by %s'), $api->author); ?></p>
|
<p><?php printf(__('by %s'), $api->author); ?></p>
|
||||||
<p><?php printf(__('Version: %s'), $api->version); ?></p>
|
<p><?php printf(__('Version: %s'), $api->version); ?></p>
|
||||||
|
|
|
@ -159,11 +159,11 @@ function wp_plugin_update_row( $file, $plugin_data ) {
|
||||||
|
|
||||||
echo '<tr><td colspan="5" class="plugin-update">';
|
echo '<tr><td colspan="5" class="plugin-update">';
|
||||||
if ( ! current_user_can('update_plugins') )
|
if ( ! current_user_can('update_plugins') )
|
||||||
printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
|
printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version );
|
||||||
else if ( empty($r->package) )
|
else if ( empty($r->package) )
|
||||||
printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
|
printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version );
|
||||||
else
|
else
|
||||||
printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
|
printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
|
||||||
|
|
||||||
do_action( "in_plugin_update_message-$file", $plugin_data, $r );
|
do_action( "in_plugin_update_message-$file", $plugin_data, $r );
|
||||||
|
|
||||||
|
|
|
@ -91,7 +91,7 @@ function edit_user( $user_id = 0 ) {
|
||||||
if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
|
if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
|
||||||
$user->user_url = '';
|
$user->user_url = '';
|
||||||
} else {
|
} else {
|
||||||
$user->user_url = clean_url( trim( $_POST['url'] ));
|
$user->user_url = esc_url( trim( $_POST['url'] ));
|
||||||
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
|
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -372,7 +372,7 @@ function get_user_to_edit( $user_id ) {
|
||||||
$user = new WP_User( $user_id );
|
$user = new WP_User( $user_id );
|
||||||
$user->user_login = esc_attr($user->user_login);
|
$user->user_login = esc_attr($user->user_login);
|
||||||
$user->user_email = esc_attr($user->user_email);
|
$user->user_email = esc_attr($user->user_email);
|
||||||
$user->user_url = clean_url($user->user_url);
|
$user->user_url = esc_url($user->user_url);
|
||||||
$user->first_name = esc_attr($user->first_name);
|
$user->first_name = esc_attr($user->first_name);
|
||||||
$user->last_name = esc_attr($user->last_name);
|
$user->last_name = esc_attr($user->last_name);
|
||||||
$user->display_name = esc_attr($user->display_name);
|
$user->display_name = esc_attr($user->display_name);
|
||||||
|
|
|
@ -169,7 +169,7 @@ function wp_widget_control( $sidebar_args ) {
|
||||||
<div class="widget-top">
|
<div class="widget-top">
|
||||||
<div class="widget-title-action">
|
<div class="widget-title-action">
|
||||||
<a class="widget-action hide-if-no-js" href="#available-widgets"></a>
|
<a class="widget-action hide-if-no-js" href="#available-widgets"></a>
|
||||||
<a class="widget-control-edit hide-if-js" href="<?php echo clean_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a>
|
<a class="widget-control-edit hide-if-js" href="<?php echo esc_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a>
|
||||||
</div>
|
</div>
|
||||||
<div class="widget-title"><h4><?php echo $widget_title ?><span class="in-widget-title"></span></h4></div>
|
<div class="widget-title"><h4><?php echo $widget_title ?><span class="in-widget-title"></span></h4></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -12,7 +12,7 @@ function dvortr( $str ) {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
|
$j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
|
||||||
$n = esc_html( $GLOBALS['current_user']->data->display_name );
|
$n = esc_html( $GLOBALS['current_user']->data->display_name );
|
||||||
$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );
|
$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );
|
||||||
|
|
||||||
|
|
|
@ -84,7 +84,7 @@ case 'edit' :
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php _e( 'Edit Media' ); ?></h2>
|
<h2><?php _e( 'Edit Media' ); ?></h2>
|
||||||
|
|
||||||
<form method="post" action="<?php echo clean_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form">
|
<form method="post" action="<?php echo esc_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form">
|
||||||
<div class="media-single">
|
<div class="media-single">
|
||||||
<div id='media-item-<?php echo $att_id; ?>' class='media-item'>
|
<div id='media-item-<?php echo $att_id; ?>' class='media-item'>
|
||||||
<?php echo get_media_item( $att_id, array( 'toggle' => false, 'send' => false, 'delete' => false, 'show_title' => false, 'errors' => $errors ) ); ?>
|
<?php echo get_media_item( $att_id, array( 'toggle' => false, 'send' => false, 'delete' => false, 'show_title' => false, 'errors' => $errors ) ); ?>
|
||||||
|
|
|
@ -134,7 +134,7 @@ if ( !empty($action) ) {
|
||||||
?>
|
?>
|
||||||
</ul>
|
</ul>
|
||||||
<p><?php _e('Are you sure you wish to delete these files?') ?></p>
|
<p><?php _e('Are you sure you wish to delete these files?') ?></p>
|
||||||
<form method="post" action="<?php echo clean_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;">
|
<form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;">
|
||||||
<input type="hidden" name="verify-delete" value="1" />
|
<input type="hidden" name="verify-delete" value="1" />
|
||||||
<input type="hidden" name="action" value="delete-selected" />
|
<input type="hidden" name="action" value="delete-selected" />
|
||||||
<?php
|
<?php
|
||||||
|
@ -144,7 +144,7 @@ if ( !empty($action) ) {
|
||||||
<?php wp_nonce_field('bulk-manage-plugins') ?>
|
<?php wp_nonce_field('bulk-manage-plugins') ?>
|
||||||
<input type="submit" name="submit" value="<?php esc_attr_e('Yes, Delete these files') ?>" class="button" />
|
<input type="submit" name="submit" value="<?php esc_attr_e('Yes, Delete these files') ?>" class="button" />
|
||||||
</form>
|
</form>
|
||||||
<form method="post" action="<?php echo clean_url(wp_get_referer()); ?>" style="display:inline;">
|
<form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;">
|
||||||
<input type="submit" name="submit" value="<?php esc_attr_e('No, Return me to the plugin list') ?>" class="button" />
|
<input type="submit" name="submit" value="<?php esc_attr_e('No, Return me to the plugin list') ?>" class="button" />
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
|
|
@ -97,7 +97,7 @@ if ( ! empty($selection) ) {
|
||||||
$selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
|
$selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
|
||||||
$selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';
|
$selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';
|
||||||
}
|
}
|
||||||
$url = isset($_GET['u']) ? clean_url($_GET['u']) : '';
|
$url = isset($_GET['u']) ? esc_url($_GET['u']) : '';
|
||||||
$image = isset($_GET['i']) ? $_GET['i'] : '';
|
$image = isset($_GET['i']) ? $_GET['i'] : '';
|
||||||
|
|
||||||
if ( !empty($_REQUEST['ajax']) ) {
|
if ( !empty($_REQUEST['ajax']) ) {
|
||||||
|
@ -140,7 +140,7 @@ switch ($_REQUEST['ajax']) {
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" />
|
<p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" />
|
||||||
<a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p>
|
<a href="#" class="select"><img src="<?php echo esc_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p>
|
||||||
|
|
||||||
<p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p>
|
<p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p>
|
||||||
|
|
||||||
|
@ -205,7 +205,7 @@ switch ($_REQUEST['ajax']) {
|
||||||
$src = 'http://'.str_replace('//','/', $host['host'].'/'.$src);
|
$src = 'http://'.str_replace('//','/', $host['host'].'/'.$src);
|
||||||
else
|
else
|
||||||
$src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src);
|
$src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src);
|
||||||
$sources[] = clean_url($src);
|
$sources[] = esc_url($src);
|
||||||
}
|
}
|
||||||
return "'" . implode("','", $sources) . "'";
|
return "'" . implode("','", $sources) . "'";
|
||||||
}
|
}
|
||||||
|
@ -222,7 +222,7 @@ switch ($_REQUEST['ajax']) {
|
||||||
var my_src = eval(
|
var my_src = eval(
|
||||||
jQuery.ajax({
|
jQuery.ajax({
|
||||||
type: "GET",
|
type: "GET",
|
||||||
url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
|
url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
|
||||||
cache : false,
|
cache : false,
|
||||||
async : false,
|
async : false,
|
||||||
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
|
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
|
||||||
|
@ -233,7 +233,7 @@ switch ($_REQUEST['ajax']) {
|
||||||
var my_src = eval(
|
var my_src = eval(
|
||||||
jQuery.ajax({
|
jQuery.ajax({
|
||||||
type: "GET",
|
type: "GET",
|
||||||
url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
|
url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
|
||||||
cache : false,
|
cache : false,
|
||||||
async : false,
|
async : false,
|
||||||
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
|
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
|
||||||
|
@ -377,7 +377,7 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
|
||||||
jQuery('#extra_fields').show();
|
jQuery('#extra_fields').show();
|
||||||
switch(tab_name) {
|
switch(tab_name) {
|
||||||
case 'video' :
|
case 'video' :
|
||||||
jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() {
|
jQuery('#extra_fields').load('<?php echo esc_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() {
|
||||||
<?php
|
<?php
|
||||||
$content = '';
|
$content = '';
|
||||||
if ( preg_match("/youtube\.com\/watch/i", $url) ) {
|
if ( preg_match("/youtube\.com\/watch/i", $url) ) {
|
||||||
|
@ -406,7 +406,7 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
|
||||||
jQuery.ajax({
|
jQuery.ajax({
|
||||||
type: "GET",
|
type: "GET",
|
||||||
cache : false,
|
cache : false,
|
||||||
url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
|
url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
|
||||||
data: "ajax=photo_js&u=<?php echo urlencode($url)?>",
|
data: "ajax=photo_js&u=<?php echo urlencode($url)?>",
|
||||||
dataType : "script",
|
dataType : "script",
|
||||||
success : function() {
|
success : function() {
|
||||||
|
|
|
@ -194,7 +194,7 @@ foreach ( $cols as $col => $theme_name ) {
|
||||||
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
|
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
|
||||||
$template_dir = $themes[$theme_name]['Template Dir'];
|
$template_dir = $themes[$theme_name]['Template Dir'];
|
||||||
$parent_theme = $themes[$theme_name]['Parent Theme'];
|
$parent_theme = $themes[$theme_name]['Parent Theme'];
|
||||||
$preview_link = clean_url( get_option('home') . '/');
|
$preview_link = esc_url( get_option('home') . '/');
|
||||||
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) );
|
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) );
|
||||||
$preview_text = esc_attr( sprintf( __('Preview of “%s”'), $title ) );
|
$preview_text = esc_attr( sprintf( __('Preview of “%s”'), $title ) );
|
||||||
$tags = $themes[$theme_name]['Tags'];
|
$tags = $themes[$theme_name]['Tags'];
|
||||||
|
|
|
@ -44,7 +44,7 @@ function list_core_update( $update ) {
|
||||||
echo '<input id="upgrade" class="button" type="submit" value="' . esc_attr($submit) . '" name="upgrade" /> ';
|
echo '<input id="upgrade" class="button" type="submit" value="' . esc_attr($submit) . '" name="upgrade" /> ';
|
||||||
echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>';
|
echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>';
|
||||||
echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>';
|
echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>';
|
||||||
echo '<a href="' . clean_url($update->package) . '" class="button">' . $download . '</a> ';
|
echo '<a href="' . esc_url($update->package) . '" class="button">' . $download . '</a> ';
|
||||||
if ( 'en_US' != $update->locale )
|
if ( 'en_US' != $update->locale )
|
||||||
if ( !isset( $update->dismissed ) || !$update->dismissed )
|
if ( !isset( $update->dismissed ) || !$update->dismissed )
|
||||||
echo '<input id="dismiss" class="button" type="submit" value="' . esc_attr__('Hide this update') . '" name="dismiss" />';
|
echo '<input id="dismiss" class="button" type="submit" value="' . esc_attr__('Hide this update') . '" name="dismiss" />';
|
||||||
|
|
|
@ -57,7 +57,7 @@ $step = (int) $step;
|
||||||
switch ( $step ) :
|
switch ( $step ) :
|
||||||
case 0:
|
case 0:
|
||||||
$goback = stripslashes( wp_get_referer() );
|
$goback = stripslashes( wp_get_referer() );
|
||||||
$goback = clean_url( $goback, null, 'url' );
|
$goback = esc_url_raw( $goback );
|
||||||
$goback = urlencode( $goback );
|
$goback = urlencode( $goback );
|
||||||
?>
|
?>
|
||||||
<h2><?php _e( 'Database Upgrade Required' ); ?></h2>
|
<h2><?php _e( 'Database Upgrade Required' ); ?></h2>
|
||||||
|
@ -73,7 +73,7 @@ switch ( $step ) :
|
||||||
$backto = __get_option( 'home' ) . '/';
|
$backto = __get_option( 'home' ) . '/';
|
||||||
else {
|
else {
|
||||||
$backto = stripslashes( urldecode( $_GET['backto'] ) );
|
$backto = stripslashes( urldecode( $_GET['backto'] ) );
|
||||||
$backto = clean_url( $backto, null, 'url' );
|
$backto = esc_urlaw( $backto );
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<h2><?php _e( 'Upgrade Complete' ); ?></h2>
|
<h2><?php _e( 'Upgrade Complete' ); ?></h2>
|
||||||
|
|
|
@ -120,7 +120,7 @@ include ('admin-header.php');
|
||||||
<form id="your-profile" action="" method="post">
|
<form id="your-profile" action="" method="post">
|
||||||
<?php wp_nonce_field('update-user_' . $user_id) ?>
|
<?php wp_nonce_field('update-user_' . $user_id) ?>
|
||||||
<?php if ( $wp_http_referer ) : ?>
|
<?php if ( $wp_http_referer ) : ?>
|
||||||
<input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
|
<input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" />
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<p>
|
<p>
|
||||||
<input type="hidden" name="from" value="profile" />
|
<input type="hidden" name="from" value="profile" />
|
||||||
|
|
|
@ -81,7 +81,7 @@ if ( !$user->ID ) {
|
||||||
$comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
|
$comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
|
||||||
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
}
|
}
|
||||||
|
|
||||||
$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
|
$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
|
||||||
|
|
|
@ -70,7 +70,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
|
||||||
|
|
||||||
$the_link = '#';
|
$the_link = '#';
|
||||||
if ( !empty($bookmark->link_url) )
|
if ( !empty($bookmark->link_url) )
|
||||||
$the_link = clean_url($bookmark->link_url);
|
$the_link = esc_url($bookmark->link_url);
|
||||||
|
|
||||||
$desc = esc_attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
|
$desc = esc_attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
|
||||||
$name = esc_attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
|
$name = esc_attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
|
||||||
|
|
|
@ -659,7 +659,7 @@ function wp_generate_tag_cloud( $tags, $args = '' ) {
|
||||||
|
|
||||||
foreach ( $tags as $key => $tag ) {
|
foreach ( $tags as $key => $tag ) {
|
||||||
$count = $counts[ $key ];
|
$count = $counts[ $key ];
|
||||||
$tag_link = '#' != $tag->link ? clean_url( $tag->link ) : '#';
|
$tag_link = '#' != $tag->link ? esc_url( $tag->link ) : '#';
|
||||||
$tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key;
|
$tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key;
|
||||||
$tag_name = $tags[ $key ]->name;
|
$tag_name = $tags[ $key ]->name;
|
||||||
$a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . esc_attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
|
$a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . esc_attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
|
||||||
|
|
|
@ -115,7 +115,7 @@ class WP_Scripts extends WP_Dependencies {
|
||||||
}
|
}
|
||||||
|
|
||||||
$src = add_query_arg('ver', $ver, $src);
|
$src = add_query_arg('ver', $ver, $src);
|
||||||
$src = clean_url(apply_filters( 'script_loader_src', $src, $handle ));
|
$src = esc_url(apply_filters( 'script_loader_src', $src, $handle ));
|
||||||
|
|
||||||
if ( $this->do_concat )
|
if ( $this->do_concat )
|
||||||
$this->print_html .= "<script type='text/javascript' src='$src'></script>\n";
|
$this->print_html .= "<script type='text/javascript' src='$src'></script>\n";
|
||||||
|
|
|
@ -102,7 +102,7 @@ class WP_Styles extends WP_Dependencies {
|
||||||
|
|
||||||
$src = add_query_arg('ver', $ver, $src);
|
$src = add_query_arg('ver', $ver, $src);
|
||||||
$src = apply_filters( 'style_loader_src', $src, $handle );
|
$src = apply_filters( 'style_loader_src', $src, $handle );
|
||||||
return clean_url( $src );
|
return esc_url( $src );
|
||||||
}
|
}
|
||||||
|
|
||||||
function in_default_dir($src) {
|
function in_default_dir($src) {
|
||||||
|
|
|
@ -995,9 +995,9 @@ function get_comment_reply_link($args = array(), $comment = null, $post = null)
|
||||||
$link = '';
|
$link = '';
|
||||||
|
|
||||||
if ( get_option('comment_registration') && !$user_ID )
|
if ( get_option('comment_registration') && !$user_ID )
|
||||||
$link = '<a rel="nofollow" class="comment-reply-login" href="' . clean_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>';
|
$link = '<a rel="nofollow" class="comment-reply-login" href="' . esc_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>';
|
||||||
else
|
else
|
||||||
$link = "<a rel='nofollow' class='comment-reply-link' href='" . clean_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
|
$link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
|
||||||
return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post);
|
return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ $filters = array('pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_
|
||||||
foreach ( $filters as $filter ) {
|
foreach ( $filters as $filter ) {
|
||||||
add_filter($filter, 'strip_tags');
|
add_filter($filter, 'strip_tags');
|
||||||
add_filter($filter, 'trim');
|
add_filter($filter, 'trim');
|
||||||
add_filter($filter, 'sanitize_url');
|
add_filter($filter, 'esc_url_raw');
|
||||||
add_filter($filter, 'wp_filter_kses');
|
add_filter($filter, 'wp_filter_kses');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ $filters = array('user_url', 'link_url', 'link_image', 'link_rss', 'comment_url'
|
||||||
foreach ( $filters as $filter ) {
|
foreach ( $filters as $filter ) {
|
||||||
add_filter($filter, 'strip_tags');
|
add_filter($filter, 'strip_tags');
|
||||||
add_filter($filter, 'trim');
|
add_filter($filter, 'trim');
|
||||||
add_filter($filter, 'clean_url');
|
add_filter($filter, 'esc_url');
|
||||||
add_filter($filter, 'wp_filter_kses');
|
add_filter($filter, 'wp_filter_kses');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -659,7 +659,7 @@ class WP_Widget_Recent_Comments extends WP_Widget {
|
||||||
<?php if ( $title ) echo $before_title . $title . $after_title; ?>
|
<?php if ( $title ) echo $before_title . $title . $after_title; ?>
|
||||||
<ul id="recentcomments"><?php
|
<ul id="recentcomments"><?php
|
||||||
if ( $comments ) : foreach ( (array) $comments as $comment) :
|
if ( $comments ) : foreach ( (array) $comments as $comment) :
|
||||||
echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
|
echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
|
||||||
endforeach; endif;?></ul>
|
endforeach; endif;?></ul>
|
||||||
<?php echo $after_widget; ?>
|
<?php echo $after_widget; ?>
|
||||||
<?php
|
<?php
|
||||||
|
@ -730,7 +730,7 @@ class WP_Widget_RSS extends WP_Widget {
|
||||||
$desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
|
$desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
|
||||||
if ( empty($title) )
|
if ( empty($title) )
|
||||||
$title = htmlentities(strip_tags($rss->get_title()));
|
$title = htmlentities(strip_tags($rss->get_title()));
|
||||||
$link = clean_url(strip_tags($rss->get_permalink()));
|
$link = esc_url(strip_tags($rss->get_permalink()));
|
||||||
while ( stristr($link, 'http') != $link )
|
while ( stristr($link, 'http') != $link )
|
||||||
$link = substr($link, 1);
|
$link = substr($link, 1);
|
||||||
}
|
}
|
||||||
|
@ -739,7 +739,7 @@ class WP_Widget_RSS extends WP_Widget {
|
||||||
$title = empty($desc) ? __('Unknown Feed') : $desc;
|
$title = empty($desc) ? __('Unknown Feed') : $desc;
|
||||||
|
|
||||||
$title = apply_filters('widget_title', $title );
|
$title = apply_filters('widget_title', $title );
|
||||||
$url = clean_url(strip_tags($url));
|
$url = esc_url(strip_tags($url));
|
||||||
$icon = includes_url('images/rss.png');
|
$icon = includes_url('images/rss.png');
|
||||||
if ( $title )
|
if ( $title )
|
||||||
$title = "<a class='rsswidget' href='$url' title='" . esc_attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
|
$title = "<a class='rsswidget' href='$url' title='" . esc_attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
|
||||||
|
@ -813,7 +813,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
|
||||||
$link = $item->get_link();
|
$link = $item->get_link();
|
||||||
while ( stristr($link, 'http') != $link )
|
while ( stristr($link, 'http') != $link )
|
||||||
$link = substr($link, 1);
|
$link = substr($link, 1);
|
||||||
$link = clean_url(strip_tags($link));
|
$link = esc_url(strip_tags($link));
|
||||||
$title = esc_attr(strip_tags($item->get_title()));
|
$title = esc_attr(strip_tags($item->get_title()));
|
||||||
if ( empty($title) )
|
if ( empty($title) )
|
||||||
$title = __('Untitled');
|
$title = __('Untitled');
|
||||||
|
@ -879,7 +879,7 @@ function wp_widget_rss_form( $args, $inputs = null ) {
|
||||||
|
|
||||||
$number = esc_attr( $number );
|
$number = esc_attr( $number );
|
||||||
$title = esc_attr( $title );
|
$title = esc_attr( $title );
|
||||||
$url = clean_url( $url );
|
$url = esc_url( $url );
|
||||||
$items = (int) $items;
|
$items = (int) $items;
|
||||||
if ( $items < 1 || 20 < $items )
|
if ( $items < 1 || 20 < $items )
|
||||||
$items = 10;
|
$items = 10;
|
||||||
|
@ -958,7 +958,7 @@ function wp_widget_rss_process( $widget_rss, $check_feed = true ) {
|
||||||
$items = (int) $widget_rss['items'];
|
$items = (int) $widget_rss['items'];
|
||||||
if ( $items < 1 || 20 < $items )
|
if ( $items < 1 || 20 < $items )
|
||||||
$items = 10;
|
$items = 10;
|
||||||
$url = sanitize_url(strip_tags( $widget_rss['url'] ));
|
$url = esc_url_raw(strip_tags( $widget_rss['url'] ));
|
||||||
$title = trim(strip_tags( $widget_rss['title'] ));
|
$title = trim(strip_tags( $widget_rss['title'] ));
|
||||||
$show_summary = (int) $widget_rss['show_summary'];
|
$show_summary = (int) $widget_rss['show_summary'];
|
||||||
$show_author = (int) $widget_rss['show_author'];
|
$show_author = (int) $widget_rss['show_author'];
|
||||||
|
@ -971,7 +971,7 @@ function wp_widget_rss_process( $widget_rss, $check_feed = true ) {
|
||||||
if ( is_wp_error($rss) ) {
|
if ( is_wp_error($rss) ) {
|
||||||
$error = $rss->get_error_message();
|
$error = $rss->get_error_message();
|
||||||
} else {
|
} else {
|
||||||
$link = clean_url(strip_tags($rss->get_permalink()));
|
$link = esc_url(strip_tags($rss->get_permalink()));
|
||||||
while ( stristr($link, 'http') != $link )
|
while ( stristr($link, 'http') != $link )
|
||||||
$link = substr($link, 1);
|
$link = substr($link, 1);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1001,7 +1001,7 @@ function get_links($category = -1, $before = '', $after = '<br />', $between = '
|
||||||
$output .= get_option('links_recently_updated_prepend');
|
$output .= get_option('links_recently_updated_prepend');
|
||||||
$the_link = '#';
|
$the_link = '#';
|
||||||
if ( !empty($row->link_url) )
|
if ( !empty($row->link_url) )
|
||||||
$the_link = clean_url($row->link_url);
|
$the_link = esc_url($row->link_url);
|
||||||
$rel = $row->link_rel;
|
$rel = $row->link_rel;
|
||||||
if ( '' != $rel )
|
if ( '' != $rel )
|
||||||
$rel = ' rel="' . $rel . '"';
|
$rel = ' rel="' . $rel . '"';
|
||||||
|
|
|
@ -255,7 +255,7 @@ function get_comment_guid($comment_id = null) {
|
||||||
* @since 1.5.0
|
* @since 1.5.0
|
||||||
*/
|
*/
|
||||||
function comment_link() {
|
function comment_link() {
|
||||||
echo clean_url( get_comment_link() );
|
echo esc_url( get_comment_link() );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -503,7 +503,7 @@ function prep_atom_text_construct($data) {
|
||||||
function self_link() {
|
function self_link() {
|
||||||
$host = @parse_url(get_option('home'));
|
$host = @parse_url(get_option('home'));
|
||||||
$host = $host['host'];
|
$host = $host['host'];
|
||||||
echo clean_url(
|
echo esc_url(
|
||||||
'http'
|
'http'
|
||||||
. ( (isset($_SERVER['https']) && $_SERVER['https'] == 'on') ? 's' : '' ) . '://'
|
. ( (isset($_SERVER['https']) && $_SERVER['https'] == 'on') ? 's' : '' ) . '://'
|
||||||
. $host
|
. $host
|
||||||
|
|
|
@ -1149,7 +1149,7 @@ function antispambot($emailaddy, $mailto=0) {
|
||||||
*/
|
*/
|
||||||
function _make_url_clickable_cb($matches) {
|
function _make_url_clickable_cb($matches) {
|
||||||
$url = $matches[2];
|
$url = $matches[2];
|
||||||
$url = clean_url($url);
|
$url = esc_url($url);
|
||||||
if ( empty($url) )
|
if ( empty($url) )
|
||||||
return $matches[0];
|
return $matches[0];
|
||||||
return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>";
|
return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>";
|
||||||
|
@ -1171,7 +1171,7 @@ function _make_web_ftp_clickable_cb($matches) {
|
||||||
$ret = '';
|
$ret = '';
|
||||||
$dest = $matches[2];
|
$dest = $matches[2];
|
||||||
$dest = 'http://' . $dest;
|
$dest = 'http://' . $dest;
|
||||||
$dest = clean_url($dest);
|
$dest = esc_url($dest);
|
||||||
if ( empty($dest) )
|
if ( empty($dest) )
|
||||||
return $matches[0];
|
return $matches[0];
|
||||||
// removed trailing [,;:] from URL
|
// removed trailing [,;:] from URL
|
||||||
|
@ -1988,7 +1988,7 @@ function wp_htmledit_pre($output) {
|
||||||
* Checks and cleans a URL.
|
* Checks and cleans a URL.
|
||||||
*
|
*
|
||||||
* A number of characters are removed from the URL. If the URL is for displaying
|
* A number of characters are removed from the URL. If the URL is for displaying
|
||||||
* (the default behaviour) amperstands are also replaced. The 'clean_url' filter
|
* (the default behaviour) amperstands are also replaced. The 'esc_url' filter
|
||||||
* is applied to the returned cleaned URL.
|
* is applied to the returned cleaned URL.
|
||||||
*
|
*
|
||||||
* @since 1.2.0
|
* @since 1.2.0
|
||||||
|
@ -2032,9 +2032,47 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Performs clean_url() for database usage.
|
* Checks and cleans a URL.
|
||||||
*
|
*
|
||||||
* @see clean_url()
|
* A number of characters are removed from the URL. If the URL is for displaying
|
||||||
|
* (the default behaviour) amperstands are also replaced. The 'esc_url' filter
|
||||||
|
* is applied to the returned cleaned URL.
|
||||||
|
*
|
||||||
|
* @since 2.8.0
|
||||||
|
* @uses esc_url()
|
||||||
|
* @uses wp_kses_bad_protocol() To only permit protocols in the URL set
|
||||||
|
* via $protocols or the common ones set in the function.
|
||||||
|
*
|
||||||
|
* @param string $url The URL to be cleaned.
|
||||||
|
* @param array $protocols Optional. An array of acceptable protocols.
|
||||||
|
* Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
|
||||||
|
* @return string The cleaned $url after the 'cleaned_url' filter is applied.
|
||||||
|
*/
|
||||||
|
function esc_url( $url, $protocols = null ) {
|
||||||
|
return clean_url( $url, $protocols, 'display' );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Performs esc_url() for database usage.
|
||||||
|
*
|
||||||
|
* @see esc_url()
|
||||||
|
* @see esc_url()
|
||||||
|
*
|
||||||
|
* @since 2.8.0
|
||||||
|
*
|
||||||
|
* @param string $url The URL to be cleaned.
|
||||||
|
* @param array $protocols An array of acceptable protocols.
|
||||||
|
* @return string The cleaned URL.
|
||||||
|
*/
|
||||||
|
function esc_url_raw( $url, $protocols = null ) {
|
||||||
|
return clean_url( $url, $protocols, 'db' );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Performs esc_url() for database or redirect usage.
|
||||||
|
*
|
||||||
|
* @see esc_url()
|
||||||
|
* @deprecated 2.8.0
|
||||||
*
|
*
|
||||||
* @since 2.3.1
|
* @since 2.3.1
|
||||||
*
|
*
|
||||||
|
@ -2280,7 +2318,7 @@ function sanitize_option($option, $value) {
|
||||||
case 'siteurl':
|
case 'siteurl':
|
||||||
case 'home':
|
case 'home':
|
||||||
$value = stripslashes($value);
|
$value = stripslashes($value);
|
||||||
$value = clean_url($value);
|
$value = esc_url($value);
|
||||||
break;
|
break;
|
||||||
default :
|
default :
|
||||||
$value = apply_filters("sanitize_option_{$option}", $value, $option);
|
$value = apply_filters("sanitize_option_{$option}", $value, $option);
|
||||||
|
|
|
@ -2336,7 +2336,7 @@ function wp_nonce_ays( $action ) {
|
||||||
$title = __( 'WordPress Failure Notice' );
|
$title = __( 'WordPress Failure Notice' );
|
||||||
$html = esc_html( wp_explain_nonce( $action ) );
|
$html = esc_html( wp_explain_nonce( $action ) );
|
||||||
if ( wp_get_referer() )
|
if ( wp_get_referer() )
|
||||||
$html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
|
$html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
|
||||||
elseif ( 'log-out' == $action )
|
elseif ( 'log-out' == $action )
|
||||||
$html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url() );
|
$html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url() );
|
||||||
|
|
||||||
|
|
|
@ -141,9 +141,9 @@ function get_search_form() {
|
||||||
*/
|
*/
|
||||||
function wp_loginout($redirect = '') {
|
function wp_loginout($redirect = '') {
|
||||||
if ( ! is_user_logged_in() )
|
if ( ! is_user_logged_in() )
|
||||||
$link = '<a href="' . clean_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
|
$link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
|
||||||
else
|
else
|
||||||
$link = '<a href="' . clean_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>';
|
$link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>';
|
||||||
|
|
||||||
echo apply_filters('loginout', $link);
|
echo apply_filters('loginout', $link);
|
||||||
}
|
}
|
||||||
|
@ -689,7 +689,7 @@ function single_month_title($prefix = '', $display = true ) {
|
||||||
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
|
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
|
||||||
$text = wptexturize($text);
|
$text = wptexturize($text);
|
||||||
$title_text = esc_attr($text);
|
$title_text = esc_attr($text);
|
||||||
$url = clean_url($url);
|
$url = esc_url($url);
|
||||||
|
|
||||||
if ('link' == $format)
|
if ('link' == $format)
|
||||||
$link_html = "\t<link rel='archives' title='$title_text' href='$url' />\n";
|
$link_html = "\t<link rel='archives' title='$title_text' href='$url' />\n";
|
||||||
|
@ -1807,7 +1807,7 @@ function paginate_links( $args = '' ) {
|
||||||
if ( $add_args )
|
if ( $add_args )
|
||||||
$link = add_query_arg( $add_args, $link );
|
$link = add_query_arg( $add_args, $link );
|
||||||
$link .= $add_fragment;
|
$link .= $add_fragment;
|
||||||
$page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>";
|
$page_links[] = "<a class='prev page-numbers' href='" . esc_url($link) . "'>$prev_text</a>";
|
||||||
endif;
|
endif;
|
||||||
for ( $n = 1; $n <= $total; $n++ ) :
|
for ( $n = 1; $n <= $total; $n++ ) :
|
||||||
$n_display = number_format_i18n($n);
|
$n_display = number_format_i18n($n);
|
||||||
|
@ -1821,7 +1821,7 @@ function paginate_links( $args = '' ) {
|
||||||
if ( $add_args )
|
if ( $add_args )
|
||||||
$link = add_query_arg( $add_args, $link );
|
$link = add_query_arg( $add_args, $link );
|
||||||
$link .= $add_fragment;
|
$link .= $add_fragment;
|
||||||
$page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n_display</a>";
|
$page_links[] = "<a class='page-numbers' href='" . esc_url($link) . "'>$n_display</a>";
|
||||||
$dots = true;
|
$dots = true;
|
||||||
elseif ( $dots && !$show_all ) :
|
elseif ( $dots && !$show_all ) :
|
||||||
$page_links[] = "<span class='page-numbers dots'>...</span>";
|
$page_links[] = "<span class='page-numbers dots'>...</span>";
|
||||||
|
@ -1835,7 +1835,7 @@ function paginate_links( $args = '' ) {
|
||||||
if ( $add_args )
|
if ( $add_args )
|
||||||
$link = add_query_arg( $add_args, $link );
|
$link = add_query_arg( $add_args, $link );
|
||||||
$link .= $add_fragment;
|
$link .= $add_fragment;
|
||||||
$page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>";
|
$page_links[] = "<a class='next page-numbers' href='" . esc_url($link) . "'>$next_text</a>";
|
||||||
endif;
|
endif;
|
||||||
switch ( $type ) :
|
switch ( $type ) :
|
||||||
case 'array' :
|
case 'array' :
|
||||||
|
@ -1935,9 +1935,9 @@ function wp_admin_css( $file = 'wp-admin', $force_echo = false ) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file );
|
echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file );
|
||||||
if ( 'rtl' == get_bloginfo( 'text_direction' ) )
|
if ( 'rtl' == get_bloginfo( 'text_direction' ) )
|
||||||
echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" );
|
echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1315,7 +1315,7 @@ function get_next_posts_page_link($max_page = 0) {
|
||||||
* @param boolean $echo Optional. Echo or return;
|
* @param boolean $echo Optional. Echo or return;
|
||||||
*/
|
*/
|
||||||
function next_posts( $max_page = 0, $echo = true ) {
|
function next_posts( $max_page = 0, $echo = true ) {
|
||||||
$output = clean_url( get_next_posts_page_link( $max_page ) );
|
$output = esc_url( get_next_posts_page_link( $max_page ) );
|
||||||
|
|
||||||
if ( $echo )
|
if ( $echo )
|
||||||
echo $output;
|
echo $output;
|
||||||
|
@ -1393,7 +1393,7 @@ function get_previous_posts_page_link() {
|
||||||
* @param boolean $echo Optional. Echo or return;
|
* @param boolean $echo Optional. Echo or return;
|
||||||
*/
|
*/
|
||||||
function previous_posts( $echo = true ) {
|
function previous_posts( $echo = true ) {
|
||||||
$output = clean_url( get_previous_posts_page_link() );
|
$output = esc_url( get_previous_posts_page_link() );
|
||||||
|
|
||||||
if ( $echo )
|
if ( $echo )
|
||||||
echo $output;
|
echo $output;
|
||||||
|
@ -1550,7 +1550,7 @@ function get_next_comments_link( $label = '', $max_page = 0 ) {
|
||||||
if ( empty($label) )
|
if ( empty($label) )
|
||||||
$label = __('Newer Comments »');
|
$label = __('Newer Comments »');
|
||||||
|
|
||||||
return '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>';
|
return '<a href="' . esc_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1587,7 +1587,7 @@ function get_previous_comments_link( $label = '' ) {
|
||||||
if ( empty($label) )
|
if ( empty($label) )
|
||||||
$label = __('« Older Comments');
|
$label = __('« Older Comments');
|
||||||
|
|
||||||
return '<a href="' . clean_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>';
|
return '<a href="' . esc_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -872,7 +872,7 @@ function wp_rss( $url, $num_items = -1 ) {
|
||||||
foreach ( (array) $rss->items as $item ) {
|
foreach ( (array) $rss->items as $item ) {
|
||||||
printf(
|
printf(
|
||||||
'<li><a href="%1$s" title="%2$s">%3$s</a></li>',
|
'<li><a href="%1$s" title="%2$s">%3$s</a></li>',
|
||||||
clean_url( $item['link'] ),
|
esc_url( $item['link'] ),
|
||||||
esc_attr( strip_tags( $item['description'] ) ),
|
esc_attr( strip_tags( $item['description'] ) ),
|
||||||
htmlentities( $item['title'] )
|
htmlentities( $item['title'] )
|
||||||
);
|
);
|
||||||
|
|
|
@ -185,7 +185,7 @@ function get_theme_data( $theme_file ) {
|
||||||
$name = $theme = '';
|
$name = $theme = '';
|
||||||
|
|
||||||
if ( preg_match( '|Theme URI:(.*)$|mi', $theme_data, $theme_uri ) )
|
if ( preg_match( '|Theme URI:(.*)$|mi', $theme_data, $theme_uri ) )
|
||||||
$theme_uri = clean_url( _cleanup_header_comment($theme_uri[1]) );
|
$theme_uri = esc_url( _cleanup_header_comment($theme_uri[1]) );
|
||||||
else
|
else
|
||||||
$theme_uri = '';
|
$theme_uri = '';
|
||||||
|
|
||||||
|
@ -195,7 +195,7 @@ function get_theme_data( $theme_file ) {
|
||||||
$description = '';
|
$description = '';
|
||||||
|
|
||||||
if ( preg_match( '|Author URI:(.*)$|mi', $theme_data, $author_uri ) )
|
if ( preg_match( '|Author URI:(.*)$|mi', $theme_data, $author_uri ) )
|
||||||
$author_uri = clean_url( _cleanup_header_comment($author_uri[1]) );
|
$author_uri = esc_url( _cleanup_header_comment($author_uri[1]) );
|
||||||
else
|
else
|
||||||
$author_uri = '';
|
$author_uri = '';
|
||||||
|
|
||||||
|
|
|
@ -67,9 +67,9 @@ function wp_version_check() {
|
||||||
$new_option = new stdClass();
|
$new_option = new stdClass();
|
||||||
$new_option->response = esc_attr( $returns[0] );
|
$new_option->response = esc_attr( $returns[0] );
|
||||||
if ( isset( $returns[1] ) )
|
if ( isset( $returns[1] ) )
|
||||||
$new_option->url = clean_url( $returns[1] );
|
$new_option->url = esc_url( $returns[1] );
|
||||||
if ( isset( $returns[2] ) )
|
if ( isset( $returns[2] ) )
|
||||||
$new_option->package = clean_url( $returns[2] );
|
$new_option->package = esc_url( $returns[2] );
|
||||||
if ( isset( $returns[3] ) )
|
if ( isset( $returns[3] ) )
|
||||||
$new_option->current = esc_attr( $returns[3] );
|
$new_option->current = esc_attr( $returns[3] );
|
||||||
if ( isset( $returns[4] ) )
|
if ( isset( $returns[4] ) )
|
||||||
|
|
|
@ -15,6 +15,6 @@ $wp_version = '2.8-beta1-11380';
|
||||||
*
|
*
|
||||||
* @global int $wp_db_version
|
* @global int $wp_db_version
|
||||||
*/
|
*/
|
||||||
$wp_db_version = 10850;
|
$wp_db_version = 10851;
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in New Issue