esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
4beb3ab36e
commit
6482610f9a
|
@ -61,7 +61,7 @@ do_action($taxonomy . '_pre_edit_form', $tag, $taxonomy); ?>
|
||||||
<?php endif; // is_taxonomy_hierarchical() ?>
|
<?php endif; // is_taxonomy_hierarchical() ?>
|
||||||
<tr class="form-field">
|
<tr class="form-field">
|
||||||
<th scope="row" valign="top"><label for="description"><?php _ex('Description', 'Taxonomy Description'); ?></label></th>
|
<th scope="row" valign="top"><label for="description"><?php _ex('Description', 'Taxonomy Description'); ?></label></th>
|
||||||
<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br />
|
<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_textarea( $tag->description ); ?></textarea><br />
|
||||||
<span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
|
<span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -350,7 +350,7 @@ class WP_Comments_List_Table extends WP_List_Table {
|
||||||
comment_text();
|
comment_text();
|
||||||
if ( $user_can ) { ?>
|
if ( $user_can ) { ?>
|
||||||
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
|
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
|
||||||
<textarea class="comment" rows="1" cols="1"><?php echo esc_html( apply_filters( 'comment_edit_pre', $comment->comment_content ) ); ?></textarea>
|
<textarea class="comment" rows="1" cols="1"><?php echo esc_textarea( apply_filters( 'comment_edit_pre', $comment->comment_content ) ); ?></textarea>
|
||||||
<div class="author-email"><?php echo esc_attr( $comment->comment_author_email ); ?></div>
|
<div class="author-email"><?php echo esc_attr( $comment->comment_author_email ); ?></div>
|
||||||
<div class="author"><?php echo esc_attr( $comment->comment_author ); ?></div>
|
<div class="author"><?php echo esc_attr( $comment->comment_author ); ?></div>
|
||||||
<div class="author-url"><?php echo esc_attr( $comment->comment_author_url ); ?></div>
|
<div class="author-url"><?php echo esc_attr( $comment->comment_author_url ); ?></div>
|
||||||
|
|
|
@ -518,7 +518,7 @@ function wp_dashboard_quick_press_output() {
|
||||||
|
|
||||||
<h4 id="content-label"><label for="content"><?php _e('Content') ?></label></h4>
|
<h4 id="content-label"><label for="content"><?php _e('Content') ?></label></h4>
|
||||||
<div class="textarea-wrap">
|
<div class="textarea-wrap">
|
||||||
<textarea name="content" id="content" class="mceEditor" rows="3" cols="15" tabindex="2"><?php echo $post->post_content; ?></textarea>
|
<textarea name="content" id="content" class="mceEditor" rows="3" cols="15" tabindex="2"><?php echo esc_textarea( $post->post_content ); ?></textarea>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<script type="text/javascript">edCanvas = document.getElementById('content');edInsertContent = null;</script>
|
<script type="text/javascript">edCanvas = document.getElementById('content');edInsertContent = null;</script>
|
||||||
|
|
|
@ -1282,7 +1282,7 @@ function get_media_item( $attachment_id, $args = null ) {
|
||||||
if ( !empty( $field[ $field['input'] ] ) )
|
if ( !empty( $field[ $field['input'] ] ) )
|
||||||
$item .= $field[ $field['input'] ];
|
$item .= $field[ $field['input'] ];
|
||||||
elseif ( $field['input'] == 'textarea' ) {
|
elseif ( $field['input'] == 'textarea' ) {
|
||||||
$item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_html( $field['value'] ) . '</textarea>';
|
$item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_textarea( $field['value'] ) . '</textarea>';
|
||||||
} else {
|
} else {
|
||||||
$item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />";
|
$item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />";
|
||||||
}
|
}
|
||||||
|
|
|
@ -285,7 +285,7 @@ function post_tags_meta_box($post, $box) {
|
||||||
<div class="jaxtag">
|
<div class="jaxtag">
|
||||||
<div class="nojs-tags hide-if-js">
|
<div class="nojs-tags hide-if-js">
|
||||||
<p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
|
<p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
|
||||||
<textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
|
<textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_textarea( get_terms_to_edit( $post->ID, $tax_name ) ); ?></textarea></div>
|
||||||
<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
|
<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
|
||||||
<div class="ajaxtag hide-if-no-js">
|
<div class="ajaxtag hide-if-no-js">
|
||||||
<label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
|
<label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
|
||||||
|
@ -385,7 +385,7 @@ function post_categories_meta_box( $post, $box ) {
|
||||||
*/
|
*/
|
||||||
function post_excerpt_meta_box($post) {
|
function post_excerpt_meta_box($post) {
|
||||||
?>
|
?>
|
||||||
<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea>
|
<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo esc_textarea( $post->post_excerpt ); ?></textarea>
|
||||||
<p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p>
|
<p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
@ -894,7 +894,7 @@ function link_advanced_meta_box($link) {
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="form-field">
|
<tr class="form-field">
|
||||||
<th valign="top" scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
|
<th valign="top" scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
|
||||||
<td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); ?></textarea></td>
|
<td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo esc_textarea( ( isset( $link->link_notes ) ? $link->link_notes : '') ); ?></textarea></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="form-field">
|
<tr class="form-field">
|
||||||
<th valign="top" scope="row"><label for="link_rating"><?php _e('Rating') ?></label></th>
|
<th valign="top" scope="row"><label for="link_rating"><?php _e('Rating') ?></label></th>
|
||||||
|
|
|
@ -161,7 +161,7 @@ class Walker_Nav_Menu_Edit extends Walker_Nav_Menu {
|
||||||
<p class="field-description description description-wide">
|
<p class="field-description description description-wide">
|
||||||
<label for="edit-menu-item-description-<?php echo $item_id; ?>">
|
<label for="edit-menu-item-description-<?php echo $item_id; ?>">
|
||||||
<?php _e( 'Description' ); ?><br />
|
<?php _e( 'Description' ); ?><br />
|
||||||
<textarea id="edit-menu-item-description-<?php echo $item_id; ?>" class="widefat edit-menu-item-description" rows="3" cols="20" name="menu-item-description[<?php echo $item_id; ?>]"><?php echo esc_html( $item->description ); ?></textarea>
|
<textarea id="edit-menu-item-description-<?php echo $item_id; ?>" class="widefat edit-menu-item-description" rows="3" cols="20" name="menu-item-description[<?php echo $item_id; ?>]"><?php echo esc_textarea( $item->description ); ?></textarea>
|
||||||
<span class="description"><?php _e('The description will be displayed in the menu if the current theme supports it.'); ?></span>
|
<span class="description"><?php _e('The description will be displayed in the menu if the current theme supports it.'); ?></span>
|
||||||
</label>
|
</label>
|
||||||
</p>
|
</p>
|
||||||
|
|
|
@ -483,7 +483,7 @@ function _list_meta_row( $entry, &$count ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
$entry['meta_key'] = esc_attr($entry['meta_key']);
|
$entry['meta_key'] = esc_attr($entry['meta_key']);
|
||||||
$entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
|
$entry['meta_value'] = esc_textarea( $entry['meta_value'] ); // using a <textarea />
|
||||||
$entry['meta_id'] = (int) $entry['meta_id'];
|
$entry['meta_id'] = (int) $entry['meta_id'];
|
||||||
|
|
||||||
$delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] );
|
$delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] );
|
||||||
|
@ -718,7 +718,7 @@ function the_attachment_links( $id = false ) {
|
||||||
<col class="widefat" />
|
<col class="widefat" />
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e( 'URL' ) ?></th>
|
<th scope="row"><?php _e( 'URL' ) ?></th>
|
||||||
<td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><?php echo wp_get_attachment_url(); ?></textarea></td>
|
<td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><?php echo esc_textarea( wp_get_attachment_url() ); ?></textarea></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php if ( $icon ) : ?>
|
<?php if ( $icon ) : ?>
|
||||||
<tr>
|
<tr>
|
||||||
|
|
|
@ -72,7 +72,7 @@ if ( !defined('WP_ALLOW_REPAIR') ) {
|
||||||
$problem_output = array();
|
$problem_output = array();
|
||||||
foreach ( $problems as $table => $problem )
|
foreach ( $problems as $table => $problem )
|
||||||
$problem_output[] = "$table: $problem";
|
$problem_output[] = "$table: $problem";
|
||||||
echo '<textarea name="errors" id="errors" rows="20" cols="60">' . format_to_edit(implode("\n", $problem_output)) . '</textarea>';
|
echo '<textarea name="errors" id="errors" rows="20" cols="60">' . esc_textarea( implode("\n", $problem_output) ) . '</textarea>';
|
||||||
} else {
|
} else {
|
||||||
echo '<p>'.__('Repairs complete. Please remove the following line from wp-config.php to prevent this page from being used by unauthorized users.')."</p><code>define('WP_ALLOW_REPAIR', true);</code>";
|
echo '<p>'.__('Repairs complete. Please remove the following line from wp-config.php to prevent this page from being used by unauthorized users.')."</p><code>define('WP_ALLOW_REPAIR', true);</code>";
|
||||||
}
|
}
|
||||||
|
|
|
@ -368,7 +368,7 @@ define( 'BLOG_ID_CURRENT_SITE', 1 );</textarea>
|
||||||
echo _n( 'This unique authentication key is also missing from your <code>wp-config.php</code> file.', 'These unique authentication keys are also missing from your <code>wp-config.php</code> file.', $num_keys_salts ); ?> <?php _e( 'To make your installation more secure, you should also add:' ) ?></p>
|
echo _n( 'This unique authentication key is also missing from your <code>wp-config.php</code> file.', 'These unique authentication keys are also missing from your <code>wp-config.php</code> file.', $num_keys_salts ); ?> <?php _e( 'To make your installation more secure, you should also add:' ) ?></p>
|
||||||
<textarea class="code" readonly="readonly" cols="100" rows="<?php echo $num_keys_salts; ?>"><?php
|
<textarea class="code" readonly="readonly" cols="100" rows="<?php echo $num_keys_salts; ?>"><?php
|
||||||
foreach ( $keys_salts as $c => $v ) {
|
foreach ( $keys_salts as $c => $v ) {
|
||||||
echo "\ndefine( '$c', '" . wp_htmledit_pre( $v ) . "' );";
|
echo "\ndefine( '$c', '" . esc_textarea( $v ) . "' );";
|
||||||
}
|
}
|
||||||
?></textarea>
|
?></textarea>
|
||||||
<?php
|
<?php
|
||||||
|
@ -456,7 +456,7 @@ define( 'BLOG_ID_CURRENT_SITE', 1 );</textarea>
|
||||||
?>
|
?>
|
||||||
<li><p><?php printf( __( 'Add the following to your <code>web.config</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p>
|
<li><p><?php printf( __( 'Add the following to your <code>web.config</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p>
|
||||||
<textarea class="code" readonly="readonly" cols="100" rows="20">
|
<textarea class="code" readonly="readonly" cols="100" rows="20">
|
||||||
<?php echo wp_htmledit_pre( $web_config_file ); ?>
|
<?php echo esc_textarea( $web_config_file ); ?>
|
||||||
</textarea></li>
|
</textarea></li>
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
|
@ -485,7 +485,7 @@ RewriteRule ^ - [L]';
|
||||||
?>
|
?>
|
||||||
<li><p><?php printf( __( 'Add the following to your <code>.htaccess</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p>
|
<li><p><?php printf( __( 'Add the following to your <code>.htaccess</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p>
|
||||||
<textarea class="code" readonly="readonly" cols="100" rows="<?php echo $subdomain_install ? 11 : 16; ?>">
|
<textarea class="code" readonly="readonly" cols="100" rows="<?php echo $subdomain_install ? 11 : 16; ?>">
|
||||||
<?php echo wp_htmledit_pre( $htaccess_file ); ?></textarea></li>
|
<?php echo esc_textarea( $htaccess_file ); ?></textarea></li>
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
<?php endif; // end IIS/Apache code branches.
|
<?php endif; // end IIS/Apache code branches.
|
||||||
|
|
|
@ -121,7 +121,7 @@ if (isset($_GET['updated'])) {
|
||||||
<?php $limited_email_domains = get_site_option( 'limited_email_domains' );
|
<?php $limited_email_domains = get_site_option( 'limited_email_domains' );
|
||||||
$limited_email_domains = str_replace( ' ', "\n", $limited_email_domains ); ?>
|
$limited_email_domains = str_replace( ' ', "\n", $limited_email_domains ); ?>
|
||||||
<textarea name="limited_email_domains" id="limited_email_domains" cols="45" rows="5">
|
<textarea name="limited_email_domains" id="limited_email_domains" cols="45" rows="5">
|
||||||
<?php echo wp_htmledit_pre( $limited_email_domains == '' ? '' : implode( "\n", (array) $limited_email_domains ) ); ?></textarea>
|
<?php echo esc_textarea( $limited_email_domains == '' ? '' : implode( "\n", (array) $limited_email_domains ) ); ?></textarea>
|
||||||
<br />
|
<br />
|
||||||
<?php _e( 'If you want to limit site registrations to certain domains. One domain per line.' ) ?>
|
<?php _e( 'If you want to limit site registrations to certain domains. One domain per line.' ) ?>
|
||||||
</td>
|
</td>
|
||||||
|
@ -131,7 +131,7 @@ if (isset($_GET['updated'])) {
|
||||||
<th scope="row"><label for="banned_email_domains"><?php _e('Banned Email Domains') ?></label></th>
|
<th scope="row"><label for="banned_email_domains"><?php _e('Banned Email Domains') ?></label></th>
|
||||||
<td>
|
<td>
|
||||||
<textarea name="banned_email_domains" id="banned_email_domains" cols="45" rows="5">
|
<textarea name="banned_email_domains" id="banned_email_domains" cols="45" rows="5">
|
||||||
<?php echo wp_htmledit_pre( get_site_option( 'banned_email_domains' ) == '' ? '' : implode( "\n", (array) get_site_option( 'banned_email_domains' ) ) ); ?></textarea>
|
<?php echo esc_textarea( get_site_option( 'banned_email_domains' ) == '' ? '' : implode( "\n", (array) get_site_option( 'banned_email_domains' ) ) ); ?></textarea>
|
||||||
<br />
|
<br />
|
||||||
<?php _e( 'If you want to ban domains from site registrations. One domain per line.' ) ?>
|
<?php _e( 'If you want to ban domains from site registrations. One domain per line.' ) ?>
|
||||||
</td>
|
</td>
|
||||||
|
@ -145,7 +145,7 @@ if (isset($_GET['updated'])) {
|
||||||
<th scope="row"><label for="welcome_email"><?php _e( 'Welcome Email' ) ?></label></th>
|
<th scope="row"><label for="welcome_email"><?php _e( 'Welcome Email' ) ?></label></th>
|
||||||
<td>
|
<td>
|
||||||
<textarea name="welcome_email" id="welcome_email" rows="5" cols="45" class="large-text">
|
<textarea name="welcome_email" id="welcome_email" rows="5" cols="45" class="large-text">
|
||||||
<?php echo wp_htmledit_pre( stripslashes( get_site_option( 'welcome_email' ) ) ) ?></textarea>
|
<?php echo esc_textarea( stripslashes( get_site_option( 'welcome_email' ) ) ) ?></textarea>
|
||||||
<br />
|
<br />
|
||||||
<?php _e( 'The welcome email sent to new site owners.' ) ?>
|
<?php _e( 'The welcome email sent to new site owners.' ) ?>
|
||||||
</td>
|
</td>
|
||||||
|
@ -154,7 +154,7 @@ if (isset($_GET['updated'])) {
|
||||||
<th scope="row"><label for="welcome_user_email"><?php _e( 'Welcome User Email' ) ?></label></th>
|
<th scope="row"><label for="welcome_user_email"><?php _e( 'Welcome User Email' ) ?></label></th>
|
||||||
<td>
|
<td>
|
||||||
<textarea name="welcome_user_email" id="welcome_user_email" rows="5" cols="45" class="large-text">
|
<textarea name="welcome_user_email" id="welcome_user_email" rows="5" cols="45" class="large-text">
|
||||||
<?php echo wp_htmledit_pre( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?></textarea>
|
<?php echo esc_textarea( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?></textarea>
|
||||||
<br />
|
<br />
|
||||||
<?php _e( 'The welcome email sent to new users.' ) ?>
|
<?php _e( 'The welcome email sent to new users.' ) ?>
|
||||||
</td>
|
</td>
|
||||||
|
@ -163,7 +163,7 @@ if (isset($_GET['updated'])) {
|
||||||
<th scope="row"><label for="first_post"><?php _e( 'First Post' ) ?></label></th>
|
<th scope="row"><label for="first_post"><?php _e( 'First Post' ) ?></label></th>
|
||||||
<td>
|
<td>
|
||||||
<textarea name="first_post" id="first_post" rows="5" cols="45" class="large-text">
|
<textarea name="first_post" id="first_post" rows="5" cols="45" class="large-text">
|
||||||
<?php echo wp_htmledit_pre( stripslashes( get_site_option( 'first_post' ) ) ) ?></textarea>
|
<?php echo esc_textarea( stripslashes( get_site_option( 'first_post' ) ) ) ?></textarea>
|
||||||
<br />
|
<br />
|
||||||
<?php _e( 'The first post on a new site.' ) ?>
|
<?php _e( 'The first post on a new site.' ) ?>
|
||||||
</td>
|
</td>
|
||||||
|
@ -172,7 +172,7 @@ if (isset($_GET['updated'])) {
|
||||||
<th scope="row"><label for="first_page"><?php _e( 'First Page' ) ?></label></th>
|
<th scope="row"><label for="first_page"><?php _e( 'First Page' ) ?></label></th>
|
||||||
<td>
|
<td>
|
||||||
<textarea name="first_page" id="first_page" rows="5" cols="45" class="large-text">
|
<textarea name="first_page" id="first_page" rows="5" cols="45" class="large-text">
|
||||||
<?php echo wp_htmledit_pre( stripslashes( get_site_option('first_page') ) ) ?></textarea>
|
<?php echo esc_textarea( stripslashes( get_site_option('first_page') ) ) ?></textarea>
|
||||||
<br />
|
<br />
|
||||||
<?php _e( 'The first page on a new site.' ) ?>
|
<?php _e( 'The first page on a new site.' ) ?>
|
||||||
</td>
|
</td>
|
||||||
|
@ -181,7 +181,7 @@ if (isset($_GET['updated'])) {
|
||||||
<th scope="row"><label for="first_comment"><?php _e( 'First Comment' ) ?></label></th>
|
<th scope="row"><label for="first_comment"><?php _e( 'First Comment' ) ?></label></th>
|
||||||
<td>
|
<td>
|
||||||
<textarea name="first_comment" id="first_comment" rows="5" cols="45" class="large-text">
|
<textarea name="first_comment" id="first_comment" rows="5" cols="45" class="large-text">
|
||||||
<?php echo wp_htmledit_pre( stripslashes( get_site_option('first_comment') ) ) ?></textarea>
|
<?php echo esc_textarea( stripslashes( get_site_option('first_comment') ) ) ?></textarea>
|
||||||
<br />
|
<br />
|
||||||
<?php _e( 'The first comment on a new site.' ) ?>
|
<?php _e( 'The first comment on a new site.' ) ?>
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -106,7 +106,7 @@ if ( ! empty( $messages ) ) {
|
||||||
?>
|
?>
|
||||||
<tr class="form-field">
|
<tr class="form-field">
|
||||||
<th scope="row"><?php echo ucwords( str_replace( "_", " ", $option->option_name ) ) ?></th>
|
<th scope="row"><?php echo ucwords( str_replace( "_", " ", $option->option_name ) ) ?></th>
|
||||||
<td><textarea class="<?php echo $class; ?>" rows="5" cols="40" name="option[<?php echo esc_attr( $option->option_name ) ?>]" id="<?php echo esc_attr( $option->option_name ) ?>"<?php disabled( $disabled ) ?>><?php echo wp_htmledit_pre( $option->option_value ) ?></textarea></td>
|
<td><textarea class="<?php echo $class; ?>" rows="5" cols="40" name="option[<?php echo esc_attr( $option->option_name ) ?>]" id="<?php echo esc_attr( $option->option_name ) ?>"<?php disabled( $disabled ) ?>><?php echo esc_textarea( $option->option_value ) ?></textarea></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -141,7 +141,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
|
||||||
|
|
||||||
<p><label for="moderation_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the <a href="edit-comments.php?comment_status=moderated">moderation queue</a>. One word or IP per line. It will match inside words, so “press” will match “WordPress”.') ?></label></p>
|
<p><label for="moderation_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the <a href="edit-comments.php?comment_status=moderated">moderation queue</a>. One word or IP per line. It will match inside words, so “press” will match “WordPress”.') ?></label></p>
|
||||||
<p>
|
<p>
|
||||||
<textarea name="moderation_keys" rows="10" cols="50" id="moderation_keys" class="large-text code"><?php form_option('moderation_keys'); ?></textarea>
|
<textarea name="moderation_keys" rows="10" cols="50" id="moderation_keys" class="large-text code"><?php esc_textarea( get_option( 'moderation_keys' ) ); ?></textarea>
|
||||||
</p>
|
</p>
|
||||||
</fieldset></td>
|
</fieldset></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
@ -150,7 +150,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
|
||||||
<td><fieldset><legend class="screen-reader-text"><span><?php _e('Comment Blacklist') ?></span></legend>
|
<td><fieldset><legend class="screen-reader-text"><span><?php _e('Comment Blacklist') ?></span></legend>
|
||||||
<p><label for="blacklist_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.') ?></label></p>
|
<p><label for="blacklist_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.') ?></label></p>
|
||||||
<p>
|
<p>
|
||||||
<textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php form_option('blacklist_keys'); ?></textarea>
|
<textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php esc_textarea( get_option( 'blacklist_keys' ) ); ?></textarea>
|
||||||
</p>
|
</p>
|
||||||
</fieldset></td>
|
</fieldset></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -230,14 +230,14 @@ $structures = array(
|
||||||
<p><?php _e('If your <code>web.config</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this rule inside of the <code>/<configuration>/<system.webServer>/<rewrite>/<rules></code> element in <code>web.config</code> file.') ?></p>
|
<p><?php _e('If your <code>web.config</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this rule inside of the <code>/<configuration>/<system.webServer>/<rewrite>/<rules></code> element in <code>web.config</code> file.') ?></p>
|
||||||
<form action="options-permalink.php" method="post">
|
<form action="options-permalink.php" method="post">
|
||||||
<?php wp_nonce_field('update-permalink') ?>
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
<p><textarea rows="9" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>
|
<p><textarea rows="9" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules() ); ?></textarea></p>
|
||||||
</form>
|
</form>
|
||||||
<p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p>
|
<p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p>
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
<p><?php _e('If the root directory of your site were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Create a new file, called <code>web.config</code> in the root directory of your site. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this code into the <code>web.config</code> file.') ?></p>
|
<p><?php _e('If the root directory of your site were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Create a new file, called <code>web.config</code> in the root directory of your site. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this code into the <code>web.config</code> file.') ?></p>
|
||||||
<form action="options-permalink.php" method="post">
|
<form action="options-permalink.php" method="post">
|
||||||
<?php wp_nonce_field('update-permalink') ?>
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
<p><textarea rows="18" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->iis7_url_rewrite_rules(true)); ?></textarea></p>
|
<p><textarea rows="18" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules(true) ); ?></textarea></p>
|
||||||
</form>
|
</form>
|
||||||
<p><?php _e('If you temporarily make your site’s root directory writable for us to generate the <code>web.config</code> file automatically, do not forget to revert the permissions after the file has been created.') ?></p>
|
<p><?php _e('If you temporarily make your site’s root directory writable for us to generate the <code>web.config</code> file automatically, do not forget to revert the permissions after the file has been created.') ?></p>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
@ -247,7 +247,7 @@ $structures = array(
|
||||||
<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
|
<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
|
||||||
<form action="options-permalink.php" method="post">
|
<form action="options-permalink.php" method="post">
|
||||||
<?php wp_nonce_field('update-permalink') ?>
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
<p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
|
<p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->mod_rewrite_rules() ); ?></textarea></p>
|
||||||
</form>
|
</form>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
|
@ -137,7 +137,7 @@ wp_dropdown_categories(array('hide_empty' => 0, 'name' => 'default_email_categor
|
||||||
|
|
||||||
<p><label for="ping_sites"><?php _e('When you publish a new post, WordPress automatically notifies the following site update services. For more about this, see <a href="http://codex.wordpress.org/Update_Services">Update Services</a> on the Codex. Separate multiple service <abbr title="Universal Resource Locator">URL</abbr>s with line breaks.') ?></label></p>
|
<p><label for="ping_sites"><?php _e('When you publish a new post, WordPress automatically notifies the following site update services. For more about this, see <a href="http://codex.wordpress.org/Update_Services">Update Services</a> on the Codex. Separate multiple service <abbr title="Universal Resource Locator">URL</abbr>s with line breaks.') ?></label></p>
|
||||||
|
|
||||||
<textarea name="ping_sites" id="ping_sites" class="large-text code" rows="3"><?php form_option('ping_sites'); ?></textarea>
|
<textarea name="ping_sites" id="ping_sites" class="large-text code" rows="3"><?php esc_textarea( get_option('ping_sites') ); ?></textarea>
|
||||||
|
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
|
|
||||||
|
|
|
@ -201,7 +201,7 @@ foreach ( (array) $options as $option ) :
|
||||||
<th scope='row'><label for='$name'>" . esc_html( $option->option_name ) . "</label></th>
|
<th scope='row'><label for='$name'>" . esc_html( $option->option_name ) . "</label></th>
|
||||||
<td>";
|
<td>";
|
||||||
if ( strpos( $value, "\n" ) !== false )
|
if ( strpos( $value, "\n" ) !== false )
|
||||||
echo "<textarea class='$class' name='$name' id='$name' cols='30' rows='5'>" . wp_htmledit_pre( $value ) . "</textarea>";
|
echo "<textarea class='$class' name='$name' id='$name' cols='30' rows='5'>" . esc_textarea( $value ) . "</textarea>";
|
||||||
else
|
else
|
||||||
echo "<input class='regular-text $class' type='text' name='$name' id='$name' value='" . esc_attr( $value ) . "'" . disabled( $disabled, true, false ) . " />";
|
echo "<input class='regular-text $class' type='text' name='$name' id='$name' value='" . esc_attr( $value ) . "'" . disabled( $disabled, true, false ) . " />";
|
||||||
echo "</td>
|
echo "</td>
|
||||||
|
|
|
@ -136,7 +136,7 @@ default:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$content = htmlspecialchars( $content );
|
$content = esc_textarea( $content );
|
||||||
?>
|
?>
|
||||||
<?php if (isset($_GET['a'])) : ?>
|
<?php if (isset($_GET['a'])) : ?>
|
||||||
<div id="message" class="updated"><p><?php _e('File edited successfully.') ?></p></div>
|
<div id="message" class="updated"><p><?php _e('File edited successfully.') ?></p></div>
|
||||||
|
|
|
@ -113,7 +113,7 @@ if ( !empty($_REQUEST['ajax']) ) {
|
||||||
<div class="postbox">
|
<div class="postbox">
|
||||||
<h2><label for="embed-code"><?php _e('Embed Code') ?></label></h2>
|
<h2><label for="embed-code"><?php _e('Embed Code') ?></label></h2>
|
||||||
<div class="inside">
|
<div class="inside">
|
||||||
<textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo wp_htmledit_pre( $selection ); ?></textarea>
|
<textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo esc_textarea( $selection ); ?></textarea>
|
||||||
<p id="options"><a href="#" class="select button"><?php _e('Insert Video'); ?></a> <a href="#" class="close button"><?php _e('Cancel'); ?></a></p>
|
<p id="options"><a href="#" class="select button"><?php _e('Insert Video'); ?></a> <a href="#" class="close button"><?php _e('Cancel'); ?></a></p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -116,7 +116,7 @@ default:
|
||||||
$docs_select .= '</select>';
|
$docs_select .= '</select>';
|
||||||
}
|
}
|
||||||
|
|
||||||
$content = htmlspecialchars( $content );
|
$content = esc_textarea( $content );
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -340,7 +340,7 @@ if ( is_multisite() && is_network_admin() && current_user_can( 'manage_network_o
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<tr>
|
<tr>
|
||||||
<th><label for="description"><?php _e('Biographical Info'); ?></label></th>
|
<th><label for="description"><?php _e('Biographical Info'); ?></label></th>
|
||||||
<td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_html($profileuser->description); ?></textarea><br />
|
<td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_textarea( $profileuser->description ); ?></textarea><br />
|
||||||
<span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
|
<span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
|
|
|
@ -399,7 +399,7 @@ class WP_Widget_Text extends WP_Widget {
|
||||||
function form( $instance ) {
|
function form( $instance ) {
|
||||||
$instance = wp_parse_args( (array) $instance, array( 'title' => '', 'text' => '' ) );
|
$instance = wp_parse_args( (array) $instance, array( 'title' => '', 'text' => '' ) );
|
||||||
$title = strip_tags($instance['title']);
|
$title = strip_tags($instance['title']);
|
||||||
$text = format_to_edit($instance['text']);
|
$text = esc_textarea($instance['text']);
|
||||||
?>
|
?>
|
||||||
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label>
|
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label>
|
||||||
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>
|
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></p>
|
||||||
|
|
|
@ -2352,6 +2352,19 @@ function esc_attr( $text ) {
|
||||||
return apply_filters( 'attribute_escape', $safe_text, $text );
|
return apply_filters( 'attribute_escape', $safe_text, $text );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Escaping for textarea values.
|
||||||
|
*
|
||||||
|
* @since 3.1
|
||||||
|
*
|
||||||
|
* @param string $text
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
function esc_textarea( $text ) {
|
||||||
|
$safe_text = htmlspecialchars( $text );
|
||||||
|
return apply_filters( 'esc_textarea', $safe_text, $text );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Escape a HTML tag name.
|
* Escape a HTML tag name.
|
||||||
*
|
*
|
||||||
|
|
|
@ -5123,7 +5123,7 @@ function wp_quickpress_form( $args = array(), $post_type = 'post'){
|
||||||
'capability' => '',
|
'capability' => '',
|
||||||
'output' => '<h4 id="%s-content-label"><label for="content">'. __('Content') .'</label></h4>
|
'output' => '<h4 id="%s-content-label"><label for="content">'. __('Content') .'</label></h4>
|
||||||
<div class="textarea-wrap">
|
<div class="textarea-wrap">
|
||||||
<textarea name="content" id="%s-content" class="mceEditor" rows="3" cols="15" tabindex="%d">'. $post->post_content.'</textarea>
|
<textarea name="content" id="%s-content" class="mceEditor" rows="3" cols="15" tabindex="%d">'. esc_textarea( $post->post_content ) .'</textarea>
|
||||||
</div>
|
</div>
|
||||||
'." <script type='text/javascript'>edCanvas = document.getElementById('content');edInsertContent = null;</script>
|
'." <script type='text/javascript'>edCanvas = document.getElementById('content');edInsertContent = null;</script>
|
||||||
"
|
"
|
||||||
|
|
Loading…
Reference in New Issue