Have get_search_query() escape by default, like it's echoing counterpart the_search_query(). see #12780
git-svn-id: http://svn.automattic.com/wordpress/trunk@13978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
686baae7cc
commit
6efe44acbc
|
@ -167,7 +167,7 @@ else
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo esc_html( $title ); ?> <a href="<?php echo $post_new_file ?>" class="button add-new-h2"><?php echo esc_html_x('Add New', 'post'); ?></a> <?php
|
<h2><?php echo esc_html( $title ); ?> <a href="<?php echo $post_new_file ?>" class="button add-new-h2"><?php echo esc_html_x('Add New', 'post'); ?></a> <?php
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', get_search_query() ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -168,7 +168,7 @@ require_once('admin-header.php');
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo esc_html( $title ); ?> <a href="media-new.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'file'); ?></a> <?php
|
<h2><?php echo esc_html( $title ); ?> <a href="media-new.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'file'); ?></a> <?php
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', get_search_query() ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -18,7 +18,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
|
||||||
if ( is_singular() )
|
if ( is_singular() )
|
||||||
printf(ent2ncr(__('Comments on %s')), get_the_title_rss());
|
printf(ent2ncr(__('Comments on %s')), get_the_title_rss());
|
||||||
elseif ( is_search() )
|
elseif ( is_search() )
|
||||||
printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), esc_attr(get_search_query()));
|
printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), get_search_query() );
|
||||||
else
|
else
|
||||||
printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
|
printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
|
||||||
?></title>
|
?></title>
|
||||||
|
@ -31,7 +31,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
|
||||||
<link rel="self" type="application/atom+xml" href="<?php echo get_post_comments_feed_link('', 'atom'); ?>" />
|
<link rel="self" type="application/atom+xml" href="<?php echo get_post_comments_feed_link('', 'atom'); ?>" />
|
||||||
<id><?php echo get_post_comments_feed_link('', 'atom'); ?></id>
|
<id><?php echo get_post_comments_feed_link('', 'atom'); ?></id>
|
||||||
<?php } elseif(is_search()) { ?>
|
<?php } elseif(is_search()) { ?>
|
||||||
<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo home_url() . '?s=' . esc_attr(get_search_query()); ?>" />
|
<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo home_url() . '?s=' . get_search_query(); ?>" />
|
||||||
<link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link('', 'atom'); ?>" />
|
<link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link('', 'atom'); ?>" />
|
||||||
<id><?php echo get_search_comments_feed_link('', 'atom'); ?></id>
|
<id><?php echo get_search_comments_feed_link('', 'atom'); ?></id>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
|
|
|
@ -156,7 +156,7 @@ function get_search_form($echo = true) {
|
||||||
|
|
||||||
$form = '<form role="search" method="get" id="searchform" action="' . home_url() . '/" >
|
$form = '<form role="search" method="get" id="searchform" action="' . home_url() . '/" >
|
||||||
<div><label class="screen-reader-text" for="s">' . __('Search for:') . '</label>
|
<div><label class="screen-reader-text" for="s">' . __('Search for:') . '</label>
|
||||||
<input type="text" value="' . esc_attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
|
<input type="text" value="' . get_search_query() . '" name="s" id="s" />
|
||||||
<input type="submit" id="searchsubmit" value="'. esc_attr__('Search') .'" />
|
<input type="submit" id="searchsubmit" value="'. esc_attr__('Search') .'" />
|
||||||
</div>
|
</div>
|
||||||
</form>';
|
</form>';
|
||||||
|
@ -1642,7 +1642,7 @@ function feed_links_extra( $args = array() ) {
|
||||||
$title = esc_attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) ));
|
$title = esc_attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) ));
|
||||||
$href = get_author_feed_link( $author_id );
|
$href = get_author_feed_link( $author_id );
|
||||||
} elseif ( is_search() ) {
|
} elseif ( is_search() ) {
|
||||||
$title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
|
$title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) ));
|
||||||
$href = get_search_feed_link();
|
$href = get_search_feed_link();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1825,12 +1825,21 @@ function the_editor($content, $id = 'content', $prev_id = 'title', $media_button
|
||||||
/**
|
/**
|
||||||
* Retrieve the contents of the search WordPress query variable.
|
* Retrieve the contents of the search WordPress query variable.
|
||||||
*
|
*
|
||||||
* @since 2.3.0
|
* The search query string is passed through {@link esc_attr()}
|
||||||
|
* to ensure that it is safe for placing in an html attribute.
|
||||||
*
|
*
|
||||||
|
* @since 2.3.0
|
||||||
|
* @uses esc_attr()
|
||||||
|
*
|
||||||
|
* @param bool $escaped Whether the result is escaped. Default true.
|
||||||
|
* Only use when you are later escaping it. Do not use unescaped.
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
function get_search_query() {
|
function get_search_query( $escaped = true ) {
|
||||||
return apply_filters( 'get_search_query', get_query_var( 's' ) );
|
$query = apply_filters( 'get_search_query', get_query_var( 's' ) );
|
||||||
|
if ( $escaped )
|
||||||
|
$query = esc_attr( $query );
|
||||||
|
return $query;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1839,11 +1848,11 @@ function get_search_query() {
|
||||||
* The search query string is passed through {@link esc_attr()}
|
* The search query string is passed through {@link esc_attr()}
|
||||||
* to ensure that it is safe for placing in an html attribute.
|
* to ensure that it is safe for placing in an html attribute.
|
||||||
*
|
*
|
||||||
* @uses attr
|
* @uses esc_attr()
|
||||||
* @since 2.1.0
|
* @since 2.1.0
|
||||||
*/
|
*/
|
||||||
function the_search_query() {
|
function the_search_query() {
|
||||||
echo esc_attr( apply_filters( 'the_search_query', get_search_query() ) );
|
echo esc_attr( apply_filters( 'the_search_query', get_search_query( false ) ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -686,7 +686,7 @@ function get_search_link( $query = '' ) {
|
||||||
global $wp_rewrite;
|
global $wp_rewrite;
|
||||||
|
|
||||||
if ( empty($query) )
|
if ( empty($query) )
|
||||||
$search = get_search_query();
|
$search = get_search_query( false );
|
||||||
else
|
else
|
||||||
$search = stripslashes($query);
|
$search = stripslashes($query);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue