Escape links by default. Props alexkingorg. see #13051

git-svn-id: http://svn.automattic.com/wordpress/trunk@14347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-05-02 22:53:59 +00:00
parent 3213eab0f8
commit 91354eefee
36 changed files with 186 additions and 140 deletions

View File

@ -105,9 +105,9 @@ if ( function_exists('mb_strlen') ) {
} }
?> ?>
<img id="header-logo" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" alt="" width="32" height="32" /> <img id="header-logo" src="<?php echo includes_url( 'images/blank.gif' ); ?>" alt="" width="32" height="32" />
<h1 id="site-heading" <?php echo $title_class ?>> <h1 id="site-heading" <?php echo $title_class ?>>
<a href="<?php echo trailingslashit( get_bloginfo( 'url' ) ); ?>" title="<?php esc_attr_e('Visit Site') ?>"> <a href="<?php echo trailingslashit( home_url() ); ?>" title="<?php esc_attr_e('Visit Site') ?>">
<span id="site-title"><?php echo $blog_name ?></span> <span id="site-title"><?php echo $blog_name ?></span>
</a> </a>
<?php if ( current_user_can('manage_options') && '1' != get_option('blog_public') ): ?> <?php if ( current_user_can('manage_options') && '1' != get_option('blog_public') ): ?>

View File

@ -156,7 +156,7 @@ if ( isset($_GET['approved']) || isset($_GET['deleted']) || isset($_GET['trashed
if ( $spammed > 0 ) { if ( $spammed > 0 ) {
$ids = isset($_GET['ids']) ? $_GET['ids'] : 0; $ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
$messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />'; $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />';
} }
if ( $unspammed > 0 ) if ( $unspammed > 0 )
@ -164,7 +164,7 @@ if ( isset($_GET['approved']) || isset($_GET['deleted']) || isset($_GET['trashed
if ( $trashed > 0 ) { if ( $trashed > 0 ) {
$ids = isset($_GET['ids']) ? $_GET['ids'] : 0; $ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
$messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />'; $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />';
} }
if ( $untrashed > 0 ) if ( $untrashed > 0 )
@ -176,13 +176,13 @@ if ( isset($_GET['approved']) || isset($_GET['deleted']) || isset($_GET['trashed
if ( $same > 0 && $comment = get_comment( $same ) ) { if ( $same > 0 && $comment = get_comment( $same ) ) {
switch ( $comment->comment_approved ) { switch ( $comment->comment_approved ) {
case '1' : case '1' :
$messages[] = __('This comment is already approved.') . ' <a href="' . esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) ) . '">' . __( 'Edit comment' ) . '</a>'; $messages[] = __('This comment is already approved.') . ' <a href="' . admin_url( "comment.php?action=editcomment&c=$same" ) . '">' . __( 'Edit comment' ) . '</a>';
break; break;
case 'trash' : case 'trash' :
$messages[] = __( 'This comment is already in the Trash.' ) . ' <a href="' . esc_url( admin_url( 'edit-comments.php?comment_status=trash' ) ) . '"> ' . __( 'View Trash' ) . '</a>'; $messages[] = __( 'This comment is already in the Trash.' ) . ' <a href="' . admin_url( 'edit-comments.php?comment_status=trash' ) . '"> ' . __( 'View Trash' ) . '</a>';
break; break;
case 'spam' : case 'spam' :
$messages[] = __( 'This comment is already marked as spam.' ) . ' <a href="' . esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) ) . '">' . __( 'Edit comment' ) . '</a>'; $messages[] = __( 'This comment is already marked as spam.' ) . ' <a href="' . admin_url( "comment.php?action=editcomment&c=$same" ) . '">' . __( 'Edit comment' ) . '</a>';
break; break;
} }
} }

View File

@ -36,32 +36,32 @@ $action = isset($action) ? $action : '';
$messages = array(); $messages = array();
$messages['post'] = array( $messages['post'] = array(
'', '',
sprintf( __('Post updated. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ), sprintf( __('Post updated. <a href="%s">View post</a>'), get_permalink($post_ID) ),
__('Custom field updated.'), __('Custom field updated.'),
__('Custom field deleted.'), __('Custom field deleted.'),
__('Post updated.'), __('Post updated.'),
/* translators: %s: date and time of the revision */ /* translators: %s: date and time of the revision */
isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false,
sprintf( __('Post published. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ), sprintf( __('Post published. <a href="%s">View post</a>'), get_permalink($post_ID) ),
__('Post saved.'), __('Post saved.'),
sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
sprintf( __('Post scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview post</a>'), sprintf( __('Post scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview post</a>'),
// translators: Publish box date format, see http://php.net/date // translators: Publish box date format, see http://php.net/date
date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),
sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
); );
$messages['page'] = array( $messages['page'] = array(
'', '',
sprintf( __('Page updated. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ), sprintf( __('Page updated. <a href="%s">View page</a>'), get_permalink($post_ID) ),
__('Custom field updated.'), __('Custom field updated.'),
__('Custom field deleted.'), __('Custom field deleted.'),
__('Page updated.'), __('Page updated.'),
isset($_GET['revision']) ? sprintf( __('Page restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, isset($_GET['revision']) ? sprintf( __('Page restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false,
sprintf( __('Page published. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ), sprintf( __('Page published. <a href="%s">View page</a>'), get_permalink($post_ID) ),
__('Page saved.'), __('Page saved.'),
sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),
sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
); );
$message = false; $message = false;

View File

@ -199,7 +199,7 @@ if ( isset($_GET['deleted']) && (int) $_GET['deleted'] ) {
if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) { if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) {
printf( _n( 'Item moved to the trash.', '%s items moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) ); printf( _n( 'Item moved to the trash.', '%s items moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) );
$ids = isset($_GET['ids']) ? $_GET['ids'] : 0; $ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
echo ' <a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) ) . '">' . __('Undo') . '</a><br />'; echo ' <a href="' . wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) . '">' . __('Undo') . '</a><br />';
unset($_GET['trashed']); unset($_GET['trashed']);
} }
@ -366,8 +366,8 @@ if ( $is_trash && current_user_can($post_type_object->edit_others_cap) ) { ?>
<?php } ?> <?php } ?>
<div class="view-switch"> <div class="view-switch">
<a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a> <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
<a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a> <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
</div> </div>
<div class="clear"></div> <div class="clear"></div>

View File

@ -976,7 +976,7 @@ class LJ_API_Import {
if ( next_counter <= 0 ) { if ( next_counter <= 0 ) {
if ( jQuery( '#<?php echo $id ?>' ).length ) { if ( jQuery( '#<?php echo $id ?>' ).length ) {
jQuery( "#<?php echo $id ?> input[type='submit']" ).hide(); jQuery( "#<?php echo $id ?> input[type='submit']" ).hide();
str = '<?php _e( "Continuing&#8230;" ) ?> <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="processing" align="top" />'; str = '<?php _e( "Continuing&#8230;" ) ?> <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" id="processing" align="top" />';
jQuery( '#<?php echo $msg ?>' ).html( str ); jQuery( '#<?php echo $msg ?>' ).html( str );
jQuery( '#<?php echo $id ?>' ).submit(); jQuery( '#<?php echo $id ?>' ).submit();
return; return;
@ -1005,7 +1005,7 @@ class LJ_API_Import {
if ( jQuery( '#<?php echo $id ?>' ).length ) { if ( jQuery( '#<?php echo $id ?>' ).length ) {
jQuery( "#<?php echo $id ?> input[type='submit']" ).hide(); jQuery( "#<?php echo $id ?> input[type='submit']" ).hide();
jQuery.ajaxSetup({'timeout':3600000}); jQuery.ajaxSetup({'timeout':3600000});
str = '<?php _e( "Processing next batch." ) ?> <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="processing" align="top" />'; str = '<?php _e( "Processing next batch." ) ?> <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" id="processing" align="top" />';
jQuery( '#<?php echo $msg ?>' ).html( str ); jQuery( '#<?php echo $msg ?>' ).html( str );
jQuery('#ljapi-status').load(ajaxurl, {'action':'lj-importer', jQuery('#ljapi-status').load(ajaxurl, {'action':'lj-importer',
'import':'livejournal', 'import':'livejournal',

View File

@ -383,14 +383,14 @@ function wp_dashboard_quick_press() {
$drafts = false; $drafts = false;
if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) { if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) {
$view = get_permalink( $_POST['post_ID'] ); $view = get_permalink( $_POST['post_ID'] );
$edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) ); $edit = get_edit_post_link( $_POST['post_ID'] );
if ( 'post-quickpress-publish' == $_POST['action'] ) { if ( 'post-quickpress-publish' == $_POST['action'] ) {
if ( current_user_can('publish_posts') ) if ( current_user_can('publish_posts') )
printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit ); printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', $view , $edit );
else else
printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', add_query_arg( 'preview', 1, $view ), $edit );
} else { } else {
printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', add_query_arg( 'preview', 1, $view ), $edit );
$drafts_query = new WP_Query( array( $drafts_query = new WP_Query( array(
'post_type' => 'post', 'post_type' => 'post',
'post_status' => 'draft', 'post_status' => 'draft',
@ -410,7 +410,7 @@ function wp_dashboard_quick_press() {
$post = get_default_post_to_edit(); $post = get_default_post_to_edit();
?> ?>
<form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press"> <form name="post" action="<?php echo admin_url( 'post.php' ); ?>" method="post" id="quick-press">
<h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4> <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
<div class="input-text-wrap"> <div class="input-text-wrap">
<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo esc_attr( $post->post_title ); ?>" /> <input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo esc_attr( $post->post_title ); ?>" />
@ -443,7 +443,7 @@ function wp_dashboard_quick_press() {
<input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" /> <input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" />
<span id="publishing-action"> <span id="publishing-action">
<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php current_user_can('publish_posts') ? esc_attr_e('Publish') : esc_attr_e('Submit for Review'); ?>" /> <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php current_user_can('publish_posts') ? esc_attr_e('Publish') : esc_attr_e('Submit for Review'); ?>" />
<img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" /> <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" />
</span> </span>
<br class="clear" /> <br class="clear" />
</p> </p>
@ -558,7 +558,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
$comment_post_url = get_edit_post_link( $comment->comment_post_ID ); $comment_post_url = get_edit_post_link( $comment->comment_post_ID );
$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>"; $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; $comment_link = '<a class="comment-link" href="' . get_comment_link() . '">#</a>';
$actions_string = ''; $actions_string = '';
if ( current_user_can('edit_post', $comment->comment_post_ID) ) { if ( current_user_can('edit_post', $comment->comment_post_ID) ) {

View File

@ -1223,7 +1223,7 @@ function get_media_item( $attachment_id, $args = null ) {
$image_edit_button = ''; $image_edit_button = '';
if ( gd_edit_image_support( $post->post_mime_type ) ) { if ( gd_edit_image_support( $post->post_mime_type ) ) {
$nonce = wp_create_nonce( "image_editor-$post->ID" ); $nonce = wp_create_nonce( "image_editor-$post->ID" );
$image_edit_button = "<input type='button' id='imgedit-open-btn-$post->ID' onclick='imageEdit.open( $post->ID, \"$nonce\" )' class='button' value='" . esc_attr__( 'Edit Image' ) . "' /> <img src='" . esc_url( admin_url( 'images/wpspin_light.gif' ) ) . "' class='imgedit-wait-spin' alt='' />"; $image_edit_button = "<input type='button' id='imgedit-open-btn-$post->ID' onclick='imageEdit.open( $post->ID, \"$nonce\" )' class='button' value='" . esc_attr__( 'Edit Image' ) . "' /> <img src='" . admin_url( 'images/wpspin_light.gif' ) . "' class='imgedit-wait-spin' alt='' />";
} }
$attachment_url = get_permalink( $attachment_id ); $attachment_url = get_permalink( $attachment_id );
@ -1640,7 +1640,7 @@ var addExtImage = {
document.getElementById('go_button').style.color = '#bbb'; document.getElementById('go_button').style.color = '#bbb';
if ( ! document.forms[0].src.value ) if ( ! document.forms[0].src.value )
document.getElementById('status_img').innerHTML = '*'; document.getElementById('status_img').innerHTML = '*';
else document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/no.png' ) ); ?>" alt="" />'; else document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/no.png' ); ?>" alt="" />';
}, },
updateImageData : function() { updateImageData : function() {
@ -1649,7 +1649,7 @@ var addExtImage = {
t.width = t.preloadImg.width; t.width = t.preloadImg.width;
t.height = t.preloadImg.height; t.height = t.preloadImg.height;
document.getElementById('go_button').style.color = '#333'; document.getElementById('go_button').style.color = '#333';
document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/yes.png' ) ); ?>" alt="" />'; document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/yes.png' ); ?>" alt="" />';
}, },
getImageData : function() { getImageData : function() {
@ -1659,7 +1659,7 @@ var addExtImage = {
t.resetImageData(); t.resetImageData();
return false; return false;
} }
document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />'; document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />';
t.preloadImg = new Image(); t.preloadImg = new Image();
t.preloadImg.onload = t.updateImageData; t.preloadImg.onload = t.updateImageData;
t.preloadImg.onerror = t.resetImageData; t.preloadImg.onerror = t.resetImageData;

View File

@ -37,10 +37,10 @@ function post_submit_meta_box($post) {
<div id="preview-action"> <div id="preview-action">
<?php <?php
if ( 'publish' == $post->post_status ) { if ( 'publish' == $post->post_status ) {
$preview_link = esc_url(get_permalink($post->ID)); $preview_link = get_permalink($post->ID);
$preview_button = __('Preview Changes'); $preview_button = __('Preview Changes');
} else { } else {
$preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); $preview_link = apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)));
$preview_button = __('Preview'); $preview_button = __('Preview');
} }
?> ?>
@ -204,7 +204,7 @@ if ( current_user_can( "delete_post", $post->ID ) ) {
</div> </div>
<div id="publishing-action"> <div id="publishing-action">
<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" id="ajax-loading" style="visibility:hidden;" alt="" /> <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" id="ajax-loading" style="visibility:hidden;" alt="" />
<?php <?php
if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) { if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) {
if ( $can_publish ) : if ( $can_publish ) :
@ -451,7 +451,7 @@ function post_comment_meta_box($post) {
</tr></thead> </tr></thead>
<tbody id="the-comment-list" class="list:comment"></tbody> <tbody id="the-comment-list" class="list:comment"></tbody>
</table> </table>
<p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /></p> <p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" /></p>
<?php <?php
$hidden = get_hidden_meta_boxes('post'); $hidden = get_hidden_meta_boxes('post');
if ( ! in_array('commentsdiv', $hidden) ) { ?> if ( ! in_array('commentsdiv', $hidden) ) { ?>

View File

@ -210,7 +210,7 @@ function confirm_delete_users( $users ) {
foreach ( (array) $blogs as $key => $details ) { foreach ( (array) $blogs as $key => $details ) {
$blog_users = get_users_of_blog( $details->userblog_id ); $blog_users = get_users_of_blog( $details->userblog_id );
if ( is_array( $blog_users ) && !empty( $blog_users ) ) { if ( is_array( $blog_users ) && !empty( $blog_users ) ) {
$user_site = "<a href='" . esc_url( get_home_url( $details->userblog_id ) ) . "'>{$details->blogname}</a>"; $user_site = "<a href='" . get_home_url( $details->userblog_id ) . "'>{$details->blogname}</a>";
$user_dropdown = "<select name='blog[$val][{$key}]'>"; $user_dropdown = "<select name='blog[$val][{$key}]'>";
$user_list = ''; $user_list = '';
foreach ( $blog_users as $user ) { foreach ( $blog_users as $user ) {
@ -300,7 +300,7 @@ Regards,
All at ###SITENAME### All at ###SITENAME###
###SITEURL### "), $new_admin_email ); ###SITEURL### "), $new_admin_email );
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'options.php?adminhash='.$hash ) ), $content ); $content = str_replace( '###ADMIN_URL###', admin_url( 'options.php?adminhash='.$hash ), $content );
$content = str_replace( '###EMAIL###', $value, $content ); $content = str_replace( '###EMAIL###', $value, $content );
$content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
$content = str_replace( '###SITEURL###', network_home_url(), $content ); $content = str_replace( '###SITEURL###', network_home_url(), $content );
@ -352,7 +352,7 @@ Regards,
All at ###SITENAME### All at ###SITENAME###
###SITEURL###" ), $new_user_email ); ###SITEURL###" ), $new_user_email );
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content ); $content = str_replace( '###ADMIN_URL###', admin_url( 'profile.php?newuseremail='.$hash ), $content );
$content = str_replace( '###EMAIL###', $_POST['email'], $content); $content = str_replace( '###EMAIL###', $_POST['email'], $content);
$content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
$content = str_replace( '###SITEURL###', network_home_url(), $content ); $content = str_replace( '###SITEURL###', network_home_url(), $content );
@ -481,7 +481,7 @@ function dashboard_quota() {
<div class="table table_content musubtable"> <div class="table table_content musubtable">
<table> <table>
<tr class="first"> <tr class="first">
<td class="first b b-posts"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB</a>' ), esc_url( admin_url( 'upload.php' ) ), $quota ); ?></td> <td class="first b b-posts"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB</a>' ), admin_url( 'upload.php' ), $quota ); ?></td>
<td class="t posts"><?php _e( 'Space Allowed' ); ?></td> <td class="t posts"><?php _e( 'Space Allowed' ); ?></td>
</tr> </tr>
</table> </table>
@ -489,7 +489,7 @@ function dashboard_quota() {
<div class="table table_discussion musubtable"> <div class="table table_discussion musubtable">
<table> <table>
<tr class="first"> <tr class="first">
<td class="b b-comments"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB (%3$s%%)</a>' ), esc_url( admin_url( 'upload.php' ) ), $used, $percentused ); ?></td> <td class="b b-comments"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB (%3$s%%)</a>' ), admin_url( 'upload.php' ), $used, $percentused ); ?></td>
<td class="last t comments <?php echo $used_color;?>"><?php _e( 'Space Used' );?></td> <td class="last t comments <?php echo $used_color;?>"><?php _e( 'Space Used' );?></td>
</tr> </tr>
</table> </table>
@ -709,7 +709,7 @@ function site_admin_notice() {
if ( !is_super_admin() ) if ( !is_super_admin() )
return false; return false;
if ( get_site_option( 'wpmu_upgrade_site' ) != $wp_db_version ) if ( get_site_option( 'wpmu_upgrade_site' ) != $wp_db_version )
echo "<div class='update-nag'>" . sprintf( __( 'Thank you for Updating! Please visit the <a href="%s">Update Network</a> page to update all your sites.' ), esc_url( admin_url( 'ms-upgrade-network.php' ) ) ) . "</div>"; echo "<div class='update-nag'>" . sprintf( __( 'Thank you for Updating! Please visit the <a href="%s">Update Network</a> page to update all your sites.' ), admin_url( 'ms-upgrade-network.php' ) ) . "</div>";
} }
add_action( 'admin_notices', 'site_admin_notice' ); add_action( 'admin_notices', 'site_admin_notice' );
@ -754,7 +754,7 @@ function choose_primary_blog() {
<?php foreach( (array) $all_blogs as $blog ) { <?php foreach( (array) $all_blogs as $blog ) {
if ( $primary_blog == $blog->userblog_id ) if ( $primary_blog == $blog->userblog_id )
$found = true; $found = true;
?><option value="<?php echo $blog->userblog_id ?>"<?php selected( $primary_blog, $blog->userblog_id ); ?>><?php echo esc_url( get_home_url( $blog->userblog_id ) ) ?></option><?php ?><option value="<?php echo $blog->userblog_id ?>"<?php selected( $primary_blog, $blog->userblog_id ); ?>><?php echo get_home_url( $blog->userblog_id ) ?></option><?php
} ?> } ?>
</select> </select>
<?php <?php
@ -782,7 +782,7 @@ function show_post_thumbnail_warning() {
return; return;
$mu_media_buttons = get_site_option( 'mu_media_buttons', array() ); $mu_media_buttons = get_site_option( 'mu_media_buttons', array() );
if ( empty($mu_media_buttons['image']) && current_theme_supports( 'post-thumbnails' ) ) { if ( empty($mu_media_buttons['image']) && current_theme_supports( 'post-thumbnails' ) ) {
echo "<div class='update-nag'>" . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on <a href='%s'>the options page</a> for it to work." ), esc_url( admin_url( 'ms-options.php' ) ) ) . "</div>"; echo "<div class='update-nag'>" . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on <a href='%s'>the options page</a> for it to work." ), admin_url( 'ms-options.php' ) ) . "</div>";
} }
} }
add_action( 'admin_notices', 'show_post_thumbnail_warning' ); add_action( 'admin_notices', 'show_post_thumbnail_warning' );
@ -803,7 +803,7 @@ add_action( 'admin_notices', 'ms_deprecated_blogs_file' );
* @return none * @return none
*/ */
function _admin_notice_multisite_activate_plugins_page() { function _admin_notice_multisite_activate_plugins_page() {
$message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '<a href="' . esc_url( admin_url( 'ms-options.php#menu' ) ) . '">' . __( 'Activate' ) . '</a>' ); $message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '<a href="' . admin_url( 'ms-options.php#menu' ) . '">' . __( 'Activate' ) . '</a>' );
echo "<div class='error'><p>$message</p></div>"; echo "<div class='error'><p>$message</p></div>";
} }

View File

@ -450,7 +450,7 @@ function wp_nav_menu_item_link_meta_box() {
<p class="button-controls"> <p class="button-controls">
<span class="add-to-menu"> <span class="add-to-menu">
<img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
<input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-custom-menu-item" /> <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-custom-menu-item" />
</span> </span>
</p> </p>
@ -639,7 +639,7 @@ function wp_nav_menu_item_post_type_meta_box( $object, $post_type ) {
</span> </span>
<span class="add-to-menu"> <span class="add-to-menu">
<img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
<input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-post-type-menu-item" /> <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-post-type-menu-item" />
</span> </span>
</p> </p>
@ -807,7 +807,7 @@ function wp_nav_menu_item_taxonomy_meta_box( $object, $taxonomy ) {
</span> </span>
<span class="add-to-menu"> <span class="add-to-menu">
<img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
<input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-taxonomy-menu-item" /> <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-taxonomy-menu-item" />
</span> </span>
</p> </p>

View File

@ -147,7 +147,7 @@ function install_dashboard() {
$tags = array(); $tags = array();
foreach ( (array)$api_tags as $tag ) foreach ( (array)$api_tags as $tag )
$tags[ $tag['name'] ] = (object) array( $tags[ $tag['name'] ] = (object) array(
'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ), 'link' => admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])),
'name' => $tag['name'], 'name' => $tag['name'],
'id' => sanitize_title_with_dashes($tag['name']), 'id' => sanitize_title_with_dashes($tag['name']),
'count' => $tag['count'] ); 'count' => $tag['count'] );

View File

@ -822,7 +822,7 @@ function add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $func
add_action( $hookname, $function ); add_action( $hookname, $function );
if ( empty($icon_url) ) if ( empty($icon_url) )
$icon_url = esc_url( admin_url( 'images/generic.png' ) ); $icon_url = admin_url( 'images/generic.png' );
elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') ) elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') )
$icon_url = 'https://' . substr($icon_url, 7); $icon_url = 'https://' . substr($icon_url, 7);

View File

@ -65,7 +65,7 @@ function inline_edit_term_row($type, $taxonomy) {
<a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a> <a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a>
<?php $update_text = sprintf( __('Update %s'), $tax->singular_label ); ?> <?php $update_text = sprintf( __('Update %s'), $tax->singular_label ); ?>
<a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a> <a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
<img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
<span class="error" style="display:none;"></span> <span class="error" style="display:none;"></span>
<?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?> <?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?>
<input type="hidden" name="taxonomy" value="<?php echo esc_attr( $tax->name ); ?>" /> <input type="hidden" name="taxonomy" value="<?php echo esc_attr( $tax->name ); ?>" />
@ -613,7 +613,7 @@ function wp_manage_posts_columns( $screen = '') {
$posts_columns['tags'] = __('Tags'); $posts_columns['tags'] = __('Tags');
$post_status = !empty($_REQUEST['post_status']) ? $_REQUEST['post_status'] : 'all'; $post_status = !empty($_REQUEST['post_status']) ? $_REQUEST['post_status'] : 'all';
if ( !in_array( $post_status, array('pending', 'draft', 'future') ) && ( empty($post_type) || post_type_supports($post_type, 'comments') ) ) if ( !in_array( $post_status, array('pending', 'draft', 'future') ) && ( empty($post_type) || post_type_supports($post_type, 'comments') ) )
$posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></div>'; $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . admin_url( 'images/comment-grey-bubble.png' ) . '" /></div>';
$posts_columns['date'] = __('Date'); $posts_columns['date'] = __('Date');
if ( 'page' == $post_type ) if ( 'page' == $post_type )
@ -643,7 +643,7 @@ function wp_manage_media_columns() {
//$posts_columns['tags'] = _x('Tags', 'column name'); //$posts_columns['tags'] = _x('Tags', 'column name');
/* translators: column name */ /* translators: column name */
$posts_columns['parent'] = _x('Attached to', 'column name'); $posts_columns['parent'] = _x('Attached to', 'column name');
$posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></div>'; $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . admin_url( 'images/comment-grey-bubble.png' ) . '" /></div>';
//$posts_columns['comments'] = __('Comments'); //$posts_columns['comments'] = __('Comments');
/* translators: column name */ /* translators: column name */
$posts_columns['date'] = _x('Date', 'column name'); $posts_columns['date'] = _x('Date', 'column name');
@ -1153,7 +1153,7 @@ endif; // post_type_supports comments or pings ?>
$update_text = __( 'Update' ); $update_text = __( 'Update' );
?> ?>
<a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a> <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a>
<img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
<?php } else { <?php } else {
$update_text = __( 'Update' ); $update_text = __( 'Update' );
?> ?>
@ -1818,7 +1818,7 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
if ($current_user->ID == $user_object->ID) { if ($current_user->ID == $user_object->ID) {
$edit_link = 'profile.php'; $edit_link = 'profile.php';
} else { } else {
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) ); $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) );
} }
$edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />"; $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />";
@ -2012,7 +2012,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
$post_type_object = get_post_type_object($post->post_type); $post_type_object = get_post_type_object($post->post_type);
$user_can = current_user_can($post_type_object->edit_cap, $post->ID); $user_can = current_user_can($post_type_object->edit_cap, $post->ID);
$comment_url = esc_url(get_comment_link($comment->comment_ID)); $comment_url = get_comment_link($comment->comment_ID);
$author_url = get_comment_author_url(); $author_url = get_comment_author_url();
if ( 'http://' == $author_url ) if ( 'http://' == $author_url )
$author_url = ''; $author_url = '';
@ -2068,7 +2068,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
if ( $comment->comment_parent ) { if ( $comment->comment_parent ) {
$parent = get_comment( $comment->comment_parent ); $parent = get_comment( $comment->comment_parent );
$parent_link = esc_url( get_comment_link( $comment->comment_parent ) ); $parent_link = get_comment_link( $comment->comment_parent );
$name = apply_filters( 'get_comment_author', $parent->comment_author ); // there's no API function for this $name = apply_filters( 'get_comment_author', $parent->comment_author ); // there's no API function for this
printf( ' | '.__( 'In reply to <a href="%1$s">%2$s</a>.' ), $parent_link, $name ); printf( ' | '.__( 'In reply to <a href="%1$s">%2$s</a>.' ), $parent_link, $name );
} }
@ -2275,7 +2275,7 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single',
<a href="#comments-form" class="save button-primary alignright" tabindex="104"> <a href="#comments-form" class="save button-primary alignright" tabindex="104">
<span id="savebtn" style="display:none;"><?php _e('Update Comment'); ?></span> <span id="savebtn" style="display:none;"><?php _e('Update Comment'); ?></span>
<span id="replybtn" style="display:none;"><?php _e('Submit Reply'); ?></span></a> <span id="replybtn" style="display:none;"><?php _e('Submit Reply'); ?></span></a>
<img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
<span class="error" style="display:none;"></span> <span class="error" style="display:none;"></span>
<br class="clear" /> <br class="clear" />
</p> </p>

View File

@ -202,7 +202,7 @@ function wp_widget_control( $sidebar_args ) {
<a class="widget-control-close" href="#close"><?php _e('Close'); ?></a> <a class="widget-control-close" href="#close"><?php _e('Close'); ?></a>
</div> </div>
<div class="alignright<?php if ( 'noform' === $has_form ) echo ' widget-control-noform'; ?>"> <div class="alignright<?php if ( 'noform' === $has_form ) echo ' widget-control-noform'; ?>">
<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback " title="" alt="" /> <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" class="ajax-feedback " title="" alt="" />
<input type="submit" name="savewidget" class="button-primary widget-control-save" value="<?php esc_attr_e('Save'); ?>" /> <input type="submit" name="savewidget" class="button-primary widget-control-save" value="<?php esc_attr_e('Save'); ?>" />
</div> </div>
<br class="clear" /> <br class="clear" />

View File

@ -12,7 +12,7 @@ function dvortr( $str ) {
); );
} }
$j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) ); $j = site_url( '/wp-includes/js/jquery/jquery.js' );
$n = esc_html( $GLOBALS['current_user']->data->display_name ); $n = esc_html( $GLOBALS['current_user']->data->display_name );
$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) ); $d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );

View File

@ -37,7 +37,7 @@ if ( isset( $_POST['action'] ) && $_POST['action'] == 'deleteblog' && isset( $_P
$hash = wp_generate_password( 20, false ); $hash = wp_generate_password( 20, false );
update_option( 'delete_blog_hash', $hash ); update_option( 'delete_blog_hash', $hash );
$url_delete = esc_url( admin_url( 'ms-delete-site.php?h=' . $hash ) ); $url_delete = admin_url( 'ms-delete-site.php?h=' . $hash );
$content = apply_filters( 'delete_site_email_content', __( "Dear User, $content = apply_filters( 'delete_site_email_content', __( "Dear User,
You recently clicked the 'Delete Site' link on your site and filled in a You recently clicked the 'Delete Site' link on your site and filled in a

View File

@ -29,7 +29,7 @@ switch ( $_GET['action'] ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
if ( empty( $_POST ) ) if ( empty( $_POST ) )
wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">options page</a>.', esc_url( admin_url( 'ms-options.php' ) ) ) ) ); wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">options page</a>.', admin_url( 'ms-options.php' ) ) ) );
if ( isset($_POST['WPLANG']) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) ) if ( isset($_POST['WPLANG']) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) )
update_site_option( 'WPLANG', $_POST['WPLANG'] ); update_site_option( 'WPLANG', $_POST['WPLANG'] );
@ -204,7 +204,7 @@ switch ( $_GET['action'] ) {
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ) );
if ( empty( $_POST ) ) if ( empty( $_POST ) )
wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">sites page</a>', esc_url( admin_url( 'ms-sites.php' ) ) ) ) ); wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">sites page</a>', admin_url( 'ms-sites.php' ) ) ) );
switch_to_blog( $id ); switch_to_blog( $id );
@ -466,7 +466,7 @@ switch ( $_GET['action'] ) {
<?php wp_admin_css( 'install', true ); ?> <?php wp_admin_css( 'install', true ); ?>
</head> </head>
<body id="error-page"> <body id="error-page">
<h1 id="logo"><img alt="WordPress" src="<?php echo esc_attr( admin_url( 'images/wordpress-logo.png' ) ); ?>" /></h1> <h1 id="logo"><img alt="WordPress" src="<?php echo admin_url( 'images/wordpress-logo.png' ); ?>" /></h1>
<form action="ms-edit.php?action=<?php echo esc_attr( $_GET['action2'] ) ?>" method="post"> <form action="ms-edit.php?action=<?php echo esc_attr( $_GET['action2'] ) ?>" method="post">
<input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" /> <input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" />
<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />

View File

@ -94,7 +94,7 @@ if (isset($_GET['updated'])) {
<?php _e( 'Display the latest post from this RSS or Atom feed on all site dashboards. Leave blank to disable.' ); ?><br /> <?php _e( 'Display the latest post from this RSS or Atom feed on all site dashboards. Leave blank to disable.' ); ?><br />
<?php if ( get_site_option( 'admin_notice_feed' ) != get_home_url( $current_site->id, 'feed/' ) ) <?php if ( get_site_option( 'admin_notice_feed' ) != get_home_url( $current_site->id, 'feed/' ) )
echo __( 'A good one to use would be the feed from your main site: ' ) . esc_url( get_home_url( $current_site->id, 'feed/' ) ) ?></td> echo __( 'A good one to use would be the feed from your main site: ' ) . get_home_url( $current_site->id, 'feed/' ); ?></td>
</tr> </tr>
</table> </table>
<h3><?php _e( 'Registration Settings' ); ?></h3> <h3><?php _e( 'Registration Settings' ); ?></h3>

View File

@ -84,7 +84,7 @@ switch ( $action ) {
?> ?>
<div class="wrap"> <div class="wrap">
<?php screen_icon(); ?> <?php screen_icon(); ?>
<h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo esc_url( get_home_url( $id ) ); ?>"><?php echo esc_url( get_home_url( $id ) ); ?></a></h2> <h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo get_home_url( $id ); ?>"><?php echo get_home_url( $id ); ?></a></h2>
<form method="post" action="ms-edit.php?action=updateblog"> <form method="post" action="ms-edit.php?action=updateblog">
<?php wp_nonce_field( 'editblog' ); ?> <?php wp_nonce_field( 'editblog' ); ?>
<input type="hidden" name="id" value="<?php echo esc_attr( $id ) ?>" /> <input type="hidden" name="id" value="<?php echo esc_attr( $id ) ?>" />
@ -433,8 +433,8 @@ switch ( $action ) {
<?php } ?> <?php } ?>
<div class="view-switch"> <div class="view-switch">
<a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a> <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
<a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a> <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
</div> </div>
</div> </div>
@ -531,7 +531,7 @@ switch ( $action ) {
case 'blogname': ?> case 'blogname': ?>
<td class="column-title"> <td class="column-title">
<a href="<?php echo esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) ); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a> <a href="<?php echo admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a>
<?php <?php
if ( 'list' != $mode ) if ( 'list' != $mode )
echo '<p>' . sprintf( _x( '%1$s &#8211; <em>%2$s', '%1$s: site name. %2$s: site tagline.' ), get_blog_option( $blog['blog_id'], 'blogname' ), get_blog_option( $blog['blog_id'], 'blogdescription ' ) ) . '</em></p>'; echo '<p>' . sprintf( _x( '%1$s &#8211; <em>%2$s', '%1$s: site name. %2$s: site tagline.' ), get_blog_option( $blog['blog_id'], 'blogname' ), get_blog_option( $blog['blog_id'], 'blogdescription ' ) ) . '</em></p>';
@ -546,28 +546,28 @@ switch ( $action ) {
'visit' => '', 'visit' => '',
); );
$actions['edit'] = '<span class="edit"><a href="' . esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) ) . '">' . __( 'Edit' ) . '</a><span>'; $actions['edit'] = '<span class="edit"><a href="' . admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) . '">' . __( 'Edit' ) . '</a><span>';
$actions['backend'] = "<span class='backend'><a href='" . esc_url( get_admin_url($blog['blog_id']) ) . "' class='edit'>" . __( 'Backend' ) . '</a></span>'; $actions['backend'] = "<span class='backend'><a href='" . get_admin_url($blog['blog_id']) . "' class='edit'>" . __( 'Backend' ) . '</a></span>';
if ( $current_site->blog_id != $blog['blog_id'] ) { if ( $current_site->blog_id != $blog['blog_id'] ) {
if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' ) if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' )
$actions['activate'] = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Activate' ) . '</a></span>'; $actions['activate'] = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ) . '">' . __( 'Activate' ) . '</a></span>';
else else
$actions['deactivate'] = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Deactivate' ) . '</a></span>'; $actions['deactivate'] = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ) . '">' . __( 'Deactivate' ) . '</a></span>';
if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' ) if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' )
$actions['unarchive'] = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=unarchiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Unarchive' ) . '</a></span>'; $actions['unarchive'] = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=unarchiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ) . '">' . __( 'Unarchive' ) . '</a></span>';
else else
$actions['archive'] = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Archive' ) . '</a></span>'; $actions['archive'] = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ) . '">' . __( 'Archive' ) . '</a></span>';
if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' ) if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' )
$actions['unspam'] = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Not Spam' ) . '</a></span>'; $actions['unspam'] = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ) . '">' . __( 'Not Spam' ) . '</a></span>';
else else
$actions['spam'] = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ) ) . '">' . __( 'Spam' ) . '</a></span>'; $actions['spam'] = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ) . '">' . __( 'Spam' ) . '</a></span>';
$actions['delete'] = '<span class="delete"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Delete' ) . '</a></span>'; $actions['delete'] = '<span class="delete"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ) . '">' . __( 'Delete' ) . '</a></span>';
} }
$actions['visit'] = "<span class='view'><a href='" . esc_url( get_home_url( $blog['blog_id'] ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>'; $actions['visit'] = "<span class='view'><a href='" . get_home_url( $blog['blog_id'] ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>';
$actions = array_filter( $actions ); $actions = array_filter( $actions );
if ( count( $actions ) ) : ?> if ( count( $actions ) ) : ?>
<div class="row-actions"> <div class="row-actions">
@ -608,10 +608,10 @@ switch ( $action ) {
$blogusers_warning = ''; $blogusers_warning = '';
if ( count( $blogusers ) > 5 ) { if ( count( $blogusers ) > 5 ) {
$blogusers = array_slice( $blogusers, 0, 5 ); $blogusers = array_slice( $blogusers, 0, 5 );
$blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . esc_url( get_admin_url( $blog['blog_id'], 'users.php' ) ) . '">' . __( 'More' ) . '</a>'; $blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . get_admin_url( $blog['blog_id'], 'users.php' ) . '">' . __( 'More' ) . '</a>';
} }
foreach ( $blogusers as $key => $val ) { foreach ( $blogusers as $key => $val ) {
echo '<a href="' . esc_url( admin_url( 'user-edit.php?user_id=' . $val->user_id ) ) . '">' . esc_html( $val->user_login ) . '</a> '; echo '<a href="' . admin_url( 'user-edit.php?user_id=' . $val->user_id ) . '">' . esc_html( $val->user_login ) . '</a> ';
if ( 'list' != $mode ) if ( 'list' != $mode )
echo '(' . $val->user_email . ')'; echo '(' . $val->user_email . ')';
echo '<br />'; echo '<br />';

View File

@ -26,7 +26,7 @@ $themes = get_themes();
$allowed_themes = get_site_allowed_themes(); $allowed_themes = get_site_allowed_themes();
?> ?>
<div class="wrap"> <div class="wrap">
<form action="<?php echo esc_url( admin_url( 'ms-edit.php?action=updatethemes' ) ); ?>" method="post"> <form action="<?php echo admin_url( 'ms-edit.php?action=updatethemes' ); ?>" method="post">
<?php screen_icon(); ?> <?php screen_icon(); ?>
<h2><?php _e( 'Network Themes' ) ?></h2> <h2><?php _e( 'Network Themes' ) ?></h2>
<p><?php _e( 'Disable themes network-wide. You can enable themes on a site-by-site basis.' ) ?></p> <p><?php _e( 'Disable themes network-wide. You can enable themes on a site-by-site basis.' ) ?></p>

View File

@ -149,8 +149,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
<?php } ?> <?php } ?>
<div class="view-switch"> <div class="view-switch">
<a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a> <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
<a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a> <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
</div> </div>
</div> </div>
<div class="clear"></div> <div class="clear"></div>
@ -230,15 +230,15 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
$edit_link = ( $current_user->ID == $user['ID'] ) ? 'profile.php' : 'user-edit.php?user_id=' . $user['ID']; $edit_link = ( $current_user->ID == $user['ID'] ) ? 'profile.php' : 'user-edit.php?user_id=' . $user['ID'];
?> ?>
<td class="username column-username"> <td class="username column-username">
<?php echo $avatar; ?><strong><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php <?php echo $avatar; ?><strong><a href="<?php echo admin_url( $edit_link ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php
if ( in_array( $user['user_login'], $super_admins ) ) if ( in_array( $user['user_login'], $super_admins ) )
echo ' - ' . __( 'Super admin' ); echo ' - ' . __( 'Super admin' );
?></strong> ?></strong>
<br/> <br/>
<div class="row-actions"> <div class="row-actions">
<span class="edit"><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>"><?php _e( 'Edit' ); ?></a></span> <span class="edit"><a href="<?php echo admin_url( $edit_link ); ?>"><?php _e( 'Edit' ); ?></a></span>
<?php if ( ! in_array( $user['user_login'], $super_admins ) ) { ?> <?php if ( ! in_array( $user['user_login'], $super_admins ) ) { ?>
| <span class="delete"><a href="<?php echo $delete = esc_url( admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span> | <span class="delete"><a href="<?php echo $delete = admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span>
<?php } ?> <?php } ?>
</div> </div>
</td> </td>
@ -273,17 +273,17 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
if ( is_array( $blogs ) ) { if ( is_array( $blogs ) ) {
foreach ( (array) $blogs as $key => $val ) { foreach ( (array) $blogs as $key => $val ) {
$path = ( $val->path == '/' ) ? '' : $val->path; $path = ( $val->path == '/' ) ? '' : $val->path;
echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) ) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>'; echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>';
echo ' <small class="row-actions">'; echo ' <small class="row-actions">';
// Edit // Edit
echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) ) .'">' . __( 'Edit' ) . '</a> | '; echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) .'">' . __( 'Edit' ) . '</a> | ';
// View // View
echo '<a '; echo '<a ';
if ( get_blog_status( $val->userblog_id, 'spam' ) == 1 ) if ( get_blog_status( $val->userblog_id, 'spam' ) == 1 )
echo 'style="background-color: #faa" '; echo 'style="background-color: #faa" ';
echo 'href="' . esc_url( get_home_url( $val->userblog_id ) ) . '">' . __( 'View' ) . '</a>'; echo 'href="' . get_home_url( $val->userblog_id ) . '">' . __( 'View' ) . '</a>';
echo '</small><br />'; echo '</small><br />';
} }

View File

@ -83,7 +83,7 @@ if ( $updated ) { ?>
$s = $i == 3 ? '' : 'border-right: 1px solid #ccc;'; $s = $i == 3 ? '' : 'border-right: 1px solid #ccc;';
echo "<td valign='top' style='$s'>"; echo "<td valign='top' style='$s'>";
echo "<h3>{$user_blog->blogname}</h3>"; echo "<h3>{$user_blog->blogname}</h3>";
echo "<p>" . apply_filters( 'myblogs_blog_actions', "<a href='" . esc_url( get_home_url( $user_blog->userblog_id ) ). "'>" . __( 'Visit' ) . "</a> | <a href='" . esc_url( get_admin_url( $user_blog->userblog_id ) ) . "'>" . __( 'Dashboard' ) . "</a>", $user_blog ) . "</p>"; echo "<p>" . apply_filters( 'myblogs_blog_actions', "<a href='" . get_home_url( $user_blog->userblog_id ). "'>" . __( 'Visit' ) . "</a> | <a href='" . get_admin_url( $user_blog->userblog_id ) . "'>" . __( 'Dashboard' ) . "</a>", $user_blog ) . "</p>";
echo apply_filters( 'myblogs_options', '', $user_blog ); echo apply_filters( 'myblogs_options', '', $user_blog );
echo "</td>"; echo "</td>";
$i++; $i++;

View File

@ -92,7 +92,7 @@ include( './admin-header.php' );
function network_step1( $errors = false ) { function network_step1( $errors = false ) {
if ( get_option( 'siteurl' ) != get_option( 'home' ) ) { if ( get_option( 'siteurl' ) != get_option( 'home' ) ) {
echo '<div class="error"><p><strong>' . __('Error:') . '</strong> ' . sprintf( __( 'Your <strong>WordPress address</strong> must match your <strong>Site address</strong> before creating a Network. See <a href="%s">General Settings</a>.' ), esc_url( admin_url( 'options-general.php' ) ) ) . '</strong></p></div>'; echo '<div class="error"><p><strong>' . __('Error:') . '</strong> ' . sprintf( __( 'Your <strong>WordPress address</strong> must match your <strong>Site address</strong> before creating a Network. See <a href="%s">General Settings</a>.' ), admin_url( 'options-general.php' ) ) . '</strong></p></div>';
include ('./admin-footer.php' ); include ('./admin-footer.php' );
die(); die();
} }
@ -113,7 +113,7 @@ function network_step1( $errors = false ) {
echo '<p>' . __( 'You cannot use an IP address such as <code>127.0.0.1</code>.' ) . '</p>'; echo '<p>' . __( 'You cannot use an IP address such as <code>127.0.0.1</code>.' ) . '</p>';
else else
echo '<p>' . sprintf( __( 'You cannot use port numbers such as <code>%s</code>.' ), $has_ports ) . '</p>'; echo '<p>' . sprintf( __( 'You cannot use port numbers such as <code>%s</code>.' ), $has_ports ) . '</p>';
echo '<a href="' . esc_url( admin_url() ) . '">' . __( 'Return to Dashboard' ) . '</a>'; echo '<a href="' . admin_url() . '">' . __( 'Return to Dashboard' ) . '</a>';
include( './admin-footer.php' ); include( './admin-footer.php' );
die(); die();
} }
@ -333,7 +333,7 @@ $htaccess_file .= "\nRewriteRule . index.php [L]";
</textarea></li> </textarea></li>
</ol> </ol>
<?php if ( !is_multisite() ) { ?> <?php if ( !is_multisite() ) { ?>
<p><?php printf( __( 'Once you complete these steps, your network is enabled and configured.') ); ?> <a href="<?php echo esc_url( admin_url() ); ?>"><?php _e( 'Return to Dashboard' ); ?></a></p> <p><?php printf( __( 'Once you complete these steps, your network is enabled and configured.') ); ?> <a href="<?php echo admin_url(); ?>"><?php _e( 'Return to Dashboard' ); ?></a></p>
<?php <?php
} }
} }

View File

@ -109,7 +109,7 @@ include('./admin-header.php');
$new_admin_email = get_option( 'new_admin_email' ); $new_admin_email = get_option( 'new_admin_email' );
if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?> if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
<div class="updated inline"> <div class="updated inline">
<p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?></p> <p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, admin_url( 'options.php?dismiss=new_admin_email' ) ); ?></p>
</div> </div>
<?php endif; ?> <?php endif; ?>
</td> </td>

View File

@ -399,7 +399,7 @@ var photostorage = false;
jQuery('#waiting').hide(); jQuery('#waiting').hide();
jQuery('#extra-fields').show(); jQuery('#extra-fields').show();
} }
jQuery('#extra-fields').before('<div id="waiting"><img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></div>'); jQuery('#extra-fields').before('<div id="waiting"><img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></div>');
if(photostorage == false) { if(photostorage == false) {
jQuery.ajax({ jQuery.ajax({
@ -475,7 +475,7 @@ var photostorage = false;
<?php } else { ?> <?php } else { ?>
<br /><br /><input class="button-primary" type="submit" name="review" value="<?php esc_attr_e('Submit for Review') ?>" id="review" /> <br /><br /><input class="button-primary" type="submit" name="review" value="<?php esc_attr_e('Submit for Review') ?>" id="review" />
<?php } ?> <?php } ?>
<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="saving" style="display:none;" /> <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" id="saving" style="display:none;" />
</p> </p>
</div> </div>
</div> </div>
@ -563,11 +563,11 @@ var photostorage = false;
<li id="photo_button"> <li id="photo_button">
Add: <?php if ( current_user_can('upload_files') ) { ?><a title="<?php _e('Insert an Image'); ?>" href="#"> Add: <?php if ( current_user_can('upload_files') ) { ?><a title="<?php _e('Insert an Image'); ?>" href="#">
<img alt="<?php _e('Insert an Image'); ?>" src="<?php echo esc_url( admin_url( 'images/media-button-image.gif' ) ); ?>"/></a> <img alt="<?php _e('Insert an Image'); ?>" src="<?php echo admin_url( 'images/media-button-image.gif' ); ?>"/></a>
<?php } ?> <?php } ?>
</li> </li>
<li id="video_button"> <li id="video_button">
<a title="<?php _e('Embed a Video'); ?>" href="#"><img alt="<?php _e('Embed a Video'); ?>" src="<?php echo esc_url( admin_url( 'images/media-button-video.gif' ) ); ?>"/></a> <a title="<?php _e('Embed a Video'); ?>" href="#"><img alt="<?php _e('Embed a Video'); ?>" src="<?php echo admin_url( 'images/media-button-video.gif' ); ?>"/></a>
</li> </li>
<?php if ( user_can_richedit() ) { ?> <?php if ( user_can_richedit() ) { ?>
<li id="switcher"> <li id="switcher">

View File

@ -212,7 +212,7 @@ foreach ( $cols as $col => $theme_name ) {
$parent_theme = $themes[$theme_name]['Parent Theme']; $parent_theme = $themes[$theme_name]['Parent Theme'];
$theme_root = $themes[$theme_name]['Theme Root']; $theme_root = $themes[$theme_name]['Theme Root'];
$theme_root_uri = $themes[$theme_name]['Theme Root URI']; $theme_root_uri = $themes[$theme_name]['Theme Root URI'];
$preview_link = esc_url(get_option('home') . '/'); $preview_link = trailingslashit( home_url() );
if ( is_ssl() ) if ( is_ssl() )
$preview_link = str_replace( 'http://', 'https://', $preview_link ); $preview_link = str_replace( 'http://', 'https://', $preview_link );
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) ); $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) );

View File

@ -334,7 +334,7 @@ function do_core_upgrade( $reinstall = false ) {
show_message( __('Installation Failed') ); show_message( __('Installation Failed') );
} else { } else {
show_message( __('WordPress updated successfully') ); show_message( __('WordPress updated successfully') );
show_message( '<strong>' . __('Actions:') . '</strong> <a href="' . esc_url( admin_url() ) . '">' . __('Go to Dashboard') . '</a>' ); show_message( '<strong>' . __('Actions:') . '</strong> <a href="' . admin_url() . '">' . __('Go to Dashboard') . '</a>' );
} }
echo '</div>'; echo '</div>';
} }

View File

@ -193,7 +193,7 @@ if ( isset($_GET['deleted']) && (int) $_GET['deleted'] ) {
if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) { if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) {
$message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) ); $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) );
$message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>'; $message .= ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>';
$_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
} }
@ -205,7 +205,7 @@ if ( isset($_GET['untrashed']) && (int) $_GET['untrashed'] ) {
$messages[1] = __('Media attachment updated.'); $messages[1] = __('Media attachment updated.');
$messages[2] = __('Media permanently deleted.'); $messages[2] = __('Media permanently deleted.');
$messages[3] = __('Error saving media attachment.'); $messages[3] = __('Error saving media attachment.');
$messages[4] = __('Media moved to the trash.') . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>'; $messages[4] = __('Media moved to the trash.') . ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>';
$messages[5] = __('Media restored from the trash.'); $messages[5] = __('Media restored from the trash.');
if ( isset($_GET['message']) && (int) $_GET['message'] ) { if ( isset($_GET['message']) && (int) $_GET['message'] ) {

View File

@ -160,7 +160,7 @@ include ('admin-header.php');
<?php screen_icon(); ?> <?php screen_icon(); ?>
<h2><?php echo esc_html( $title ); ?></h2> <h2><?php echo esc_html( $title ); ?></h2>
<form id="your-profile" action="<?php echo esc_url( admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>> <form id="your-profile" action="<?php echo admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>
<?php wp_nonce_field('update-user_' . $user_id) ?> <?php wp_nonce_field('update-user_' . $user_id) ?>
<?php if ( $wp_http_referer ) : ?> <?php if ( $wp_http_referer ) : ?>
<input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" /> <input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" />

View File

@ -365,7 +365,7 @@ require_once( './admin-header.php' ); ?>
<div class="sidebar-name"> <div class="sidebar-name">
<div class="sidebar-name-arrow"><br /></div> <div class="sidebar-name-arrow"><br /></div>
<h3><?php _e('Inactive Widgets'); ?> <h3><?php _e('Inactive Widgets'); ?>
<span><img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div> <span><img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>
<div class="widget-holder inactive"> <div class="widget-holder inactive">
<p class="description"><?php _e('Drag widgets here to remove them from the sidebar but keep their settings.'); ?></p> <p class="description"><?php _e('Drag widgets here to remove them from the sidebar but keep their settings.'); ?></p>
<?php wp_list_widget_controls('wp_inactive_widgets'); ?> <?php wp_list_widget_controls('wp_inactive_widgets'); ?>
@ -387,7 +387,7 @@ foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) {
<div class="sidebar-name"> <div class="sidebar-name">
<div class="sidebar-name-arrow"><br /></div> <div class="sidebar-name-arrow"><br /></div>
<h3><?php echo esc_html( $registered_sidebar['name'] ); ?> <h3><?php echo esc_html( $registered_sidebar['name'] ); ?>
<span><img src="<?php echo esc_url( admin_url( 'images/wpspin_dark.gif' ) ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div> <span><img src="<?php echo admin_url( 'images/wpspin_dark.gif' ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>
<?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?> <?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?>
</div> </div>
<?php <?php

View File

@ -268,7 +268,7 @@ function twentyten_comment( $comment, $args, $depth ) {
<br /> <br />
<?php endif; ?> <?php endif; ?>
<div class="comment-meta commentmetadata"><a href="<?php echo esc_url( get_comment_link( $comment->comment_ID ) ); ?>"><?php printf( __( '%1$s at %2$s', 'twentyten' ), get_comment_date(), get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)', 'twentyten' ),' ','' ); ?></div> <div class="comment-meta commentmetadata"><a href="<?php echo get_comment_link( $comment->comment_ID ); ?>"><?php printf( __( '%1$s at %2$s', 'twentyten' ), get_comment_date(), get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)', 'twentyten' ),' ','' ); ?></div>
<div class="comment-body"><?php comment_text(); ?></div> <div class="comment-body"><?php comment_text(); ?></div>

View File

@ -1032,7 +1032,7 @@ function get_comment_reply_link($args = array(), $comment = null, $post = null)
$link = ''; $link = '';
if ( get_option('comment_registration') && !$user_ID ) if ( get_option('comment_registration') && !$user_ID )
$link = '<a rel="nofollow" class="comment-reply-login" href="' . esc_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>'; $link = '<a rel="nofollow" class="comment-reply-login" href="' . wp_login_url( get_permalink() ) . '">' . $login_text . '</a>';
else else
$link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>"; $link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post); return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post);

View File

@ -644,7 +644,7 @@ class WP_Widget_Recent_Comments extends WP_Widget {
<?php if ( $title ) echo $before_title . $title . $after_title; ?> <?php if ( $title ) echo $before_title . $title . $after_title; ?>
<ul id="recentcomments"><?php <ul id="recentcomments"><?php
if ( $comments ) : foreach ( (array) $comments as $comment) : if ( $comments ) : foreach ( (array) $comments as $comment) :
echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . get_comment_link($comment->comment_ID) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
endforeach; endif;?></ul> endforeach; endif;?></ul>
<?php echo $after_widget; ?> <?php echo $after_widget; ?>
<?php <?php

View File

@ -184,9 +184,9 @@ function get_search_form($echo = true) {
*/ */
function wp_loginout($redirect = '', $echo = true) { function wp_loginout($redirect = '', $echo = true) {
if ( ! is_user_logged_in() ) if ( ! is_user_logged_in() )
$link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>'; $link = '<a href="' . wp_login_url($redirect) . '">' . __('Log in') . '</a>';
else else
$link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>'; $link = '<a href="' . wp_logout_url($redirect) . '">' . __('Log out') . '</a>';
if ( $echo ) if ( $echo )
echo apply_filters('loginout', $link); echo apply_filters('loginout', $link);
@ -2111,9 +2111,9 @@ function wp_admin_css( $file = 'wp-admin', $force_echo = false ) {
return; return;
} }
echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file ); echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . wp_admin_css_uri( $file ) . "' type='text/css' />\n", $file );
if ( 'rtl' == get_bloginfo( 'text_direction' ) ) if ( 'rtl' == get_bloginfo( 'text_direction' ) )
echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" ); echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . wp_admin_css_uri( "$file-rtl" ) . "' type='text/css' />\n", "$file-rtl" );
} }
/** /**

View File

@ -1824,8 +1824,8 @@ function get_shortcut_link() {
* @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https' * @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https'
* @return string Home url link with optional path appended. * @return string Home url link with optional path appended.
*/ */
function home_url( $path = '', $scheme = null ) { function home_url( $path = '', $scheme = null, $esc_url = true ) {
return get_home_url(null, $path, $scheme); return get_home_url(null, $path, $scheme, $esc_url);
} }
/** /**
@ -1843,7 +1843,7 @@ function home_url( $path = '', $scheme = null ) {
* @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https' * @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https'
* @return string Home url link with optional path appended. * @return string Home url link with optional path appended.
*/ */
function get_home_url( $blog_id = null, $path = '', $scheme = null ) { function get_home_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) {
$orig_scheme = $scheme; $orig_scheme = $scheme;
if ( !in_array($scheme, array('http', 'https')) ) if ( !in_array($scheme, array('http', 'https')) )
@ -1859,7 +1859,12 @@ function get_home_url( $blog_id = null, $path = '', $scheme = null ) {
if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) === false ) if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) === false )
$url .= '/' . ltrim( $path, '/' ); $url .= '/' . ltrim( $path, '/' );
return apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id ); $url = apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id );
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -1878,8 +1883,8 @@ function get_home_url( $blog_id = null, $path = '', $scheme = null ) {
* @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'. * @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'.
* @return string Site url link with optional path appended. * @return string Site url link with optional path appended.
*/ */
function site_url( $path = '', $scheme = null ) { function site_url( $path = '', $scheme = null, $esc_url = true ) {
return get_site_url(null, $path, $scheme); return get_site_url(null, $path, $scheme, $esc_url);
} }
/** /**
@ -1897,7 +1902,7 @@ function site_url( $path = '', $scheme = null ) {
* @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'. * @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'.
* @return string Site url link with optional path appended. * @return string Site url link with optional path appended.
*/ */
function get_site_url( $blog_id = null, $path = '', $scheme = null ) { function get_site_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) {
// should the list of allowed schemes be maintained elsewhere? // should the list of allowed schemes be maintained elsewhere?
$orig_scheme = $scheme; $orig_scheme = $scheme;
if ( !in_array($scheme, array('http', 'https')) ) { if ( !in_array($scheme, array('http', 'https')) ) {
@ -1921,7 +1926,12 @@ function get_site_url( $blog_id = null, $path = '', $scheme = null ) {
if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
$url .= '/' . ltrim($path, '/'); $url .= '/' . ltrim($path, '/');
return apply_filters('site_url', $url, $path, $orig_scheme, $blog_id); $url = apply_filters('site_url', $url, $path, $orig_scheme, $blog_id);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -1934,8 +1944,8 @@ function get_site_url( $blog_id = null, $path = '', $scheme = null ) {
* @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes.
* @return string Admin url link with optional path appended * @return string Admin url link with optional path appended
*/ */
function admin_url( $path = '', $scheme = 'admin' ) { function admin_url( $path = '', $scheme = 'admin', $esc_url = true ) {
return get_admin_url(null, $path, $scheme); return get_admin_url(null, $path, $scheme, $esc_url);
} }
/** /**
@ -1949,13 +1959,18 @@ function admin_url( $path = '', $scheme = 'admin' ) {
* @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes.
* @return string Admin url link with optional path appended * @return string Admin url link with optional path appended
*/ */
function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) { function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin', $esc_url = true ) {
$url = get_site_url($blog_id, 'wp-admin/', $scheme); $url = get_site_url($blog_id, 'wp-admin/', $scheme);
if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
$url .= ltrim($path, '/'); $url .= ltrim($path, '/');
return apply_filters('admin_url', $url, $path, $blog_id); $url = apply_filters('admin_url', $url, $path, $blog_id);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -1967,13 +1982,18 @@ function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) {
* @param string $path Optional. Path relative to the includes url. * @param string $path Optional. Path relative to the includes url.
* @return string Includes url link with optional path appended. * @return string Includes url link with optional path appended.
*/ */
function includes_url($path = '') { function includes_url($path = '', $esc_url = true) {
$url = site_url() . '/' . WPINC . '/'; $url = site_url() . '/' . WPINC . '/';
if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
$url .= ltrim($path, '/'); $url .= ltrim($path, '/');
return apply_filters('includes_url', $url, $path); $url = apply_filters('includes_url', $url, $path);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -1985,7 +2005,7 @@ function includes_url($path = '') {
* @param string $path Optional. Path relative to the content url. * @param string $path Optional. Path relative to the content url.
* @return string Content url link with optional path appended. * @return string Content url link with optional path appended.
*/ */
function content_url($path = '') { function content_url($path = '', $esc_url = true) {
$url = WP_CONTENT_URL; $url = WP_CONTENT_URL;
if ( 0 === strpos($url, 'http') && is_ssl() ) if ( 0 === strpos($url, 'http') && is_ssl() )
$url = str_replace( 'http://', 'https://', $url ); $url = str_replace( 'http://', 'https://', $url );
@ -1993,7 +2013,12 @@ function content_url($path = '') {
if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
$url .= '/' . ltrim($path, '/'); $url .= '/' . ltrim($path, '/');
return apply_filters('content_url', $url, $path); $url = apply_filters('content_url', $url, $path);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -2007,7 +2032,7 @@ function content_url($path = '') {
* @param string $plugin Optional. The plugin file that you want to be relative to - i.e. pass in __FILE__ * @param string $plugin Optional. The plugin file that you want to be relative to - i.e. pass in __FILE__
* @return string Plugins url link with optional path appended. * @return string Plugins url link with optional path appended.
*/ */
function plugins_url($path = '', $plugin = '') { function plugins_url($path = '', $plugin = '', $esc_url = true) {
$mu_plugin_dir = WPMU_PLUGIN_DIR; $mu_plugin_dir = WPMU_PLUGIN_DIR;
foreach ( array('path', 'plugin', 'mu_plugin_dir') as $var ) { foreach ( array('path', 'plugin', 'mu_plugin_dir') as $var ) {
@ -2032,7 +2057,13 @@ function plugins_url($path = '', $plugin = '') {
if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
$url .= '/' . ltrim($path, '/'); $url .= '/' . ltrim($path, '/');
return apply_filters('plugins_url', $url, $path, $plugin); $url = apply_filters('plugins_url', $url, $path, $plugin);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -2049,7 +2080,7 @@ function plugins_url($path = '', $plugin = '') {
* @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'. * @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'.
* @return string Site url link with optional path appended. * @return string Site url link with optional path appended.
*/ */
function network_site_url( $path = '', $scheme = null ) { function network_site_url( $path = '', $scheme = null, $esc_url = true ) {
global $current_site; global $current_site;
if ( !is_multisite() ) if ( !is_multisite() )
@ -2074,7 +2105,12 @@ function network_site_url( $path = '', $scheme = null ) {
if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
$url .= ltrim($path, '/'); $url .= ltrim($path, '/');
return apply_filters('network_site_url', $url, $path, $orig_scheme); $url = apply_filters('network_site_url', $url, $path, $orig_scheme);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -2091,7 +2127,7 @@ function network_site_url( $path = '', $scheme = null ) {
* @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https' * @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https'
* @return string Home url link with optional path appended. * @return string Home url link with optional path appended.
*/ */
function network_home_url( $path = '', $scheme = null ) { function network_home_url( $path = '', $scheme = null, $esc_url = true ) {
global $current_site; global $current_site;
if ( !is_multisite() ) if ( !is_multisite() )
@ -2109,7 +2145,12 @@ function network_home_url( $path = '', $scheme = null ) {
if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) === false ) if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) === false )
$url .= ltrim( $path, '/' ); $url .= ltrim( $path, '/' );
return apply_filters( 'network_home_url', $url, $path, $orig_scheme); $url = apply_filters( 'network_home_url', $url, $path, $orig_scheme);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**
@ -2122,13 +2163,18 @@ function network_home_url( $path = '', $scheme = null ) {
* @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes.
* @return string Admin url link with optional path appended * @return string Admin url link with optional path appended
*/ */
function network_admin_url( $path = '', $scheme = 'admin' ) { function network_admin_url( $path = '', $scheme = 'admin', $esc_url = true ) {
$url = network_site_url('wp-admin/', $scheme); $url = network_site_url('wp-admin/', $scheme);
if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
$url .= ltrim($path, '/'); $url .= ltrim($path, '/');
return apply_filters('network_admin_url', $url, $path); $url = apply_filters('network_admin_url', $url, $path);
if ( $esc_url )
$url = esc_url($url);
return $url;
} }
/** /**

View File

@ -852,7 +852,7 @@ function newblog_notify_siteadmin( $blog_id, $deprecated = '' ) {
if ( is_email($email) == false ) if ( is_email($email) == false )
return false; return false;
$options_site_url = esc_url(network_admin_url('ms-options.php')); $options_site_url = network_admin_url('ms-options.php');
switch_to_blog( $blog_id ); switch_to_blog( $blog_id );
$blogname = get_option( 'blogname' ); $blogname = get_option( 'blogname' );
@ -881,7 +881,7 @@ function newuser_notify_siteadmin( $user_id ) {
$user = new WP_User($user_id); $user = new WP_User($user_id);
$options_site_url = esc_url(network_admin_url('ms-options.php')); $options_site_url = network_admin_url('ms-options.php');
$msg = sprintf(__('New User: %1s $msg = sprintf(__('New User: %1s
Remote IP: %2s Remote IP: %2s