Coding standards: Modify escaping functions to avoid potential false positives.

Props xknown, zieladam, peterwilsoncc.Y


Built from https://develop.svn.wordpress.org/branches/5.5@49375


git-svn-id: http://core.svn.wordpress.org/branches/5.5@49134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake 2020-10-29 16:58:05 +00:00
parent 8518cbeea9
commit a428042e49
8 changed files with 19 additions and 19 deletions

View File

@ -82,12 +82,12 @@ $admin_body_class = preg_replace( '/[^a-z0-9_-]+/i', '-', $hook_suffix );
?>
<script type="text/javascript">
addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
pagenow = '<?php echo $current_screen->id; ?>',
typenow = '<?php echo $current_screen->post_type; ?>',
adminpage = '<?php echo $admin_body_class; ?>',
thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
isRtl = <?php echo (int) is_rtl(); ?>;
</script>
<?php

View File

@ -343,7 +343,7 @@ class Custom_Image_Header {
?>
<script type="text/javascript">
(function($){
var default_color = '<?php echo $default_color; ?>',
var default_color = '<?php echo esc_js( $default_color ); ?>',
header_text_fields;
function pickColor(color) {

View File

@ -530,7 +530,7 @@ function wp_iframe( $content_func, ...$args ) {
?>
<script type="text/javascript">
addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
isRtl = <?php echo (int) is_rtl(); ?>;
</script>
<?php

View File

@ -842,7 +842,7 @@ function can_edit_network( $network_id ) {
function _thickbox_path_admin_subfolder() {
?>
<script type="text/javascript">
var tb_pathToImage = "<?php echo includes_url( 'js/thickbox/loadingAnimation.gif', 'relative' ); ?>";
var tb_pathToImage = "<?php echo esc_js( includes_url( 'js/thickbox/loadingAnimation.gif', 'relative' ) ); ?>";
</script>
<?php
}

View File

@ -2018,12 +2018,12 @@ function iframe_header( $title = '', $deprecated = false ) {
<script type="text/javascript">
addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
function tb_close(){var win=window.dialogArguments||opener||parent||top;win.tb_remove();}
var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
pagenow = '<?php echo $current_screen->id; ?>',
typenow = '<?php echo $current_screen->post_type; ?>',
adminpage = '<?php echo $admin_body_class; ?>',
thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
isRtl = <?php echo (int) is_rtl(); ?>;
</script>
<?php

View File

@ -77,9 +77,9 @@ if ( get_user_setting( 'uploader' ) || isset( $_GET['browser-uploader'] ) ) {
<?php media_upload_form(); ?>
<script type="text/javascript">
var post_id = <?php echo $post_id; ?>, shortform = 3;
var post_id = <?php echo absint( $post_id ); ?>, shortform = 3;
</script>
<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
<input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" />
<?php wp_nonce_field( 'media-form' ); ?>
<div id="media-items" class="hide-if-no-js"></div>
</form>

View File

@ -220,7 +220,7 @@ if ( ! wp_is_large_network( 'users' ) && apply_filters( 'show_network_site_users
require_once ABSPATH . 'wp-admin/admin-header.php'; ?>
<script type="text/javascript">
var current_site_id = <?php echo $id; ?>;
var current_site_id = <?php echo absint( $id ); ?>;
</script>

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.5.2-alpha-49374';
$wp_version = '5.5.2-alpha-49375';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.