WordPress/wp-admin
Ryan Boren 469d1a3099 Escape form action urls with esc_url() rather than esc_attr().
Props SergeyBiryukov
fixes #23266


git-svn-id: http://core.svn.wordpress.org/trunk@23739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-18 14:01:25 +00:00
..
css Compress scripts/styles: 3.6-alpha-23728. 2013-03-16 04:58:37 +00:00
images Post locks on the posts list screen: new icons for the lock, props empireoflight, show avatar for the user currently editing, props dh-shredder, see #23312 2013-03-13 00:28:07 +00:00
includes Escape form action urls with esc_url() rather than esc_attr(). 2013-03-18 14:01:25 +00:00
js Compress scripts/styles: 3.6-alpha-23734. 2013-03-16 20:58:37 +00:00
maint Use correct escaping function. fixes #23334. 2013-02-14 05:52:23 +00:00
network Update Network Dashboard help text. props DrewAPicture, raggedrobins. see #23163. 2013-03-09 03:18:26 +00:00
user Remove index-extra.php. Move dashboard widget XHR callbacks to ajax-actions.php. fixes #20242. 2012-03-15 13:20:00 +00:00
about.php Remove 'Insert Multiple Images' from the about page as it is now completely invisible in the UI. Requiring shift-click but not mentioning it is a bad omen. props helenyhou. fixes #22455. 2012-12-07 20:58:34 +00:00
admin-ajax.php Logged out warnings, heartbeat: remove nopriv_autosave as it doubles the functionality of the logged out warnings, move wp_ajax_nopriv_heartbeat() under No-privilege Ajax handlers in ajax-actions.php, see #23295, see #23216 2013-03-13 23:54:12 +00:00
admin-footer.php Rename div#footer to div#wpfooter in the admin. Namespace one of our major elements and avoid clashing with widgets with the id of 'footer'. props andrewryno, koopersmith. see #14466. 2012-09-16 23:03:35 +00:00
admin-functions.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
admin-header.php Move utils.js (cookie and user setting functions) to wp-includes to enable front-end use. 2012-12-04 19:29:56 +00:00
admin-post.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
admin.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:00:25 +00:00
async-upload.php Verify attachment parent during upload. 2012-11-29 02:39:34 +00:00
comment.php Allow comment.php?action=editcomment to be accessible for a comment that is spam. props josephscott, fixes #19977, see #18340. 2012-02-07 19:13:30 +00:00
credits.php Reorganize and polish the About WordPress 3.5 screen. Offer strings for translation. 2012-11-28 21:00:09 +00:00
custom-background.php Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 2013-03-01 16:28:40 +00:00
custom-header.php Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 2013-03-01 16:28:40 +00:00
customize.php Refactor the Customizer accordion so that it can be used in other locations. 2013-02-14 22:58:04 +00:00
edit-comments.php Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer(). 2013-03-01 17:58:43 +00:00
edit-form-advanced.php Autosave to the browser's sessionStorage, compare this autosave to the post content on page load and let the user restore it when the data is not the same. First run, see #23220 2013-03-13 10:08:16 +00:00
edit-form-comment.php Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer(). 2013-03-01 17:58:43 +00:00
edit-link-form.php Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 2013-03-01 16:28:40 +00:00
edit-tag-form.php Enter the semicolon. Props F J Kaiser, SergeyBiryukov. fixes #21393 2012-10-18 13:06:39 +00:00
edit-tags.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:00:25 +00:00
edit.php Post locks on the posts list screen: new icons for the lock, props empireoflight, show avatar for the user currently editing, props dh-shredder, see #23312 2013-03-13 00:28:07 +00:00
export.php Rename filter on $args sent to export_wp() for clarity. See #19863. 2012-11-06 14:51:45 +00:00
freedoms.php Reorganize and polish the About WordPress 3.5 screen. Offer strings for translation. 2012-11-28 21:00:09 +00:00
import.php Pull the list of popular importers from WordPress.org. 2012-11-17 07:20:04 +00:00
index.php We no longer care if wp-admin/index.php is parseable by PHP 4. (And it's not, anyway.) If a user hits the root or wp-admin/install.php, they do get a proper warning. 2012-12-11 16:08:58 +00:00
install-helper.php Deprecate ancient "debugging" tools. 2012-02-17 00:02:42 +00:00
install.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
link-add.php Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767. 2013-02-16 18:28:41 +00:00
link-manager.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
link-parse-opml.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
link.php Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767. 2013-02-16 18:28:41 +00:00
load-scripts.php Script loader: Chunk the script names as passed to load-scripts.php into 128-character pieces. Avoids hitting a limit for the length of a single variable, such as suhosin.get.max_value_length which defaults to 512. fixes #22757. 2012-12-05 18:57:56 +00:00
load-styles.php Fix minified RTL style loading via load-styles.php. props ocean90. fixes #22482. 2012-11-16 22:18:33 +00:00
media-new.php Escape form action urls with esc_url() rather than esc_attr(). 2013-03-18 14:01:25 +00:00
media-upload.php Split media-new.php and media-upload.php into distinct files. 2012-11-21 12:19:40 +00:00
media.php Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 2013-03-01 16:28:40 +00:00
menu-header.php Prevent plugins with certain filenames from breaking links in the admin menu. props lightningspirit. fixes #22079. 2013-03-09 02:48:49 +00:00
menu.php Use the create_posts post type cap in more places. Remove the janky create_posts meta cap. see #16714. 2012-11-28 22:28:20 +00:00
moderation.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
ms-admin.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
ms-delete-site.php Reduce use of global. Use get_blog_details() instead. fixes #22090 2012-10-04 12:40:09 +00:00
ms-edit.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
ms-options.php Network Admin, first pass. see #14435 2010-07-30 20:34:54 +00:00
ms-sites.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
ms-themes.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
ms-upgrade-network.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
ms-users.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
my-sites.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
nav-menus.php Accessibility revamp for nav menus. 2013-03-16 04:47:19 +00:00
network.php Make get_home_path() return consistent slashes. fixes #23175. 2013-03-12 11:04:14 +00:00
options-discussion.php Make 'Show Avatars' a checkbox rather than a yes/no radio button. props tmoorewp, fixes #20889. 2012-09-26 06:44:26 +00:00
options-general.php Don't show the same time or date format twice on the General Settings page. This can occur if a translated format is the same as an existing default format. fixes #21060. 2012-10-25 20:15:47 +00:00
options-head.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
options-media.php Only show help for upload_path and upload_url_path if those fields are visible. fixes #21720. 2012-12-09 17:04:08 +00:00
options-permalink.php Consistently use $wp_rewrite->index instead of hardcoding "index.php". 2013-01-18 13:44:22 +00:00
options-reading.php Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379. 2012-11-19 01:28:32 +00:00
options-writing.php Make sure .widefat border and background coloring only applies to tables. props MikeHansenMe. fixes #21936. 2013-01-22 14:44:04 +00:00
options.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
plugin-editor.php Don't unslash variables that came from wp_reset_vars(). see #21767. 2013-03-01 18:59:54 +00:00
plugin-install.php Pinking shears 2012-11-17 15:11:29 +00:00
plugins.php Show plugin activation message when activating a network only plugin on a single site installation. 2012-11-27 16:08:35 +00:00
post-new.php No AYS or autosave for attachments on post.php. Reverts part of [22725]. fixes #22491. 2012-11-27 02:02:32 +00:00
post.php Local autosave: set a temp cookie on submitting the form and change it on redirecting after the post is saved/updated, then use it to determine if saving worked properly. Removes the chance for false positives after saving/updating a post. See #23220 2013-03-14 03:06:07 +00:00
press-this.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
profile.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
revision.php Revisions: Updates to the new Revisions UI. 2013-03-07 15:32:26 +00:00
setup-config.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
theme-editor.php Don't unslash variables that came from wp_reset_vars(). see #21767. 2013-03-01 18:59:54 +00:00
theme-install.php Fix help text on the Install Themes screen, props SergeyBiryukov, fixes #20925 2012-08-22 02:28:30 +00:00
themes.php Remove "This theme supports widgets..." from the theme activation notice. props ryanimel. fixes #19787. 2012-09-24 16:31:41 +00:00
tools.php Make sure .widefat border and background coloring only applies to tables. props MikeHansenMe. fixes #21936. 2013-01-22 14:44:04 +00:00
update-core.php Escape form action urls with esc_url() rather than esc_attr(). 2013-03-18 14:01:25 +00:00
update.php Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 2013-03-01 16:28:40 +00:00
upgrade-functions.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
upgrade.php Always wp_unslash() the return of wp_get_referer(). 2013-03-01 17:20:32 +00:00
upload.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-01 17:14:09 +00:00
user-edit.php Cleanup additional capabilities display in user-edit.php. Mark a string for translation. 2013-03-18 13:27:57 +00:00
user-new.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-03 16:30:38 +00:00
users.php Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 2013-03-03 16:30:38 +00:00
widgets.php Fix various typos and omissions across a number of help tabs. props DrewAPicture, Ipstenu. see #22451. 2012-11-22 08:45:15 +00:00