Ticket #15454: garyc40-15454-rev2.patch

File garyc40-15454-rev2.patch, 6.2 KB (added by garyc40, 2 years ago)

two more instances

  • wp-admin/edit-tag-form.php 

    diff --git wp-admin/edit-tag-form.php wp-admin/edit-tag-form.php
index dbf669f..1598a62 100644
    do_action($taxonomy . '_pre_edit_form', $tag, $taxonomy); ?> 
    6161<?php endif; // is_taxonomy_hierarchical() ?> 
    6262                <tr class="form-field"> 
    6363                        <th scope="row" valign="top"><label for="description"><?php _ex('Description', 'Taxonomy Description'); ?></label></th> 
    64                         <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_textarea( $tag->description ); ?></textarea><br /> 
     64                        <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $tag->description; // already escaped ?></textarea><br /> 
    6565                        <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td> 
    6666                </tr> 
    6767                <?php 

  • wp-admin/includes/media.php 

    diff --git wp-admin/includes/media.php wp-admin/includes/media.php
index 33e7867..9038888 100644
    function get_media_item( $attachment_id, $args = null ) { 
    13431343                if ( !empty( $field[ $field['input'] ] ) ) 
    13441344                        $item .= $field[ $field['input'] ]; 
    13451345                elseif ( $field['input'] == 'textarea' ) { 
    1346                         $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_textarea( $field['value'] ) . '</textarea>'; 
     1346                        if ( user_can_richedit() ) { // already escaped when user_can_richedit() = false 
     1347                                $field['value'] = esc_textarea( $field['value'] ); 
     1348                        } 
     1349                        $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . $field['value'] . '</textarea>'; 
    13471350                } else { 
    13481351                        $item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />"; 
    13491352                } 

  • wp-admin/includes/meta-boxes.php 

    diff --git wp-admin/includes/meta-boxes.php wp-admin/includes/meta-boxes.php
index 42678db..96466b5 100644
    function post_tags_meta_box($post, $box) { 
    288288        <div class="jaxtag"> 
    289289        <div class="nojs-tags hide-if-js"> 
    290290        <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p> 
    291         <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_textarea( get_terms_to_edit( $post->ID, $tax_name ) ); ?></textarea></div> 
     291        <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // escaped by esc_attr() ?></textarea></div> 
    292292        <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?> 
    293293        <div class="ajaxtag hide-if-no-js"> 
    294294                <label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label> 
    function link_advanced_meta_box($link) { 
    892892        </tr> 
    893893        <tr class="form-field"> 
    894894                <th valign="top"  scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th> 
    895                 <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo esc_textarea( ( isset( $link->link_notes ) ? $link->link_notes : '') ); ?></textarea></td> 
     895                <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); // escaped ?></textarea></td> 
    896896        </tr> 
    897897        <tr class="form-field"> 
    898898                <th valign="top"  scope="row"><label for="link_rating"><?php _e('Rating') ?></label></th> 

  • wp-admin/press-this.php 

    diff --git wp-admin/press-this.php wp-admin/press-this.php
index 1d826a8..282c4f9 100644
    $title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashe 
    8383$selection = ''; 
    8484if ( !empty($_GET['s']) ) { 
    8585        $selection = str_replace('&apos;', "'", stripslashes($_GET['s'])); 
    86         $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); 
     86        $selection = trim( html_entity_decode($selection, ENT_QUOTES) ); 
    8787} 
    8888 
    8989if ( ! empty($selection) ) { 
    var photostorage = false; 
    598598                        <div class="editor-container"> 
    599599                                <textarea name="content" id="content" style="width:100%;" class="theEditor" rows="15"><?php 
    600600                                        if ( $selection ) 
    601                                                 echo wp_richedit_pre($selection); 
     601                                                echo esc_textarea($selection); 
    602602                                        if ( $url ) { 
    603603                                                echo '<p>'; 
    604604                                                if ( $selection ) 

  • wp-includes/bookmark.php 

    diff --git wp-includes/bookmark.php wp-includes/bookmark.php
index ddb5e13..b99a719 100644
    function sanitize_bookmark_field($field, $value, $bookmark_id, $context) { 
    334334                return $value; 
    335335 
    336336        if ( 'edit' == $context ) { 
    337                 $format_to_edit = array('link_notes'); 
    338337                $value = apply_filters("edit_$field", $value, $bookmark_id); 
    339  
    340                 if ( in_array($field, $format_to_edit) ) { 
    341                         $value = format_to_edit($value); 
    342                 } else { 
    343                         $value = esc_attr($value); 
    344                 } 
     338                $value = esc_attr( $value ); 
    345339        } else if ( 'db' == $context ) { 
    346340                $value = apply_filters("pre_$field", $value); 
    347341        } else { 

  • wp-includes/formatting.php 

    diff --git wp-includes/formatting.php wp-includes/formatting.php
index c34c4f1..718ad71 100644
    function force_balance_tags( $text ) { 
    11261126function format_to_edit($content, $richedit = false) { 
    11271127        $content = apply_filters('format_to_edit', $content); 
    11281128        if (! $richedit ) 
    1129                 $content = htmlspecialchars($content); 
     1129                $content = esc_textarea($content); 
    11301130        return $content; 
    11311131} 
    11321132 

  • wp-includes/taxonomy.php 

    diff --git wp-includes/taxonomy.php wp-includes/taxonomy.php
index b708838..228c3e5 100644
    function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) { 
    15201520        if ( 'edit' == $context ) { 
    15211521                $value = apply_filters("edit_term_{$field}", $value, $term_id, $taxonomy); 
    15221522                $value = apply_filters("edit_{$taxonomy}_{$field}", $value, $term_id); 
    1523                 if ( 'description' == $field ) 
    1524                         $value = format_to_edit($value); 
    1525                 else 
    1526                         $value = esc_attr($value); 
     1523                $value = esc_attr($value); 
    15271524        } else if ( 'db' == $context ) { 
    15281525                $value = apply_filters("pre_term_{$field}", $value, $taxonomy); 
    15291526                $value = apply_filters("pre_{$taxonomy}_{$field}", $value);