Index: wp-admin/edit-comments.php
===================================================================
--- wp-admin/edit-comments.php (revision 5053)
+++ wp-admin/edit-comments.php (working copy)
@@ -101,7 +101,7 @@
$r = '';
if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
- $r .= '« '. __('Previous Page') .'' . "\n";
+ $r .= '« '. __('Previous Page') .'' . "\n";
}
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -111,7 +111,7 @@
$p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
- $r .= '' . ( $page_num ) . "\n";
+ $r .= '' . ( $page_num ) . "\n";
$in = true;
elseif ( $in == true ) :
$r .= "...\n";
@@ -122,7 +122,7 @@
}
if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1;
- $r .= ''. __('Next Page') .' »' . "\n";
+ $r .= ''. __('Next Page') .' »' . "\n";
}
echo "$r
";
?>
@@ -248,7 +248,7 @@
$r = '';
if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
- $r .= '« '. __('Previous Page') .'' . "\n";
+ $r .= '« '. __('Previous Page') .'' . "\n";
}
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -258,7 +258,7 @@
$p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
- $r .= '' . ( $page_num ) . "\n";
+ $r .= '' . ( $page_num ) . "\n";
$in = true;
elseif ( $in == true ) :
$r .= "...\n";
@@ -269,7 +269,7 @@
}
if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1;
- $r .= ''. __('Next Page') .' »' . "\n";
+ $r .= ''. __('Next Page') .' »' . "\n";
}
echo "$r
";
?>
Index: wp-admin/admin-functions.php
===================================================================
--- wp-admin/admin-functions.php (revision 5053)
+++ wp-admin/admin-functions.php (working copy)
@@ -370,7 +370,7 @@
else if ( !empty( $post_title ) ) {
$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
$text = funky_javascript_fix( $text);
- $popupurl = attribute_escape($_REQUEST['popupurl']);
+ $popupurl = clean_url($_REQUEST['popupurl']);
$post_content = ''.$post_title.''."\n$text";
}
@@ -429,7 +429,7 @@
$user = new WP_User( $user_id );
$user->user_login = attribute_escape($user->user_login);
$user->user_email = attribute_escape($user->user_email);
- $user->user_url = attribute_escape($user->user_url);
+ $user->user_url = clean_url($user->user_url);
$user->first_name = attribute_escape($user->first_name);
$user->last_name = attribute_escape($user->last_name);
$user->display_name = attribute_escape($user->display_name);
@@ -574,11 +574,11 @@
function get_link_to_edit( $link_id ) {
$link = get_link( $link_id );
- $link->link_url = attribute_escape($link->link_url);
+ $link->link_url = clean_url($link->link_url);
$link->link_name = attribute_escape($link->link_name);
$link->link_image = attribute_escape($link->link_image);
$link->link_description = attribute_escape($link->link_description);
- $link->link_rss = attribute_escape($link->link_rss);
+ $link->link_rss = clean_url($link->link_rss);
$link->link_rel = attribute_escape($link->link_rel);
$link->link_notes = wp_specialchars($link->link_notes);
$link->post_category = $link->link_category;
@@ -588,7 +588,7 @@
function get_default_link_to_edit() {
if ( isset( $_GET['linkurl'] ) )
- $link->link_url = attribute_escape( $_GET['linkurl']);
+ $link->link_url = clean_url( $_GET['linkurl']);
else
$link->link_url = '';
@@ -879,7 +879,7 @@
}
$r .= "\n\t\t";
if ( current_user_can( 'edit_user', $user_object->ID ) ) {
- $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
+ $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
$r .= "".__( 'Edit' )."";
}
$r .= " | \n\t";
Index: wp-admin/edit-page-form.php
===================================================================
--- wp-admin/edit-page-form.php (revision 5053)
+++ wp-admin/edit-page-form.php (working copy)
@@ -13,7 +13,7 @@
$form_extra = "";
}
-$sendto = attribute_escape(stripslashes(wp_get_referer()));
+$sendto = clean_url(stripslashes(wp_get_referer()));
if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
$sendto = 'redo';
Index: wp-admin/edit-form-advanced.php
===================================================================
--- wp-admin/edit-form-advanced.php (revision 5053)
+++ wp-admin/edit-form-advanced.php (working copy)
@@ -168,11 +168,11 @@
?>
Index: wp-admin/link-manager.php
===================================================================
--- wp-admin/link-manager.php (revision 5053)
+++ wp-admin/link-manager.php (working copy)
@@ -133,7 +133,7 @@
foreach ($links as $link) {
$link->link_name = attribute_escape(apply_filters('link_title', $link->link_name));
$link->link_description = wp_specialchars(apply_filters('link_description', $link->link_description));
- $link->link_url = attribute_escape($link->link_url);
+ $link->link_url = clean_url($link->link_url);
$link->link_category = wp_get_link_cats($link->link_id);
$short_url = str_replace('http://', '', $link->link_url);
$short_url = str_replace('www.', '', $short_url);
Index: wp-admin/bookmarklet.php
===================================================================
--- wp-admin/bookmarklet.php (revision 5053)
+++ wp-admin/bookmarklet.php (working copy)
@@ -37,7 +37,7 @@
$content = wp_specialchars($_REQUEST['content']);
-$popupurl = attribute_escape($_REQUEST['popupurl']);
+$popupurl = clean_url($_REQUEST['popupurl']);
if ( !empty($content) ) {
$post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
} else {