Ticket #17364: 17364.patch

wp-admin/custom-header.php

@@ -389 +389 @@
                 toggle_text();
                 <?php } ?>
                 });
+/* ]]> */
 </script>
 <?php
         }

wp-admin/custom-background.php

@@ -237 +237 @@
 <input type="hidden" name="action" value="save" />
 <?php wp_nonce_field('custom-background-upload', '_wpnonce-custom-background-upload') ?>
 <?php submit_button( __( 'Upload' ), 'button', 'submit', false ); ?>
-</p>
 </form>
 </td>
 </tr>

wp-admin/includes/class-wp-terms-list-table.php

@@ -250 +250 @@
                 $pad = str_repeat( '— ', max( 0, $this->level ) );
                 $name = apply_filters( 'term_name', $pad . ' ' . $tag->name, $tag );
                 $qe_data = get_term( $tag->term_id, $taxonomy, OBJECT, 'edit' );
-                $edit_link = get_edit_term_link( $tag->term_id, $taxonomy, $post_type );
+                $edit_link = esc_url(get_edit_term_link( $tag->term_id, $taxonomy, $post_type ));
 
                 $out = '<strong><a class="row-title" href="' . $edit_link . '" title="' . esc_attr( sprintf( __( 'Edit &#8220;%s&#8221;' ), $name ) ) . '">' . $name . '</a></strong><br />';
 
@@ -260 +260 @@
                         $actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __( 'Quick&nbsp;Edit' ) . '</a>';
                 }
                 if ( current_user_can( $tax->cap->delete_terms ) && $tag->term_id != $default_term )
-                        $actions['delete'] = "<a class='delete-tag' href='" . wp_nonce_url( "edit-tags.php?action=delete&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ) . "'>" . __( 'Delete' ) . "</a>";
+                        $actions['delete'] = "<a class='delete-tag' href='" . esc_url( "edit-tags.php?action=delete&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ) . "'>" . __( 'Delete' ) . "</a>";
 
                 $actions = apply_filters( 'tag_row_actions', $actions, $tag );
                 $actions = apply_filters( "{$taxonomy}_row_actions", $actions, $tag );
@@ -269 +269 @@
                 $out .= '<div class="hidden" id="inline_' . $qe_data->term_id . '">';
                 $out .= '<div class="name">' . $qe_data->name . '</div>';
                 $out .= '<div class="slug">' . apply_filters( 'editable_slug', $qe_data->slug ) . '</div>';
-                $out .= '<div class="parent">' . $qe_data->parent . '</div></div></td>';
+                $out .= '<div class="parent">' . $qe_data->parent . '</div></div>';
 
                 return $out;
         }
@@ -300 +300 @@
 
                 $args['post_type'] = $post_type;
 
-                return "<a href='" . add_query_arg( $args, 'edit.php' ) . "'>$count</a>";
+                return "<a href='" . esc_url(add_query_arg( $args, 'edit.php' )) . "'>$count</a>";
         }
 
         function column_links( $tag ) {

wp-admin/export.php

@@ -109 +109 @@
                         continue;
 
                 $month = zeroise( $date->month, 2 );
-                echo '<option value="' . $date->year . '-' . $month . '" />' . $wp_locale->get_month( $month ) . ' ' . $date->year . '</option>';
+                echo '<option value="' . $date->year . '-' . $month . '">' . $wp_locale->get_month( $month ) . ' ' . $date->year . '</option>';
         }
 }
 ?>

wp-admin/options-writing.php

@@ -69 +69 @@
 <?php foreach ( $post_formats[0] as $format ): ?>
                 <option<?php selected( get_option('default_post_format'), $format ); ?> value="<?php echo esc_attr( $format ); ?>"><?php echo esc_html( get_post_format_string( $format ) ); ?></option>
 <?php endforeach; ?>
-        </select></label>
+        </select>
 </td>
 </tr>
 <?php endif; endif; ?>