Ticket #20771: 20771-2.diff
File 20771-2.diff, 19.2 KB (added by , 13 years ago) |
---|
-
wp-includes/functions.php
Property changes on: . ___________________________________________________________________ Added: svn:ignore + .idea
1153 1153 */ 1154 1154 function wp_nonce_url( $actionurl, $action = -1 ) { 1155 1155 $actionurl = str_replace( '&', '&', $actionurl ); 1156 return esc_ html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );1156 return esc_url( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) ); 1157 1157 } 1158 1158 1159 1159 /** -
wp-admin/edit-comments.php
187 187 188 188 if ( $spammed > 0 ) { 189 189 $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0; 190 $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" )) . '">' . __('Undo') . '</a><br />';190 $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />'; 191 191 } 192 192 193 193 if ( $unspammed > 0 ) … … 195 195 196 196 if ( $trashed > 0 ) { 197 197 $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0; 198 $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" )) . '">' . __('Undo') . '</a><br />';198 $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />'; 199 199 } 200 200 201 201 if ( $untrashed > 0 ) -
wp-admin/includes/class-wp-ms-sites-list-table.php
246 246 $actions['backend'] = "<span class='backend'><a href='" . esc_url( get_admin_url( $blog['blog_id'] ) ) . "' class='edit'>" . __( 'Dashboard' ) . '</a></span>'; 247 247 if ( $current_site->blog_id != $blog['blog_id'] ) { 248 248 if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' ) 249 $actions['activate'] = '<span class="activate"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=activateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ), 'confirm' )) . '">' . __( 'Activate' ) . '</a></span>';249 $actions['activate'] = '<span class="activate"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=activateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ), 'confirm' ) . '">' . __( 'Activate' ) . '</a></span>'; 250 250 else 251 $actions['deactivate'] = '<span class="activate"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=deactivateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ), 'confirm')) . '">' . __( 'Deactivate' ) . '</a></span>';251 $actions['deactivate'] = '<span class="activate"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=deactivateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ), 'confirm') . '">' . __( 'Deactivate' ) . '</a></span>'; 252 252 253 253 if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' ) 254 $actions['unarchive'] = '<span class="archive"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=unarchiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ), 'confirm')) . '">' . __( 'Unarchive' ) . '</a></span>';254 $actions['unarchive'] = '<span class="archive"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=unarchiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ), 'confirm') . '">' . __( 'Unarchive' ) . '</a></span>'; 255 255 else 256 $actions['archive'] = '<span class="archive"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=archiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ), 'confirm')) . '">' . _x( 'Archive', 'verb; site' ) . '</a></span>';256 $actions['archive'] = '<span class="archive"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=archiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ), 'confirm') . '">' . _x( 'Archive', 'verb; site' ) . '</a></span>'; 257 257 258 258 if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' ) 259 $actions['unspam'] = '<span class="spam"><a href="' . esc_url(wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=unspamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Not Spam', 'site' ) . '</a></span>';259 $actions['unspam'] = '<span class="spam"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=unspamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Not Spam', 'site' ) . '</a></span>'; 260 260 else 261 $actions['spam'] = '<span class="spam"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=spamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ), 'confirm')) . '">' . _x( 'Spam', 'site' ) . '</a></span>';261 $actions['spam'] = '<span class="spam"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=spamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ), 'confirm') . '">' . _x( 'Spam', 'site' ) . '</a></span>'; 262 262 263 263 if ( current_user_can( 'delete_site', $blog['blog_id'] ) ) 264 $actions['delete'] = '<span class="delete"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=deleteblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ), 'confirm')) . '">' . __( 'Delete' ) . '</a></span>';264 $actions['delete'] = '<span class="delete"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=deleteblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ), 'confirm') . '">' . __( 'Delete' ) . '</a></span>'; 265 265 } 266 266 267 267 $actions['visit'] = "<span class='view'><a href='" . esc_url( get_home_url( $blog['blog_id'] ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a></span>'; -
wp-admin/includes/class-wp-ms-themes-list-table.php
287 287 288 288 if ( ! $allowed ) { 289 289 if ( ! $theme->errors() ) 290 $actions['enable'] = '<a href="' . esc_url( wp_nonce_url($url . 'action=enable&theme=' . $theme_key . '&paged=' . $page . '&s=' . $s, 'enable-theme_' . $theme_key)) . '" title="' . esc_attr__('Enable this theme') . '" class="edit">' . ( $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ) ) . '</a>';290 $actions['enable'] = '<a href="' . wp_nonce_url($url . 'action=enable&theme=' . $theme_key . '&paged=' . $page . '&s=' . $s, 'enable-theme_' . $theme_key) . '" title="' . esc_attr__('Enable this theme') . '" class="edit">' . ( $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ) ) . '</a>'; 291 291 } else { 292 $actions['disable'] = '<a href="' . esc_url( wp_nonce_url($url . 'action=disable&theme=' . $theme_key . '&paged=' . $page . '&s=' . $s, 'disable-theme_' . $theme_key)) . '" title="' . esc_attr__('Disable this theme') . '">' . ( $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ) ) . '</a>';292 $actions['disable'] = '<a href="' . wp_nonce_url($url . 'action=disable&theme=' . $theme_key . '&paged=' . $page . '&s=' . $s, 'disable-theme_' . $theme_key) . '" title="' . esc_attr__('Disable this theme') . '">' . ( $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ) ) . '</a>'; 293 293 } 294 294 295 295 if ( current_user_can('edit_themes') ) 296 296 $actions['edit'] = '<a href="' . esc_url('theme-editor.php?theme=' . $theme_key ) . '" title="' . esc_attr__('Open this theme in the Theme Editor') . '" class="edit">' . __('Edit') . '</a>'; 297 297 298 298 if ( ! $allowed && current_user_can( 'delete_themes' ) && ! $this->is_site_themes && $theme_key != get_option( 'stylesheet' ) && $theme_key != get_option( 'template' ) ) 299 $actions['delete'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=delete-selected&checked[]=' . $theme_key . '&theme_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-themes' )) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>';299 $actions['delete'] = '<a href="' . wp_nonce_url( 'themes.php?action=delete-selected&checked[]=' . $theme_key . '&theme_status=' . $context . '&paged=' . $page . '&s=' . $s, 'bulk-themes' ) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>'; 300 300 301 301 $actions = apply_filters( 'theme_action_links', array_filter( $actions ), $theme_key, $theme, $context ); 302 302 $actions = apply_filters( "theme_action_links_$theme_key", $actions, $theme_key, $theme, $context ); -
wp-admin/includes/class-wp-theme-install-list-table.php
209 209 switch ( $status ) { 210 210 default: 211 211 case 'install': 212 $actions[] = '<a class="install-now" href="' . esc_url( wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Install %s' ), $name )) . '">' . __( 'Install Now' ) . '</a>';212 $actions[] = '<a class="install-now" href="' . wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Install %s' ), $name ) . '">' . __( 'Install Now' ) . '</a>'; 213 213 break; 214 214 case 'update_available': 215 $actions[] = '<a class="install-now" href="' . esc_url( wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version )) . '">' . __( 'Update' ) . '</a>';215 $actions[] = '<a class="install-now" href="' . wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) . '">' . __( 'Update' ) . '</a>'; 216 216 break; 217 217 case 'newer_installed': 218 218 case 'latest_installed': … … 320 320 switch ( $status ) { 321 321 default: 322 322 case 'install': 323 echo '<a class="theme-install button-primary" href="' . esc_url( wp_nonce_url( $install_url, 'install-theme_' . $theme->slug )) . '">' . __( 'Install' ) . '</a>';323 echo '<a class="theme-install button-primary" href="' . wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) . '">' . __( 'Install' ) . '</a>'; 324 324 break; 325 325 case 'update_available': 326 echo '<a class="theme-install button-primary" href="' . esc_url( wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version )) . '">' . __( 'Update' ) . '</a>';326 echo '<a class="theme-install button-primary" href="' . wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) . '">' . __( 'Update' ) . '</a>'; 327 327 break; 328 328 case 'newer_installed': 329 329 case 'latest_installed': -
wp-admin/includes/class-wp-upgrader.php
1521 1521 $install_actions['activate'] = '<a href="' . esc_url( $activate_link ) . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate “%s”'), $name ) ) . '">' . __('Activate') . '</a>'; 1522 1522 1523 1523 if ( is_network_admin() && current_user_can( 'manage_network_themes' ) ) 1524 $install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&theme=' . $template, 'enable-theme_' . $template )) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>';1524 $install_actions['network_enable'] = '<a href="' . wp_nonce_url( 'themes.php?action=enable&theme=' . $template, 'enable-theme_' . $template ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>'; 1525 1525 1526 1526 if ( $this->type == 'web' ) 1527 1527 $install_actions['themes_page'] = '<a href="' . self_admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer') . '</a>'; -
wp-admin/includes/template.php
835 835 <p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php 836 836 else : 837 837 ?> 838 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>">838 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo wp_nonce_url($action, 'import-upload'); ?>"> 839 839 <p> 840 840 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>) 841 841 <input type="file" id="upload" name="import" size="25" /> -
wp-admin/upload.php
205 205 206 206 if ( ! empty( $_GET['trashed'] ) && $trashed = absint( $_GET['trashed'] ) ) { 207 207 $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $trashed ), number_format_i18n( $_GET['trashed'] ) ); 208 $message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" )) . '">' . __('Undo') . '</a>';208 $message .= ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>'; 209 209 $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']); 210 210 } 211 211 … … 217 217 $messages[1] = __('Media attachment updated.'); 218 218 $messages[2] = __('Media permanently deleted.'); 219 219 $messages[3] = __('Error saving media attachment.'); 220 $messages[4] = __('Media moved to the trash.') . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" )) . '">' . __('Undo') . '</a>';220 $messages[4] = __('Media moved to the trash.') . ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>'; 221 221 $messages[5] = __('Media restored from the trash.'); 222 222 223 223 if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) { -
wp-admin/nav-menus.php
569 569 570 570 <?php if ( ! empty( $nav_menu_selected_id ) ) : ?> 571 571 <div class="delete-action"> 572 <a class="submitdelete deletion menu-delete" href="<?php echo esc_url( wp_nonce_url( admin_url('nav-menus.php?action=delete&menu=' . $nav_menu_selected_id), 'delete-nav_menu-' . $nav_menu_selected_id )); ?>"><?php _e('Delete Menu'); ?></a>572 <a class="submitdelete deletion menu-delete" href="<?php echo wp_nonce_url( admin_url('nav-menus.php?action=delete&menu=' . $nav_menu_selected_id), 'delete-nav_menu-' . $nav_menu_selected_id ); ?>"><?php _e('Delete Menu'); ?></a> 573 573 </div><!-- END .delete-action --> 574 574 <?php endif; ?> 575 575 </div><!-- END .major-publishing-actions --> -
wp-admin/edit.php
245 245 if ( isset( $_REQUEST['trashed'] ) && $trashed = absint( $_REQUEST['trashed'] ) ) { 246 246 $messages[] = sprintf( _n( 'Item moved to the Trash.', '%s items moved to the Trash.', $trashed ), number_format_i18n( $trashed ) ); 247 247 $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0; 248 $messages[] = '<a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" )) . '">' . __('Undo') . '</a>';248 $messages[] = '<a href="' . wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) . '">' . __('Undo') . '</a>'; 249 249 } 250 250 251 251 if ( isset( $_REQUEST['untrashed'] ) && $untrashed = absint( $_REQUEST['untrashed'] ) ) { -
wp-admin/import.php
96 96 if ( !empty($plugins) ) { 97 97 $keys = array_keys($plugins); 98 98 $plugin_file = $plugin_slug . '/' . $keys[0]; 99 $action = '<a href="' . esc_url(wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file)) .99 $action = '<a href="' . wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file) . 100 100 '"title="' . esc_attr__('Activate importer') . '"">' . $data[0] . '</a>'; 101 101 } 102 102 }