WordPress.org

Make WordPress Core

Ticket #20771: 20771-2.diff

File 20771-2.diff, 19.2 KB (added by jkudish, 3 years ago)

remove all occurrences of esc_url( wp_nonce_url( ... ) )

  • wp-includes/functions.php

    Property changes on: .
    ___________________________________________________________________
    Added: svn:ignore
       + .idea
    
    
     
    11531153 */ 
    11541154function wp_nonce_url( $actionurl, $action = -1 ) { 
    11551155        $actionurl = str_replace( '&', '&', $actionurl ); 
    1156         return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) ); 
     1156        return esc_url( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) ); 
    11571157} 
    11581158 
    11591159/** 
  • wp-admin/edit-comments.php

     
    187187 
    188188                if ( $spammed > 0 ) { 
    189189                        $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0; 
    190                         $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />'; 
     190                        $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />'; 
    191191                } 
    192192 
    193193                if ( $unspammed > 0 ) 
     
    195195 
    196196                if ( $trashed > 0 ) { 
    197197                        $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0; 
    198                         $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />'; 
     198                        $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />'; 
    199199                } 
    200200 
    201201                if ( $untrashed > 0 ) 
  • wp-admin/includes/class-wp-ms-sites-list-table.php

     
    246246                                                        $actions['backend']     = "<span class='backend'><a href='" . esc_url( get_admin_url( $blog['blog_id'] ) ) . "' class='edit'>" . __( 'Dashboard' ) . '</a></span>'; 
    247247                                                        if ( $current_site->blog_id != $blog['blog_id'] ) { 
    248248                                                                if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' ) 
    249                                                                         $actions['activate']    = '<span class="activate"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ), 'confirm' ) ) . '">' . __( 'Activate' ) . '</a></span>'; 
     249                                                                        $actions['activate']    = '<span class="activate"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ), 'confirm' ) . '">' . __( 'Activate' ) . '</a></span>'; 
    250250                                                                else 
    251                                                                         $actions['deactivate']  = '<span class="activate"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ), 'confirm') ) . '">' . __( 'Deactivate' ) . '</a></span>'; 
     251                                                                        $actions['deactivate']  = '<span class="activate"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ), 'confirm') . '">' . __( 'Deactivate' ) . '</a></span>'; 
    252252 
    253253                                                                if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' ) 
    254                                                                         $actions['unarchive']   = '<span class="archive"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unarchiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . __( 'Unarchive' ) . '</a></span>'; 
     254                                                                        $actions['unarchive']   = '<span class="archive"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unarchiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ), 'confirm') . '">' . __( 'Unarchive' ) . '</a></span>'; 
    255255                                                                else 
    256                                                                         $actions['archive']     = '<span class="archive"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Archive', 'verb; site' ) . '</a></span>'; 
     256                                                                        $actions['archive']     = '<span class="archive"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ), 'confirm') . '">' . _x( 'Archive', 'verb; site' ) . '</a></span>'; 
    257257 
    258258                                                                if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' ) 
    259                                                                         $actions['unspam']      = '<span class="spam"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Not Spam', 'site' ) . '</a></span>'; 
     259                                                                        $actions['unspam']      = '<span class="spam"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Not Spam', 'site' ) . '</a></span>'; 
    260260                                                                else 
    261                                                                         $actions['spam']        = '<span class="spam"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Spam', 'site' ) . '</a></span>'; 
     261                                                                        $actions['spam']        = '<span class="spam"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ), 'confirm') . '">' . _x( 'Spam', 'site' ) . '</a></span>'; 
    262262 
    263263                                                                if ( current_user_can( 'delete_site', $blog['blog_id'] ) ) 
    264                                                                         $actions['delete']      = '<span class="delete"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . __( 'Delete' ) . '</a></span>'; 
     264                                                                        $actions['delete']      = '<span class="delete"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ), 'confirm') . '">' . __( 'Delete' ) . '</a></span>'; 
    265265                                                        } 
    266266 
    267267                                                        $actions['visit']       = "<span class='view'><a href='" . esc_url( get_home_url( $blog['blog_id'] ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a></span>'; 
  • wp-admin/includes/class-wp-ms-themes-list-table.php

     
    287287 
    288288                if ( ! $allowed ) { 
    289289                        if ( ! $theme->errors() ) 
    290                                 $actions['enable'] = '<a href="' . esc_url( wp_nonce_url($url . 'action=enable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'enable-theme_' . $theme_key) ) . '" title="' . esc_attr__('Enable this theme') . '" class="edit">' . ( $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ) ) . '</a>'; 
     290                                $actions['enable'] = '<a href="' . wp_nonce_url($url . 'action=enable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'enable-theme_' . $theme_key) . '" title="' . esc_attr__('Enable this theme') . '" class="edit">' . ( $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ) ) . '</a>'; 
    291291                } else { 
    292                         $actions['disable'] = '<a href="' . esc_url( wp_nonce_url($url . 'action=disable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'disable-theme_' . $theme_key) ) . '" title="' . esc_attr__('Disable this theme') . '">' . ( $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ) ) . '</a>'; 
     292                        $actions['disable'] = '<a href="' . wp_nonce_url($url . 'action=disable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'disable-theme_' . $theme_key) . '" title="' . esc_attr__('Disable this theme') . '">' . ( $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ) ) . '</a>'; 
    293293                } 
    294294 
    295295                if ( current_user_can('edit_themes') ) 
    296296                        $actions['edit'] = '<a href="' . esc_url('theme-editor.php?theme=' .  $theme_key ) . '" title="' . esc_attr__('Open this theme in the Theme Editor') . '" class="edit">' . __('Edit') . '</a>'; 
    297297 
    298298                if ( ! $allowed && current_user_can( 'delete_themes' ) && ! $this->is_site_themes && $theme_key != get_option( 'stylesheet' ) && $theme_key != get_option( 'template' ) ) 
    299                         $actions['delete'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=delete-selected&amp;checked[]=' . $theme_key . '&amp;theme_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-themes' ) ) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>'; 
     299                        $actions['delete'] = '<a href="' . wp_nonce_url( 'themes.php?action=delete-selected&amp;checked[]=' . $theme_key . '&amp;theme_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-themes' ) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>'; 
    300300 
    301301                $actions = apply_filters( 'theme_action_links', array_filter( $actions ), $theme_key, $theme, $context ); 
    302302                $actions = apply_filters( "theme_action_links_$theme_key", $actions, $theme_key, $theme, $context ); 
  • wp-admin/includes/class-wp-theme-install-list-table.php

     
    209209                switch ( $status ) { 
    210210                        default: 
    211211                        case 'install': 
    212                                 $actions[] = '<a class="install-now" href="' . esc_url( wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Install %s' ), $name ) ) . '">' . __( 'Install Now' ) . '</a>'; 
     212                                $actions[] = '<a class="install-now" href="' . wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Install %s' ), $name ) . '">' . __( 'Install Now' ) . '</a>'; 
    213213                                break; 
    214214                        case 'update_available': 
    215                                 $actions[] = '<a class="install-now" href="' . esc_url( wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) ) . '">' . __( 'Update' ) . '</a>'; 
     215                                $actions[] = '<a class="install-now" href="' . wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) . '">' . __( 'Update' ) . '</a>'; 
    216216                                break; 
    217217                        case 'newer_installed': 
    218218                        case 'latest_installed': 
     
    320320                        switch ( $status ) { 
    321321                                default: 
    322322                                case 'install': 
    323                                         echo '<a class="theme-install button-primary" href="' . esc_url( wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '">' . __( 'Install' ) . '</a>'; 
     323                                        echo '<a class="theme-install button-primary" href="' . wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) . '">' . __( 'Install' ) . '</a>'; 
    324324                                        break; 
    325325                                case 'update_available': 
    326                                         echo '<a class="theme-install button-primary" href="' . esc_url( wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) ) . '">' . __( 'Update' ) . '</a>'; 
     326                                        echo '<a class="theme-install button-primary" href="' . wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) . '">' . __( 'Update' ) . '</a>'; 
    327327                                        break; 
    328328                                case 'newer_installed': 
    329329                                case 'latest_installed': 
  • wp-admin/includes/class-wp-upgrader.php

     
    15211521                $install_actions['activate'] = '<a href="' . esc_url( $activate_link ) . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>'; 
    15221522 
    15231523                if ( is_network_admin() && current_user_can( 'manage_network_themes' ) ) 
    1524                         $install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&amp;theme=' . $template, 'enable-theme_' . $template ) ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>'; 
     1524                        $install_actions['network_enable'] = '<a href="' . wp_nonce_url( 'themes.php?action=enable&amp;theme=' . $template, 'enable-theme_' . $template ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>'; 
    15251525 
    15261526                if ( $this->type == 'web' ) 
    15271527                        $install_actions['themes_page'] = '<a href="' . self_admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer') . '</a>'; 
  • wp-admin/includes/template.php

     
    835835                <p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php 
    836836        else : 
    837837?> 
    838 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>"> 
     838<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo wp_nonce_url($action, 'import-upload'); ?>"> 
    839839<p> 
    840840<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>) 
    841841<input type="file" id="upload" name="import" size="25" /> 
  • wp-admin/upload.php

     
    205205 
    206206if ( ! empty( $_GET['trashed'] ) && $trashed = absint( $_GET['trashed'] ) ) { 
    207207        $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $trashed ), number_format_i18n( $_GET['trashed'] ) ); 
    208         $message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>'; 
     208        $message .= ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>'; 
    209209        $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']); 
    210210} 
    211211 
     
    217217$messages[1] = __('Media attachment updated.'); 
    218218$messages[2] = __('Media permanently deleted.'); 
    219219$messages[3] = __('Error saving media attachment.'); 
    220 $messages[4] = __('Media moved to the trash.') . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>'; 
     220$messages[4] = __('Media moved to the trash.') . ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>'; 
    221221$messages[5] = __('Media restored from the trash.'); 
    222222 
    223223if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) { 
  • wp-admin/nav-menus.php

     
    569569 
    570570                                                                <?php if ( ! empty( $nav_menu_selected_id ) ) : ?> 
    571571                                                                <div class="delete-action"> 
    572                                                                         <a class="submitdelete deletion menu-delete" href="<?php echo esc_url( wp_nonce_url( admin_url('nav-menus.php?action=delete&amp;menu=' . $nav_menu_selected_id), 'delete-nav_menu-' . $nav_menu_selected_id ) ); ?>"><?php _e('Delete Menu'); ?></a> 
     572                                                                        <a class="submitdelete deletion menu-delete" href="<?php echo wp_nonce_url( admin_url('nav-menus.php?action=delete&amp;menu=' . $nav_menu_selected_id), 'delete-nav_menu-' . $nav_menu_selected_id ); ?>"><?php _e('Delete Menu'); ?></a> 
    573573                                                                </div><!-- END .delete-action --> 
    574574                                                                <?php endif; ?> 
    575575                                                        </div><!-- END .major-publishing-actions --> 
  • wp-admin/edit.php

     
    245245if ( isset( $_REQUEST['trashed'] ) && $trashed = absint( $_REQUEST['trashed'] ) ) { 
    246246        $messages[] = sprintf( _n( 'Item moved to the Trash.', '%s items moved to the Trash.', $trashed ), number_format_i18n( $trashed ) ); 
    247247        $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0; 
    248         $messages[] = '<a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) ) . '">' . __('Undo') . '</a>'; 
     248        $messages[] = '<a href="' . wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) . '">' . __('Undo') . '</a>'; 
    249249} 
    250250 
    251251if ( isset( $_REQUEST['untrashed'] ) && $untrashed = absint( $_REQUEST['untrashed'] ) ) { 
  • wp-admin/import.php

     
    9696                                if ( !empty($plugins) ) { 
    9797                                        $keys = array_keys($plugins); 
    9898                                        $plugin_file = $plugin_slug . '/' . $keys[0]; 
    99                                         $action = '<a href="' . esc_url(wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file)) . 
     99                                        $action = '<a href="' . wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file) . 
    100100                                                                                        '"title="' . esc_attr__('Activate importer') . '"">' . $data[0] . '</a>'; 
    101101                                } 
    102102                        }