WordPress.org

Make WordPress Core

Ticket #20771: 20771-2.diff

File 20771-2.diff, 19.2 KB (added by jkudish, 6 years ago)

remove all occurrences of esc_url( wp_nonce_url( ... ) )

  • wp-includes/functions.php

    Property changes on: .
    ___________________________________________________________________
    Added: svn:ignore
       + .idea
    
    
     
    11531153 */
    11541154function wp_nonce_url( $actionurl, $action = -1 ) {
    11551155        $actionurl = str_replace( '&', '&', $actionurl );
    1156         return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
     1156        return esc_url( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
    11571157}
    11581158
    11591159/**
  • wp-admin/edit-comments.php

     
    187187
    188188                if ( $spammed > 0 ) {
    189189                        $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0;
    190                         $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />';
     190                        $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />';
    191191                }
    192192
    193193                if ( $unspammed > 0 )
     
    195195
    196196                if ( $trashed > 0 ) {
    197197                        $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0;
    198                         $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />';
     198                        $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />';
    199199                }
    200200
    201201                if ( $untrashed > 0 )
  • wp-admin/includes/class-wp-ms-sites-list-table.php

     
    246246                                                        $actions['backend']     = "<span class='backend'><a href='" . esc_url( get_admin_url( $blog['blog_id'] ) ) . "' class='edit'>" . __( 'Dashboard' ) . '</a></span>';
    247247                                                        if ( $current_site->blog_id != $blog['blog_id'] ) {
    248248                                                                if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' )
    249                                                                         $actions['activate']    = '<span class="activate"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ), 'confirm' ) ) . '">' . __( 'Activate' ) . '</a></span>';
     249                                                                        $actions['activate']    = '<span class="activate"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ), 'confirm' ) . '">' . __( 'Activate' ) . '</a></span>';
    250250                                                                else
    251                                                                         $actions['deactivate']  = '<span class="activate"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ), 'confirm') ) . '">' . __( 'Deactivate' ) . '</a></span>';
     251                                                                        $actions['deactivate']  = '<span class="activate"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ), 'confirm') . '">' . __( 'Deactivate' ) . '</a></span>';
    252252
    253253                                                                if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' )
    254                                                                         $actions['unarchive']   = '<span class="archive"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unarchiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . __( 'Unarchive' ) . '</a></span>';
     254                                                                        $actions['unarchive']   = '<span class="archive"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unarchiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ), 'confirm') . '">' . __( 'Unarchive' ) . '</a></span>';
    255255                                                                else
    256                                                                         $actions['archive']     = '<span class="archive"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Archive', 'verb; site' ) . '</a></span>';
     256                                                                        $actions['archive']     = '<span class="archive"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ), 'confirm') . '">' . _x( 'Archive', 'verb; site' ) . '</a></span>';
    257257
    258258                                                                if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' )
    259                                                                         $actions['unspam']      = '<span class="spam"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Not Spam', 'site' ) . '</a></span>';
     259                                                                        $actions['unspam']      = '<span class="spam"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Not Spam', 'site' ) . '</a></span>';
    260260                                                                else
    261                                                                         $actions['spam']        = '<span class="spam"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ), 'confirm') ) . '">' . _x( 'Spam', 'site' ) . '</a></span>';
     261                                                                        $actions['spam']        = '<span class="spam"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ), 'confirm') . '">' . _x( 'Spam', 'site' ) . '</a></span>';
    262262
    263263                                                                if ( current_user_can( 'delete_site', $blog['blog_id'] ) )
    264                                                                         $actions['delete']      = '<span class="delete"><a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ), 'confirm') ) . '">' . __( 'Delete' ) . '</a></span>';
     264                                                                        $actions['delete']      = '<span class="delete"><a href="' . wp_nonce_url( network_admin_url( 'sites.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ), 'confirm') . '">' . __( 'Delete' ) . '</a></span>';
    265265                                                        }
    266266
    267267                                                        $actions['visit']       = "<span class='view'><a href='" . esc_url( get_home_url( $blog['blog_id'] ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a></span>';
  • wp-admin/includes/class-wp-ms-themes-list-table.php

     
    287287
    288288                if ( ! $allowed ) {
    289289                        if ( ! $theme->errors() )
    290                                 $actions['enable'] = '<a href="' . esc_url( wp_nonce_url($url . 'action=enable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'enable-theme_' . $theme_key) ) . '" title="' . esc_attr__('Enable this theme') . '" class="edit">' . ( $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ) ) . '</a>';
     290                                $actions['enable'] = '<a href="' . wp_nonce_url($url . 'action=enable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'enable-theme_' . $theme_key) . '" title="' . esc_attr__('Enable this theme') . '" class="edit">' . ( $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ) ) . '</a>';
    291291                } else {
    292                         $actions['disable'] = '<a href="' . esc_url( wp_nonce_url($url . 'action=disable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'disable-theme_' . $theme_key) ) . '" title="' . esc_attr__('Disable this theme') . '">' . ( $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ) ) . '</a>';
     292                        $actions['disable'] = '<a href="' . wp_nonce_url($url . 'action=disable&amp;theme=' . $theme_key . '&amp;paged=' . $page . '&amp;s=' . $s, 'disable-theme_' . $theme_key) . '" title="' . esc_attr__('Disable this theme') . '">' . ( $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ) ) . '</a>';
    293293                }
    294294
    295295                if ( current_user_can('edit_themes') )
    296296                        $actions['edit'] = '<a href="' . esc_url('theme-editor.php?theme=' .  $theme_key ) . '" title="' . esc_attr__('Open this theme in the Theme Editor') . '" class="edit">' . __('Edit') . '</a>';
    297297
    298298                if ( ! $allowed && current_user_can( 'delete_themes' ) && ! $this->is_site_themes && $theme_key != get_option( 'stylesheet' ) && $theme_key != get_option( 'template' ) )
    299                         $actions['delete'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=delete-selected&amp;checked[]=' . $theme_key . '&amp;theme_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-themes' ) ) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>';
     299                        $actions['delete'] = '<a href="' . wp_nonce_url( 'themes.php?action=delete-selected&amp;checked[]=' . $theme_key . '&amp;theme_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-themes' ) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>';
    300300
    301301                $actions = apply_filters( 'theme_action_links', array_filter( $actions ), $theme_key, $theme, $context );
    302302                $actions = apply_filters( "theme_action_links_$theme_key", $actions, $theme_key, $theme, $context );
  • wp-admin/includes/class-wp-theme-install-list-table.php

     
    209209                switch ( $status ) {
    210210                        default:
    211211                        case 'install':
    212                                 $actions[] = '<a class="install-now" href="' . esc_url( wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Install %s' ), $name ) ) . '">' . __( 'Install Now' ) . '</a>';
     212                                $actions[] = '<a class="install-now" href="' . wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Install %s' ), $name ) . '">' . __( 'Install Now' ) . '</a>';
    213213                                break;
    214214                        case 'update_available':
    215                                 $actions[] = '<a class="install-now" href="' . esc_url( wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) ) . '">' . __( 'Update' ) . '</a>';
     215                                $actions[] = '<a class="install-now" href="' . wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) . '">' . __( 'Update' ) . '</a>';
    216216                                break;
    217217                        case 'newer_installed':
    218218                        case 'latest_installed':
     
    320320                        switch ( $status ) {
    321321                                default:
    322322                                case 'install':
    323                                         echo '<a class="theme-install button-primary" href="' . esc_url( wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) ) . '">' . __( 'Install' ) . '</a>';
     323                                        echo '<a class="theme-install button-primary" href="' . wp_nonce_url( $install_url, 'install-theme_' . $theme->slug ) . '">' . __( 'Install' ) . '</a>';
    324324                                        break;
    325325                                case 'update_available':
    326                                         echo '<a class="theme-install button-primary" href="' . esc_url( wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) ) . '">' . __( 'Update' ) . '</a>';
     326                                        echo '<a class="theme-install button-primary" href="' . wp_nonce_url( $update_url, 'upgrade-theme_' . $theme->slug ) . '" title="' . esc_attr( sprintf( __( 'Update to version %s' ), $theme->version ) . '">' . __( 'Update' ) . '</a>';
    327327                                        break;
    328328                                case 'newer_installed':
    329329                                case 'latest_installed':
  • wp-admin/includes/class-wp-upgrader.php

     
    15211521                $install_actions['activate'] = '<a href="' . esc_url( $activate_link ) . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>';
    15221522
    15231523                if ( is_network_admin() && current_user_can( 'manage_network_themes' ) )
    1524                         $install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&amp;theme=' . $template, 'enable-theme_' . $template ) ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>';
     1524                        $install_actions['network_enable'] = '<a href="' . wp_nonce_url( 'themes.php?action=enable&amp;theme=' . $template, 'enable-theme_' . $template ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>';
    15251525
    15261526                if ( $this->type == 'web' )
    15271527                        $install_actions['themes_page'] = '<a href="' . self_admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer') . '</a>';
  • wp-admin/includes/template.php

     
    835835                <p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php
    836836        else :
    837837?>
    838 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>">
     838<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo wp_nonce_url($action, 'import-upload'); ?>">
    839839<p>
    840840<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
    841841<input type="file" id="upload" name="import" size="25" />
  • wp-admin/upload.php

     
    205205
    206206if ( ! empty( $_GET['trashed'] ) && $trashed = absint( $_GET['trashed'] ) ) {
    207207        $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $trashed ), number_format_i18n( $_GET['trashed'] ) );
    208         $message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
     208        $message .= ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>';
    209209        $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
    210210}
    211211
     
    217217$messages[1] = __('Media attachment updated.');
    218218$messages[2] = __('Media permanently deleted.');
    219219$messages[3] = __('Error saving media attachment.');
    220 $messages[4] = __('Media moved to the trash.') . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
     220$messages[4] = __('Media moved to the trash.') . ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>';
    221221$messages[5] = __('Media restored from the trash.');
    222222
    223223if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) {
  • wp-admin/nav-menus.php

     
    569569
    570570                                                                <?php if ( ! empty( $nav_menu_selected_id ) ) : ?>
    571571                                                                <div class="delete-action">
    572                                                                         <a class="submitdelete deletion menu-delete" href="<?php echo esc_url( wp_nonce_url( admin_url('nav-menus.php?action=delete&amp;menu=' . $nav_menu_selected_id), 'delete-nav_menu-' . $nav_menu_selected_id ) ); ?>"><?php _e('Delete Menu'); ?></a>
     572                                                                        <a class="submitdelete deletion menu-delete" href="<?php echo wp_nonce_url( admin_url('nav-menus.php?action=delete&amp;menu=' . $nav_menu_selected_id), 'delete-nav_menu-' . $nav_menu_selected_id ); ?>"><?php _e('Delete Menu'); ?></a>
    573573                                                                </div><!-- END .delete-action -->
    574574                                                                <?php endif; ?>
    575575                                                        </div><!-- END .major-publishing-actions -->
  • wp-admin/edit.php

     
    245245if ( isset( $_REQUEST['trashed'] ) && $trashed = absint( $_REQUEST['trashed'] ) ) {
    246246        $messages[] = sprintf( _n( 'Item moved to the Trash.', '%s items moved to the Trash.', $trashed ), number_format_i18n( $trashed ) );
    247247        $ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0;
    248         $messages[] = '<a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) ) . '">' . __('Undo') . '</a>';
     248        $messages[] = '<a href="' . wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) . '">' . __('Undo') . '</a>';
    249249}
    250250
    251251if ( isset( $_REQUEST['untrashed'] ) && $untrashed = absint( $_REQUEST['untrashed'] ) ) {
  • wp-admin/import.php

     
    9696                                if ( !empty($plugins) ) {
    9797                                        $keys = array_keys($plugins);
    9898                                        $plugin_file = $plugin_slug . '/' . $keys[0];
    99                                         $action = '<a href="' . esc_url(wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file)) .
     99                                        $action = '<a href="' . wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $plugin_file . '&from=import'), 'activate-plugin_' . $plugin_file) .
    100100                                                                                        '"title="' . esc_attr__('Activate importer') . '"">' . $data[0] . '</a>';
    101101                                }
    102102                        }