Ticket #3937: add_query_arg_output_sanitization.001.diff
File add_query_arg_output_sanitization.001.diff, 13.6 KB (added by , 18 years ago) |
---|
-
trunk/wp-includes/script-loader.php
150 150 $ver .= '&' . $this->args[$handle]; 151 151 $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src; 152 152 $src = add_query_arg('ver', $ver, $src); 153 $src = a pply_filters( 'script_loader_src', $src);153 $src = attribute_escape(apply_filters( 'script_loader_src', $src )); 154 154 echo "<script type='text/javascript' src='$src'></script>\n"; 155 155 $this->print_scripts_l10n( $handle ); 156 156 } -
trunk/wp-admin/edit-comments.php
101 101 $r = ''; 102 102 if ( 1 < $page ) { 103 103 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 104 $r .= '<a class="prev" href="' . a dd_query_arg( $args) . '">« '. __('Previous Page') .'</a>' . "\n";104 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 105 105 } 106 106 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 107 107 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 111 111 $p = false; 112 112 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 113 113 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 114 $r .= '<a class="page-numbers" href="' . a dd_query_arg($args) . '">' . ( $page_num ) . "</a>\n";114 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 115 115 $in = true; 116 116 elseif ( $in == true ) : 117 117 $r .= "...\n"; … … 122 122 } 123 123 if ( ( $page ) * 20 < $total || -1 == $total ) { 124 124 $args['apage'] = $page + 1; 125 $r .= '<a class="next" href="' . a dd_query_arg($args) . '">'. __('Next Page') .' »</a>' . "\n";125 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 126 126 } 127 127 echo "<p class='pagenav'>$r</p>"; 128 128 ?> … … 248 248 $r = ''; 249 249 if ( 1 < $page ) { 250 250 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 251 $r .= '<a class="prev" href="' . a dd_query_arg( $args) . '">« '. __('Previous Page') .'</a>' . "\n";251 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 252 252 } 253 253 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 254 254 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 258 258 $p = false; 259 259 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 260 260 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 261 $r .= '<a class="page-numbers" href="' . a dd_query_arg($args) . '">' . ( $page_num ) . "</a>\n";261 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 262 262 $in = true; 263 263 elseif ( $in == true ) : 264 264 $r .= "...\n"; … … 269 269 } 270 270 if ( ( $page ) * 20 < $total || -1 == $total ) { 271 271 $args['apage'] = $page + 1; 272 $r .= '<a class="next" href="' . a dd_query_arg($args) . '">'. __('Next Page') .' »</a>' . "\n";272 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 273 273 } 274 274 echo "<p class='pagenav'>$r</p>"; 275 275 ?> -
trunk/wp-admin/admin-functions.php
1935 1935 if (strpos($size, 'g') !== false) 1936 1936 $bytes = $size * 1024 * 1024 * 1024; 1937 1937 ?> 1938 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action?>">1938 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>"> 1939 1939 <p> 1940 1940 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> ) 1941 1941 <input type="file" id="upload" name="import" size="25" /> -
trunk/wp-admin/custom-header.php
174 174 <h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p> 175 175 <p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p> 176 176 177 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo a dd_query_arg('step', 2) ?>" style="margin: auto; width: 50%;">177 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;"> 178 178 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" /> 179 179 <input type="hidden" name="action" value="save" /> 180 180 <p class="submit"> … … 188 188 <div class="wrap"> 189 189 <h2><?php _e('Reset Header Image and Color'); ?></h2> 190 190 <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p> 191 <form method="post" action="<?php echo a dd_query_arg('step', 1) ?>">191 <form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>"> 192 192 <input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" /> 193 193 </form> 194 194 </div> … … 240 240 241 241 <div class="wrap"> 242 242 243 <form method="POST" action="<?php echo a dd_query_arg('step', 3) ?>">243 <form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>"> 244 244 245 245 <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p> 246 246 <div id="testWrap"> -
branches/2.0/wp-admin/admin-functions.php
1810 1810 o.submit(); 1811 1811 } 1812 1812 </script> 1813 <form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action?>">1813 <form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo attribute_escape($action) ?>"> 1814 1814 <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" /> 1815 1815 <input type="hidden" name="action" value="save" /> 1816 1816 <div id="buttons"> -
branches/2.1/wp-includes/script-loader.php
78 78 if ( isset($this->args[$handle]) ) 79 79 $ver .= '&' . $this->args[$handle]; 80 80 $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src; 81 $src = a dd_query_arg('ver', $ver, $src);81 $src = attribute_escape(add_query_arg('ver', $ver, $src)); 82 82 echo "<script type='text/javascript' src='$src'></script>\n"; 83 83 } 84 84 $this->printed[] = $handle; -
branches/2.1/wp-admin/edit-comments.php
101 101 $r = ''; 102 102 if ( 1 < $page ) { 103 103 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 104 $r .= '<a class="prev" href="' . a dd_query_arg( $args) . '">« '. __('Previous Page') .'</a>' . "\n";104 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 105 105 } 106 106 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 107 107 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 111 111 $p = false; 112 112 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 113 113 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 114 $r .= '<a class="page-numbers" href="' . a dd_query_arg($args) . '">' . ( $page_num ) . "</a>\n";114 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 115 115 $in = true; 116 116 elseif ( $in == true ) : 117 117 $r .= "...\n"; … … 122 122 } 123 123 if ( ( $page ) * 20 < $total || -1 == $total ) { 124 124 $args['apage'] = $page + 1; 125 $r .= '<a class="next" href="' . a dd_query_arg($args) . '">'. __('Next Page') .' »</a>' . "\n";125 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 126 126 } 127 127 echo "<p class='pagenav'>$r</p>"; 128 128 ?> … … 248 248 $r = ''; 249 249 if ( 1 < $page ) { 250 250 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 251 $r .= '<a class="prev" href="' . a dd_query_arg( $args) . '">« '. __('Previous Page') .'</a>' . "\n";251 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 252 252 } 253 253 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 254 254 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 258 258 $p = false; 259 259 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 260 260 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 261 $r .= '<a class="page-numbers" href="' . a dd_query_arg($args) . '">' . ( $page_num ) . "</a>\n";261 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 262 262 $in = true; 263 263 elseif ( $in == true ) : 264 264 $r .= "...\n"; … … 269 269 } 270 270 if ( ( $page ) * 20 < $total || -1 == $total ) { 271 271 $args['apage'] = $page + 1; 272 $r .= '<a class="next" href="' . a dd_query_arg($args) . '">'. __('Next Page') .' »</a>' . "\n";272 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 273 273 } 274 274 echo "<p class='pagenav'>$r</p>"; 275 275 ?> -
branches/2.1/wp-admin/admin-functions.php
1922 1922 if ( strstr( $size, 'g' ) ) 1923 1923 $bytes = $size * 1024 * 1024 * 1024; 1924 1924 ?> 1925 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action?>">1925 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>"> 1926 1926 <p> 1927 1927 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> ) 1928 1928 <input type="file" id="upload" name="import" size="25" /> -
branches/2.1/wp-admin/custom-header.php
174 174 <h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p> 175 175 <p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p> 176 176 177 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo a dd_query_arg('step', 2) ?>" style="margin: auto; width: 50%;">177 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;"> 178 178 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" /> 179 179 <input type="hidden" name="action" value="save" /> 180 180 <p class="submit"> … … 188 188 <div class="wrap"> 189 189 <h2><?php _e('Reset Header Image and Color'); ?></h2> 190 190 <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p> 191 <form method="post" action="<?php echo a dd_query_arg('step', 1) ?>">191 <form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>"> 192 192 <input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" /> 193 193 </form> 194 194 </div> … … 240 240 241 241 <div class="wrap"> 242 242 243 <form method="POST" action="<?php echo a dd_query_arg('step', 3) ?>">243 <form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>"> 244 244 245 245 <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p> 246 246 <div id="testWrap"> -
branches/2.1/wp-admin/upload-functions.php
35 35 $r = ''; 36 36 37 37 if ( $href ) 38 $r .= "<a id='file-link-$id' href=' $href' title='$post_title' class='file-link $class'>\n";38 $r .= "<a id='file-link-$id' href='" . attribute_escape($href) ."' title='$post_title' class='file-link $class'>\n"; 39 39 if ( $href || $image_src ) 40 40 $r .= "\t\t\t$innerHTML"; 41 41 if ( $href )