Make WordPress Core

Ticket #3986: 2.0_inclusive.diff

File 2.0_inclusive.diff, 5.7 KB (added by markjaquith, 18 years ago)

branches/2.0/ patch

  • wp-includes/links.php

     
    212212
    213213                $the_link = '#';
    214214                if (!empty($row->link_url))
    215                         $the_link = attribute_escape($row->link_url);
     215                        $the_link = clean_url($row->link_url);
    216216
    217217                $rel = $row->link_rel;
    218218                if ($rel != '') {
  • wp-includes/template-functions-links.php

     
    458458}
    459459
    460460function next_posts($max_page = 0) {
    461         echo attribute_escape(get_next_posts_page_link($max_page));
     461        echo clean_url(get_next_posts_page_link($max_page));
    462462}
    463463
    464464function next_posts_link($label='Next Page »', $max_page=0) {
     
    495495}
    496496
    497497function previous_posts() {
    498         echo attribute_escape(get_previous_posts_page_link());
     498        echo clean_url(get_previous_posts_page_link());
    499499}
    500500
    501501function previous_posts_link($label='« Previous Page') {
  • wp-includes/functions.php

     
    24912491                $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
    24922492                $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
    24932493        } else {
    2494                 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
     2494                $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
    24952495        }
    24962496        $html .= "</body>\n</html>";
    24972497        wp_die($html, $title);
  • wp-admin/post.php

     
    8181        ?>
    8282        <div id='preview' class='wrap'>
    8383        <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit &uarr;'); ?></a></small></h2>
    84                 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
     84                <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
    8585        </div>
    8686        <?php
    8787        break;
  • wp-admin/upgrade.php

     
    6767switch($step) {
    6868
    6969        case 0:
    70         $goback = attribute_escape(stripslashes(wp_get_referer()));
     70        $goback = clean_url(stripslashes(wp_get_referer()));
    7171?>
    7272<p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p>
    7373        <h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
     
    8686        if ( empty( $_GET['backto'] ) )
    8787                $backto = __get_option('home');
    8888        else
    89                 $backto = attribute_escape(stripslashes($_GET['backto']));
     89                $backto = clean_url(stripslashes($_GET['backto']));
    9090?>
    9191<h2><?php _e('Step 1'); ?></h2>
    9292        <p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>
  • wp-admin/admin-functions.php

     
    467467function get_link_to_edit($link_id) {
    468468        $link = get_link($link_id);
    469469
    470         $link->link_url         = attribute_escape($link->link_url);
     470        $link->link_url         =        clean_url($link->link_url);
    471471        $link->link_name        = attribute_escape($link->link_name);
    472472        $link->link_image       = attribute_escape($link->link_image);
    473473        $link->link_description = attribute_escape($link->link_description);
    474         $link->link_rss         = attribute_escape($link->link_rss);
     474        $link->link_rss         =        clean_url($link->link_rss);
    475475        $link->link_rel         = attribute_escape($link->link_rel);
    476476        $link->link_notes       =  wp_specialchars($link->link_notes);
    477477        $link->post_category    = $link->link_category;
     
    481481
    482482function get_default_link_to_edit() {
    483483        if ( isset($_GET['linkurl']) )
    484                 $link->link_url = attribute_escape($_GET['linkurl']);
     484                $link->link_url = clean_url($_GET['linkurl']);
    485485        else
    486486                $link->link_url = '';
    487487       
  • wp-admin/bookmarklet.php

     
    3737       
    3838 
    3939$content  = wp_specialchars($_REQUEST['content']);
    40 $popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));
     40$popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
    4141    if ( !empty($content) ) {
    4242        $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
    4343    } else {