Ticket #3986: 2.0_inclusive.diff
File 2.0_inclusive.diff, 5.7 KB (added by , 18 years ago) |
---|
-
wp-includes/links.php
212 212 213 213 $the_link = '#'; 214 214 if (!empty($row->link_url)) 215 $the_link = attribute_escape($row->link_url);215 $the_link = clean_url($row->link_url); 216 216 217 217 $rel = $row->link_rel; 218 218 if ($rel != '') { -
wp-includes/template-functions-links.php
458 458 } 459 459 460 460 function next_posts($max_page = 0) { 461 echo attribute_escape(get_next_posts_page_link($max_page));461 echo clean_url(get_next_posts_page_link($max_page)); 462 462 } 463 463 464 464 function next_posts_link($label='Next Page »', $max_page=0) { … … 495 495 } 496 496 497 497 function previous_posts() { 498 echo attribute_escape(get_previous_posts_page_link());498 echo clean_url(get_previous_posts_page_link()); 499 499 } 500 500 501 501 function previous_posts_link($label='« Previous Page') { -
wp-includes/functions.php
2491 2491 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 2492 2492 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 2493 2493 } else { 2494 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";2494 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 2495 2495 } 2496 2496 $html .= "</body>\n</html>"; 2497 2497 wp_die($html, $title); -
wp-admin/post.php
81 81 ?> 82 82 <div id='preview' class='wrap'> 83 83 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit ↑'); ?></a></small></h2> 84 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>84 <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 85 85 </div> 86 86 <?php 87 87 break; -
wp-admin/upgrade.php
67 67 switch($step) { 68 68 69 69 case 0: 70 $goback = attribute_escape(stripslashes(wp_get_referer()));70 $goback = clean_url(stripslashes(wp_get_referer())); 71 71 ?> 72 72 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 73 73 <h2 class="step"><a href="upgrade.php?step=1&backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress »'); ?></a></h2> … … 86 86 if ( empty( $_GET['backto'] ) ) 87 87 $backto = __get_option('home'); 88 88 else 89 $backto = attribute_escape(stripslashes($_GET['backto']));89 $backto = clean_url(stripslashes($_GET['backto'])); 90 90 ?> 91 91 <h2><?php _e('Step 1'); ?></h2> 92 92 <p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), $backto); ?></p> -
wp-admin/admin-functions.php
467 467 function get_link_to_edit($link_id) { 468 468 $link = get_link($link_id); 469 469 470 $link->link_url = attribute_escape($link->link_url);470 $link->link_url = clean_url($link->link_url); 471 471 $link->link_name = attribute_escape($link->link_name); 472 472 $link->link_image = attribute_escape($link->link_image); 473 473 $link->link_description = attribute_escape($link->link_description); 474 $link->link_rss = attribute_escape($link->link_rss);474 $link->link_rss = clean_url($link->link_rss); 475 475 $link->link_rel = attribute_escape($link->link_rel); 476 476 $link->link_notes = wp_specialchars($link->link_notes); 477 477 $link->post_category = $link->link_category; … … 481 481 482 482 function get_default_link_to_edit() { 483 483 if ( isset($_GET['linkurl']) ) 484 $link->link_url = attribute_escape($_GET['linkurl']);484 $link->link_url = clean_url($_GET['linkurl']); 485 485 else 486 486 $link->link_url = ''; 487 487 -
wp-admin/bookmarklet.php
37 37 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));40 $popupurl = clean_url(stripslashes($_REQUEST['popupurl'])); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); 43 43 } else {