Ticket #3986: 2.1_inclusive.diff
| File 2.1_inclusive.diff, 19.1 KB (added by , 17 years ago) |
|---|
-
wp-includes/link-template.php
459 459 } 460 460 461 461 function next_posts($max_page = 0) { 462 echo attribute_escape(get_next_posts_page_link($max_page));462 echo clean_url(get_next_posts_page_link($max_page)); 463 463 } 464 464 465 465 function next_posts_link($label='Next Page »', $max_page=0) { … … 489 489 } 490 490 491 491 function previous_posts() { 492 echo attribute_escape(get_previous_posts_page_link());492 echo clean_url(get_previous_posts_page_link()); 493 493 } 494 494 495 495 function previous_posts_link($label='« Previous Page') { -
wp-includes/general-template.php
289 289 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 290 290 $text = wptexturize($text); 291 291 $title_text = attribute_escape($text); 292 $url = clean_url($url); 292 293 293 294 if ('link' == $format) 294 295 return "\t<link rel='archives' title='$title_text' href='$url' />\n"; … … 971 972 $link = str_replace('%#%', $current - 1, $link); 972 973 if ( $add_args ) 973 974 $link = add_query_arg( $add_args, $link ); 974 $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape($link) . "'>$prev_text</a>";975 $page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>"; 975 976 endif; 976 977 for ( $n = 1; $n <= $total; $n++ ) : 977 978 if ( $n == $current ) : … … 983 984 $link = str_replace('%#%', $n, $link); 984 985 if ( $add_args ) 985 986 $link = add_query_arg( $add_args, $link ); 986 $page_links[] = "<a class='page-numbers' href='" . attribute_escape($link) . "'>$n</a>";987 $page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n</a>"; 987 988 $dots = true; 988 989 elseif ( $dots && !$show_all ) : 989 990 $page_links[] = "<span class='page-numbers dots'>...</span>"; … … 996 997 $link = str_replace('%#%', $current + 1, $link); 997 998 if ( $add_args ) 998 999 $link = add_query_arg( $add_args, $link ); 999 $page_links[] = "<a class='next page-numbers' href='" . attribute_escape($link) . "'>$next_text</a>";1000 $page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>"; 1000 1001 endif; 1001 1002 switch ( $type ) : 1002 1003 case 'array' : -
wp-includes/comment.php
169 169 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 170 170 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 171 171 $comment_author_url = stripslashes($comment_author_url); 172 $comment_author_url = attribute_escape($comment_author_url);172 $comment_author_url = clean_url($comment_author_url); 173 173 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 174 174 } 175 175 } -
wp-includes/functions.php
1192 1192 1193 1193 $adminurl = get_option('siteurl') . '/wp-admin'; 1194 1194 if ( wp_get_referer() ) 1195 $adminurl = attribute_escape(wp_get_referer());1195 $adminurl = clean_url(wp_get_referer()); 1196 1196 1197 1197 $title = __('WordPress Confirmation'); 1198 1198 // Remove extra layer of slashes. … … 1209 1209 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 1210 1210 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 1211 1211 } else { 1212 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";1212 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 1213 1213 } 1214 1214 $html .= "</body>\n</html>"; 1215 1215 wp_die($html, $title); -
wp-includes/script-loader.php
78 78 if ( isset($this->args[$handle]) ) 79 79 $ver .= '&' . $this->args[$handle]; 80 80 $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src; 81 $src = attribute_escape(add_query_arg('ver', $ver, $src));81 $src = clean_url(add_query_arg('ver', $ver, $src)); 82 82 echo "<script type='text/javascript' src='$src'></script>\n"; 83 83 } 84 84 $this->printed[] = $handle; -
wp-includes/bookmark-template.php
96 96 $output .= get_option('links_recently_updated_prepend'); 97 97 $the_link = '#'; 98 98 if ( !empty($row->link_url) ) 99 $the_link = wp_specialchars($row->link_url);99 $the_link = clean_url($row->link_url); 100 100 $rel = $row->link_rel; 101 101 if ( '' != $rel ) 102 102 $rel = ' rel="' . $rel . '"'; … … 260 260 261 261 $the_link = '#'; 262 262 if ( !empty($bookmark->link_url) ) 263 $the_link = wp_specialchars($bookmark->link_url);263 $the_link = clean_url($bookmark->link_url); 264 264 265 265 $rel = $bookmark->link_rel; 266 266 if ( '' != $rel ) -
wp-admin/edit-comments.php
101 101 $r = ''; 102 102 if ( 1 < $page ) { 103 103 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 104 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";104 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 105 105 } 106 106 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 107 107 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 111 111 $p = false; 112 112 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 113 113 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 114 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";114 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 115 115 $in = true; 116 116 elseif ( $in == true ) : 117 117 $r .= "...\n"; … … 122 122 } 123 123 if ( ( $page ) * 20 < $total || -1 == $total ) { 124 124 $args['apage'] = $page + 1; 125 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";125 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 126 126 } 127 127 echo "<p class='pagenav'>$r</p>"; 128 128 ?> … … 248 248 $r = ''; 249 249 if ( 1 < $page ) { 250 250 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 251 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";251 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 252 252 } 253 253 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 254 254 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 258 258 $p = false; 259 259 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 260 260 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 261 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";261 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 262 262 $in = true; 263 263 elseif ( $in == true ) : 264 264 $r .= "...\n"; … … 269 269 } 270 270 if ( ( $page ) * 20 < $total || -1 == $total ) { 271 271 $args['apage'] = $page + 1; 272 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";272 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 273 273 } 274 274 echo "<p class='pagenav'>$r</p>"; 275 275 ?> -
wp-admin/post.php
69 69 ?> 70 70 <div id='preview' class='wrap'> 71 71 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2> 72 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>72 <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 73 73 </div> 74 74 <?php 75 75 break; -
wp-admin/admin-functions.php
358 358 else if ( !empty( $post_title ) ) { 359 359 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 360 360 $text = funky_javascript_fix( $text); 361 $popupurl = attribute_escape($_REQUEST['popupurl']);361 $popupurl = clean_url($_REQUEST['popupurl']); 362 362 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 363 363 } 364 364 … … 417 417 $user = new WP_User( $user_id ); 418 418 $user->user_login = attribute_escape($user->user_login); 419 419 $user->user_email = attribute_escape($user->user_email); 420 $user->user_url = attribute_escape($user->user_url);420 $user->user_url = clean_url($user->user_url); 421 421 $user->first_name = attribute_escape($user->first_name); 422 422 $user->last_name = attribute_escape($user->last_name); 423 423 $user->display_name = attribute_escape($user->display_name); … … 562 562 function get_link_to_edit( $link_id ) { 563 563 $link = get_link( $link_id ); 564 564 565 $link->link_url = attribute_escape($link->link_url);565 $link->link_url = clean_url($link->link_url); 566 566 $link->link_name = attribute_escape($link->link_name); 567 567 $link->link_image = attribute_escape($link->link_image); 568 568 $link->link_description = attribute_escape($link->link_description); 569 $link->link_rss = attribute_escape($link->link_rss);569 $link->link_rss = clean_url($link->link_rss); 570 570 $link->link_rel = attribute_escape($link->link_rel); 571 571 $link->link_notes = wp_specialchars($link->link_notes); 572 572 $link->post_category = $link->link_category; … … 576 576 577 577 function get_default_link_to_edit() { 578 578 if ( isset( $_GET['linkurl'] ) ) 579 $link->link_url = attribute_escape( $_GET['linkurl']);579 $link->link_url = clean_url( $_GET['linkurl']); 580 580 else 581 581 $link->link_url = ''; 582 582 … … 867 867 } 868 868 $r .= "</td>\n\t\t<td>"; 869 869 if ( current_user_can( 'edit_user', $user_object->ID ) ) { 870 $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));870 $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" )); 871 871 $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>"; 872 872 } 873 873 $r .= "</td>\n\t</tr>"; -
wp-admin/edit-page-form.php
13 13 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 14 14 } 15 15 16 $sendto = attribute_escape(stripslashes(wp_get_referer()));16 $sendto = clean_url(stripslashes(wp_get_referer())); 17 17 18 18 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) 19 19 $sendto = 'redo'; -
wp-admin/upload.php
90 90 $href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') ); 91 91 if ( isset($tab_array[4]) && is_array($tab_array[4]) ) 92 92 add_query_arg( $tab_array[4], $href ); 93 $_href = attribute_escape( $href);93 $_href = clean_url( $href); 94 94 $page_links = ''; 95 95 $class = 'upload-tab alignleft'; 96 96 if ( $tab == $t ) { -
wp-admin/edit-form-advanced.php
168 168 ?> 169 169 <input name="referredby" type="hidden" id="referredby" value="<?php 170 170 if ( !empty($_REQUEST['popupurl']) ) 171 echo attribute_escape(stripslashes($_REQUEST['popupurl']));171 echo clean_url(stripslashes($_REQUEST['popupurl'])); 172 172 else if ( url_to_postid(wp_get_referer()) == $post_ID ) 173 173 echo 'redo'; 174 174 else 175 echo attribute_escape(stripslashes(wp_get_referer()));175 echo clean_url(stripslashes(wp_get_referer())); 176 176 ?>" /></p> 177 177 178 178 <?php do_action('edit_form_advanced'); ?> -
wp-admin/upload-functions.php
35 35 $r = ''; 36 36 37 37 if ( $href ) 38 $r .= "<a id='file-link-$id' href='" . attribute_escape($href) ."' title='$post_title' class='file-link $class'>\n";38 $r .= "<a id='file-link-$id' href='" . clean_url($href) ."' title='$post_title' class='file-link $class'>\n"; 39 39 if ( $href || $image_src ) 40 40 $r .= "\t\t\t$innerHTML"; 41 41 if ( $href ) … … 83 83 echo '[ '; 84 84 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 85 85 echo ' | '; 86 echo '<a href="' . attribute_escape(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';86 echo '<a href="' . clean_url(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; 87 87 echo ' | '; 88 echo '<a href="' . attribute_escape(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';88 echo '<a href="' . clean_url(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 89 89 echo ' ]'; ?></span> 90 90 </div> 91 91 … … 123 123 echo '[ '; 124 124 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 125 125 echo ' | '; 126 echo '<a href="' . attribute_escape(add_query_arg('action', 'view')) . '">' . __('links') . '</a>';126 echo '<a href="' . clean_url(add_query_arg('action', 'view')) . '">' . __('links') . '</a>'; 127 127 echo ' | '; 128 echo '<a href="' . attribute_escape(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';128 echo '<a href="' . clean_url(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 129 129 echo ' ]'; ?></span> 130 130 </div> 131 131 -
wp-admin/upgrade.php
28 28 <?php 29 29 switch($step) { 30 30 case 0: 31 $goback = attribute_escape(stripslashes(wp_get_referer()));31 $goback = clean_url(stripslashes(wp_get_referer())); 32 32 ?> 33 33 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 34 34 <h2 class="step"><a href="upgrade.php?step=1&backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress »'); ?></a></h2> … … 40 40 if ( empty( $_GET['backto'] ) ) 41 41 $backto = __get_option('home'); 42 42 else 43 $backto = attribute_escape(stripslashes($_GET['backto']));43 $backto = clean_url(stripslashes($_GET['backto'])); 44 44 ?> 45 45 <h2><?php _e('Step 1'); ?></h2> 46 46 <p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), $backto); ?></p> -
wp-admin/user-edit.php
55 55 <div id="message" class="updated fade"> 56 56 <p><strong><?php _e('User updated.') ?></strong></p> 57 57 <?php if ( $wp_http_referer ) : ?> 58 <p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p>58 <p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p> 59 59 <?php endif; ?> 60 60 </div> 61 61 <?php endif; ?> -
wp-admin/link-manager.php
133 133 foreach ($links as $link) { 134 134 $link->link_name = attribute_escape($link->link_name); 135 135 $link->link_description = wp_specialchars($link->link_description); 136 $link->link_url = attribute_escape($link->link_url);136 $link->link_url = clean_url($link->link_url); 137 137 $link->link_category = wp_get_link_cats($link->link_id); 138 138 $short_url = str_replace('http://', '', $link->link_url); 139 139 $short_url = str_replace('www.', '', $short_url); -
wp-admin/bookmarklet.php
37 37 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = attribute_escape($_REQUEST['popupurl']);40 $popupurl = clean_url($_REQUEST['popupurl']); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); 43 43 } else { -
wp-admin/page.php
63 63 ?> 64 64 <div id='preview' class='wrap'> 65 65 <h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2> 66 <iframe src="<?php echo attribute_escape(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>66 <iframe src="<?php echo clean_url(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 67 67 </div> 68 68 <?php 69 69 break;