Ticket #3986: clean_url-admin_a-l.diff
File clean_url-admin_a-l.diff, 7.7 KB (added by , 18 years ago) |
---|
-
wp-admin/edit-comments.php
101 101 $r = ''; 102 102 if ( 1 < $page ) { 103 103 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 104 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";104 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 105 105 } 106 106 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 107 107 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 111 111 $p = false; 112 112 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 113 113 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 114 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";114 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 115 115 $in = true; 116 116 elseif ( $in == true ) : 117 117 $r .= "...\n"; … … 122 122 } 123 123 if ( ( $page ) * 20 < $total || -1 == $total ) { 124 124 $args['apage'] = $page + 1; 125 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";125 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 126 126 } 127 127 echo "<p class='pagenav'>$r</p>"; 128 128 ?> … … 248 248 $r = ''; 249 249 if ( 1 < $page ) { 250 250 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 251 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";251 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 252 252 } 253 253 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 254 254 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 258 258 $p = false; 259 259 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 260 260 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 261 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";261 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 262 262 $in = true; 263 263 elseif ( $in == true ) : 264 264 $r .= "...\n"; … … 269 269 } 270 270 if ( ( $page ) * 20 < $total || -1 == $total ) { 271 271 $args['apage'] = $page + 1; 272 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";272 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 273 273 } 274 274 echo "<p class='pagenav'>$r</p>"; 275 275 ?> -
wp-admin/admin-functions.php
370 370 else if ( !empty( $post_title ) ) { 371 371 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 372 372 $text = funky_javascript_fix( $text); 373 $popupurl = attribute_escape($_REQUEST['popupurl']);373 $popupurl = clean_url($_REQUEST['popupurl']); 374 374 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 375 375 } 376 376 … … 429 429 $user = new WP_User( $user_id ); 430 430 $user->user_login = attribute_escape($user->user_login); 431 431 $user->user_email = attribute_escape($user->user_email); 432 $user->user_url = attribute_escape($user->user_url);432 $user->user_url = clean_url($user->user_url); 433 433 $user->first_name = attribute_escape($user->first_name); 434 434 $user->last_name = attribute_escape($user->last_name); 435 435 $user->display_name = attribute_escape($user->display_name); … … 574 574 function get_link_to_edit( $link_id ) { 575 575 $link = get_link( $link_id ); 576 576 577 $link->link_url = attribute_escape($link->link_url);577 $link->link_url = clean_url($link->link_url); 578 578 $link->link_name = attribute_escape($link->link_name); 579 579 $link->link_image = attribute_escape($link->link_image); 580 580 $link->link_description = attribute_escape($link->link_description); 581 $link->link_rss = attribute_escape($link->link_rss);581 $link->link_rss = clean_url($link->link_rss); 582 582 $link->link_rel = attribute_escape($link->link_rel); 583 583 $link->link_notes = wp_specialchars($link->link_notes); 584 584 $link->post_category = $link->link_category; … … 588 588 589 589 function get_default_link_to_edit() { 590 590 if ( isset( $_GET['linkurl'] ) ) 591 $link->link_url = attribute_escape( $_GET['linkurl']);591 $link->link_url = clean_url( $_GET['linkurl']); 592 592 else 593 593 $link->link_url = ''; 594 594 … … 879 879 } 880 880 $r .= "</td>\n\t\t<td>"; 881 881 if ( current_user_can( 'edit_user', $user_object->ID ) ) { 882 $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));882 $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" )); 883 883 $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>"; 884 884 } 885 885 $r .= "</td>\n\t</tr>"; -
wp-admin/edit-page-form.php
13 13 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 14 14 } 15 15 16 $sendto = attribute_escape(stripslashes(wp_get_referer()));16 $sendto = clean_url(stripslashes(wp_get_referer())); 17 17 18 18 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) 19 19 $sendto = 'redo'; -
wp-admin/edit-form-advanced.php
168 168 ?> 169 169 <input name="referredby" type="hidden" id="referredby" value="<?php 170 170 if ( !empty($_REQUEST['popupurl']) ) 171 echo attribute_escape(stripslashes($_REQUEST['popupurl']));171 echo clean_url(stripslashes($_REQUEST['popupurl'])); 172 172 else if ( url_to_postid(wp_get_referer()) == $post_ID ) 173 173 echo 'redo'; 174 174 else 175 echo attribute_escape(stripslashes(wp_get_referer()));175 echo clean_url(stripslashes(wp_get_referer())); 176 176 ?>" /></p> 177 177 178 178 <?php do_action('edit_form_advanced'); ?> -
wp-admin/link-manager.php
133 133 foreach ($links as $link) { 134 134 $link->link_name = attribute_escape(apply_filters('link_title', $link->link_name)); 135 135 $link->link_description = wp_specialchars(apply_filters('link_description', $link->link_description)); 136 $link->link_url = attribute_escape($link->link_url);136 $link->link_url = clean_url($link->link_url); 137 137 $link->link_category = wp_get_link_cats($link->link_id); 138 138 $short_url = str_replace('http://', '', $link->link_url); 139 139 $short_url = str_replace('www.', '', $short_url); -
wp-admin/bookmarklet.php
37 37 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = attribute_escape($_REQUEST['popupurl']);40 $popupurl = clean_url($_REQUEST['popupurl']); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); 43 43 } else {