Ticket #3986: trunk_inclusive.diff
File trunk_inclusive.diff, 18.7 KB (added by , 18 years ago) |
---|
-
wp-includes/link-template.php
503 503 } 504 504 505 505 function next_posts($max_page = 0) { 506 echo attribute_escape(get_next_posts_page_link($max_page));506 echo clean_url(get_next_posts_page_link($max_page)); 507 507 } 508 508 509 509 function next_posts_link($label='Next Page »', $max_page=0) { … … 533 533 } 534 534 535 535 function previous_posts() { 536 echo attribute_escape(get_previous_posts_page_link());536 echo clean_url(get_previous_posts_page_link()); 537 537 } 538 538 539 539 function previous_posts_link($label='« Previous Page') { -
wp-includes/general-template.php
297 297 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 298 298 $text = wptexturize($text); 299 299 $title_text = attribute_escape($text); 300 $url = clean_url($url); 300 301 301 302 if ('link' == $format) 302 303 return "\t<link rel='archives' title='$title_text' href='$url' />\n"; … … 985 986 $link = str_replace('%#%', $current - 1, $link); 986 987 if ( $add_args ) 987 988 $link = add_query_arg( $add_args, $link ); 988 $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape($link) . "'>$prev_text</a>";989 $page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>"; 989 990 endif; 990 991 for ( $n = 1; $n <= $total; $n++ ) : 991 992 if ( $n == $current ) : … … 997 998 $link = str_replace('%#%', $n, $link); 998 999 if ( $add_args ) 999 1000 $link = add_query_arg( $add_args, $link ); 1000 $page_links[] = "<a class='page-numbers' href='" . attribute_escape($link) . "'>$n</a>";1001 $page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n</a>"; 1001 1002 $dots = true; 1002 1003 elseif ( $dots && !$show_all ) : 1003 1004 $page_links[] = "<span class='page-numbers dots'>...</span>"; … … 1010 1011 $link = str_replace('%#%', $current + 1, $link); 1011 1012 if ( $add_args ) 1012 1013 $link = add_query_arg( $add_args, $link ); 1013 $page_links[] = "<a class='next page-numbers' href='" . attribute_escape($link) . "'>$next_text</a>";1014 $page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>"; 1014 1015 endif; 1015 1016 switch ( $type ) : 1016 1017 case 'array' : -
wp-includes/comment.php
169 169 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 170 170 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 171 171 $comment_author_url = stripslashes($comment_author_url); 172 $comment_author_url = attribute_escape($comment_author_url);172 $comment_author_url = clean_url($comment_author_url); 173 173 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 174 174 } 175 175 } -
wp-includes/functions.php
1272 1272 1273 1273 $adminurl = get_option('siteurl') . '/wp-admin'; 1274 1274 if ( wp_get_referer() ) 1275 $adminurl = attribute_escape(wp_get_referer());1275 $adminurl = clean_url(wp_get_referer()); 1276 1276 1277 1277 $title = __('WordPress Confirmation'); 1278 1278 // Remove extra layer of slashes. … … 1289 1289 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 1290 1290 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 1291 1291 } else { 1292 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";1292 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 1293 1293 } 1294 1294 $html .= "</body>\n</html>"; 1295 1295 wp_die($html, $title); -
wp-includes/script-loader.php
150 150 $ver .= '&' . $this->args[$handle]; 151 151 $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src; 152 152 $src = add_query_arg('ver', $ver, $src); 153 $src = attribute_escape(apply_filters( 'script_loader_src', $src ));153 $src = clean_url(apply_filters( 'script_loader_src', $src )); 154 154 echo "<script type='text/javascript' src='$src'></script>\n"; 155 155 $this->print_scripts_l10n( $handle ); 156 156 } -
wp-includes/bookmark-template.php
96 96 $output .= get_option('links_recently_updated_prepend'); 97 97 $the_link = '#'; 98 98 if ( !empty($row->link_url) ) 99 $the_link = wp_specialchars($row->link_url);99 $the_link = clean_url($row->link_url); 100 100 $rel = $row->link_rel; 101 101 if ( '' != $rel ) 102 102 $rel = ' rel="' . $rel . '"'; … … 260 260 261 261 $the_link = '#'; 262 262 if ( !empty($bookmark->link_url) ) 263 $the_link = wp_specialchars($bookmark->link_url);263 $the_link = clean_url($bookmark->link_url); 264 264 265 265 $rel = $bookmark->link_rel; 266 266 if ( '' != $rel ) -
wp-admin/edit-comments.php
101 101 $r = ''; 102 102 if ( 1 < $page ) { 103 103 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 104 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";104 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 105 105 } 106 106 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 107 107 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 111 111 $p = false; 112 112 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 113 113 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 114 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";114 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 115 115 $in = true; 116 116 elseif ( $in == true ) : 117 117 $r .= "...\n"; … … 122 122 } 123 123 if ( ( $page ) * 20 < $total || -1 == $total ) { 124 124 $args['apage'] = $page + 1; 125 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";125 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 126 126 } 127 127 echo "<p class='pagenav'>$r</p>"; 128 128 ?> … … 248 248 $r = ''; 249 249 if ( 1 < $page ) { 250 250 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 251 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";251 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 252 252 } 253 253 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { 254 254 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : … … 258 258 $p = false; 259 259 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 260 260 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 261 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";261 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 262 262 $in = true; 263 263 elseif ( $in == true ) : 264 264 $r .= "...\n"; … … 269 269 } 270 270 if ( ( $page ) * 20 < $total || -1 == $total ) { 271 271 $args['apage'] = $page + 1; 272 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";272 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 273 273 } 274 274 echo "<p class='pagenav'>$r</p>"; 275 275 ?> -
wp-admin/post.php
69 69 ?> 70 70 <div id='preview' class='wrap'> 71 71 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2> 72 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>72 <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 73 73 </div> 74 74 <?php 75 75 break; -
wp-admin/admin-functions.php
370 370 else if ( !empty( $post_title ) ) { 371 371 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 372 372 $text = funky_javascript_fix( $text); 373 $popupurl = attribute_escape($_REQUEST['popupurl']);373 $popupurl = clean_url($_REQUEST['popupurl']); 374 374 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 375 375 } 376 376 … … 429 429 $user = new WP_User( $user_id ); 430 430 $user->user_login = attribute_escape($user->user_login); 431 431 $user->user_email = attribute_escape($user->user_email); 432 $user->user_url = attribute_escape($user->user_url);432 $user->user_url = clean_url($user->user_url); 433 433 $user->first_name = attribute_escape($user->first_name); 434 434 $user->last_name = attribute_escape($user->last_name); 435 435 $user->display_name = attribute_escape($user->display_name); … … 574 574 function get_link_to_edit( $link_id ) { 575 575 $link = get_link( $link_id ); 576 576 577 $link->link_url = attribute_escape($link->link_url);577 $link->link_url = clean_url($link->link_url); 578 578 $link->link_name = attribute_escape($link->link_name); 579 579 $link->link_image = attribute_escape($link->link_image); 580 580 $link->link_description = attribute_escape($link->link_description); 581 $link->link_rss = attribute_escape($link->link_rss);581 $link->link_rss = clean_url($link->link_rss); 582 582 $link->link_rel = attribute_escape($link->link_rel); 583 583 $link->link_notes = wp_specialchars($link->link_notes); 584 584 $link->post_category = $link->link_category; … … 588 588 589 589 function get_default_link_to_edit() { 590 590 if ( isset( $_GET['linkurl'] ) ) 591 $link->link_url = attribute_escape( $_GET['linkurl']);591 $link->link_url = clean_url( $_GET['linkurl']); 592 592 else 593 593 $link->link_url = ''; 594 594 … … 879 879 } 880 880 $r .= "</td>\n\t\t<td>"; 881 881 if ( current_user_can( 'edit_user', $user_object->ID ) ) { 882 $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));882 $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" )); 883 883 $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>"; 884 884 } 885 885 $r .= "</td>\n\t</tr>"; -
wp-admin/edit-page-form.php
13 13 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 14 14 } 15 15 16 $sendto = attribute_escape(stripslashes(wp_get_referer()));16 $sendto = clean_url(stripslashes(wp_get_referer())); 17 17 18 18 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) 19 19 $sendto = 'redo'; -
wp-admin/upload.php
90 90 $href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') ); 91 91 if ( isset($tab_array[4]) && is_array($tab_array[4]) ) 92 92 add_query_arg( $tab_array[4], $href ); 93 $_href = attribute_escape( $href);93 $_href = clean_url( $href); 94 94 $page_links = ''; 95 95 $class = 'upload-tab alignleft'; 96 96 if ( $tab == $t ) { -
wp-admin/edit-form-advanced.php
168 168 ?> 169 169 <input name="referredby" type="hidden" id="referredby" value="<?php 170 170 if ( !empty($_REQUEST['popupurl']) ) 171 echo attribute_escape(stripslashes($_REQUEST['popupurl']));171 echo clean_url(stripslashes($_REQUEST['popupurl'])); 172 172 else if ( url_to_postid(wp_get_referer()) == $post_ID ) 173 173 echo 'redo'; 174 174 else 175 echo attribute_escape(stripslashes(wp_get_referer()));175 echo clean_url(stripslashes(wp_get_referer())); 176 176 ?>" /></p> 177 177 178 178 <?php do_action('edit_form_advanced'); ?> -
wp-admin/upload-functions.php
83 83 echo '[ '; 84 84 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 85 85 echo ' | '; 86 echo '<a href="' . attribute_escape(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';86 echo '<a href="' . clean_url(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; 87 87 echo ' | '; 88 echo '<a href="' . attribute_escape(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';88 echo '<a href="' . clean_url(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 89 89 echo ' ]'; ?></span> 90 90 </div> 91 91 … … 123 123 echo '[ '; 124 124 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 125 125 echo ' | '; 126 echo '<a href="' . attribute_escape(add_query_arg('action', 'view')) . '">' . __('links') . '</a>';126 echo '<a href="' . clean_url(add_query_arg('action', 'view')) . '">' . __('links') . '</a>'; 127 127 echo ' | '; 128 echo '<a href="' . attribute_escape(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';128 echo '<a href="' . clean_url(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 129 129 echo ' ]'; ?></span> 130 130 </div> 131 131 -
wp-admin/upgrade.php
35 35 <?php else : 36 36 switch($step) : 37 37 case 0: 38 $goback = attribute_escape(stripslashes(wp_get_referer()));38 $goback = clean_url(stripslashes(wp_get_referer())); 39 39 ?> 40 40 <h2><?php _e('Database Upgrade Required'); ?></h2> 41 41 <p><?php _e('Your WordPress database is out-of-date, and must be upgraded before you can continue.'); ?></p> … … 49 49 if ( empty( $_GET['backto'] ) ) 50 50 $backto = __get_option('home') . '/'; 51 51 else 52 $backto = attribute_escape(stripslashes($_GET['backto']));52 $backto = clean_url(stripslashes($_GET['backto'])); 53 53 ?> 54 54 <h2><?php _e('Upgrade Complete'); ?></h2> 55 55 <p><?php _e('Your WordPress database has been successfully upgraded!'); ?></p> -
wp-admin/user-edit.php
55 55 <div id="message" class="updated fade"> 56 56 <p><strong><?php _e('User updated.') ?></strong></p> 57 57 <?php if ( $wp_http_referer ) : ?> 58 <p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p>58 <p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p> 59 59 <?php endif; ?> 60 60 </div> 61 61 <?php endif; ?> -
wp-admin/link-manager.php
133 133 foreach ($links as $link) { 134 134 $link->link_name = attribute_escape(apply_filters('link_title', $link->link_name)); 135 135 $link->link_description = wp_specialchars(apply_filters('link_description', $link->link_description)); 136 $link->link_url = attribute_escape($link->link_url);136 $link->link_url = clean_url($link->link_url); 137 137 $link->link_category = wp_get_link_cats($link->link_id); 138 138 $short_url = str_replace('http://', '', $link->link_url); 139 139 $short_url = str_replace('www.', '', $short_url); -
wp-admin/bookmarklet.php
37 37 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = attribute_escape($_REQUEST['popupurl']);40 $popupurl = clean_url($_REQUEST['popupurl']); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); 43 43 } else { -
wp-admin/page.php
64 64 ?> 65 65 <div id='preview' class='wrap'> 66 66 <h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2> 67 <iframe src="<?php echo attribute_escape(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>67 <iframe src="<?php echo clean_url(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 68 68 </div> 69 69 <?php 70 70 break;