WordPress.org

Make WordPress Core

Ticket #4333: 4333.diff

File 4333.diff, 19.3 KB (added by mdawaffe, 7 years ago)
  • wp-admin/admin-functions.php

     
    10071007                $key_js = js_escape( $entry['meta_key'] ); 
    10081008                $entry['meta_key']   = attribute_escape($entry['meta_key']); 
    10091009                $entry['meta_value'] = attribute_escape($entry['meta_value']); 
     1010                $entry['meta_id'] = (int) $entry['meta_id']; 
    10101011                $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; 
    10111012                $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; 
    10121013                $r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>"; 
     
    10591060<?php 
    10601061 
    10611062        foreach ( $keys as $key ) { 
    1062                 $key = attribute_escape( $key); 
     1063                $key = attribute_escape( $key ); 
    10631064                echo "\n\t<option value='$key'>$key</option>"; 
    10641065        } 
    10651066?> 
  • wp-admin/edit-page-form.php

     
    88        $temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post() 
    99        $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />"; 
    1010} else { 
     11        $post_ID = (int) $post_ID; 
    1112        $form_action = 'editpost'; 
    1213        $nonce_action = 'update-page_' . $post_ID; 
    1314        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 
     
    2829        echo '<input type="hidden" name="mode" value="bookmarklet" />'; 
    2930} 
    3031?> 
    31 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" /> 
     32<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 
    3233<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' /> 
    3334<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" /> 
    3435<?php echo $form_extra ?> 
     
    6869 
    6970<fieldset id="passworddiv" class="dbx-box"> 
    7071<h3 class="dbx-handle"><?php _e('Page Password') ?></h3> 
    71 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div> 
     72<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div> 
    7273</fieldset> 
    7374 
    7475<fieldset id="pageparent" class="dbx-box"> 
     
    9394 
    9495<fieldset id="slugdiv" class="dbx-box"> 
    9596<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3> 
    96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div> 
     97<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div> 
    9798</fieldset> 
    9899 
    99100<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?> 
     
    106107$o = get_userdata( $o->ID ); 
    107108if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 
    108109else $selected = ''; 
     110$o->ID = (int) $o->ID; 
     111$o->display_name = wp_specialchars( $o->display_name ); 
    109112echo "<option value='$o->ID' $selected>$o->display_name</option>"; 
    110113endforeach; 
    111114?> 
     
    116119 
    117120<fieldset id="pageorder" class="dbx-box"> 
    118121<h3 class="dbx-handle"><?php _e('Page Order') ?></h3> 
    119 <div class="dbx-content"><p><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo $post->menu_order ?>" /></p></div> 
     122<div class="dbx-content"><p><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo (int) $post->menu_order ?>" /></p></div> 
    120123</fieldset> 
    121124 
    122125<?php do_action('dbx_page_sidebar'); ?> 
     
    126129 
    127130<fieldset id="titlediv"> 
    128131  <legend><?php _e('Page Title') ?></legend> 
    129   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div> 
     132  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div> 
    130133</fieldset> 
    131134 
    132135 
     
    159162 
    160163<?php 
    161164if (current_user_can('upload_files')) { 
    162         $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID); 
     165        $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID); 
    163166        $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading'); 
    164167        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 
    165168        if ( false != $uploading_iframe_src ) 
  • wp-admin/comment.php

     
    7272<?php if ( 'spam' == $_GET['dt'] ) { ?> 
    7373<input type='hidden' name='dt' value='spam' /> 
    7474<?php } ?> 
    75 <input type='hidden' name='p' value='<?php echo $comment->comment_post_ID; ?>' /> 
    76 <input type='hidden' name='c' value='<?php echo $comment->comment_ID; ?>' /> 
     75<input type='hidden' name='p' value='<?php echo (int) $comment->comment_post_ID; ?>' /> 
     76<input type='hidden' name='c' value='<?php echo (int) $comment->comment_ID; ?>' /> 
    7777<input type='hidden' name='noredir' value='1' /> 
    7878</form> 
    7979 
    8080<table class="editform" cellpadding="5"> 
    8181<tr class="alt"> 
    8282<th scope="row"><?php _e('Author:'); ?></th> 
    83 <td><?php echo $comment->comment_author; ?></td> 
     83<td><?php echo wp_specialchars( $comment->comment_author ); ?></td> 
    8484</tr> 
    8585<?php if ( $comment->comment_author_email ) { ?> 
    8686<tr> 
    8787<th scope="row"><?php _e('E-mail:'); ?></th> 
    88 <td><?php echo $comment->comment_author_email; ?></td> 
     88<td><?php echo wp_specialchars( $comment->comment_author_email ); ?></td> 
    8989</tr> 
    9090<?php } ?> 
    9191<?php if ( $comment->comment_author_url ) { ?> 
    9292<tr> 
    9393<th scope="row"><?php _e('URL:'); ?></th> 
    94 <td><?php echo "<a href='$comment->comment_author_url'>$comment->comment_author_url</a>"; ?></td> 
     94<td><a href='<?php echo clean_url( $comment->comment_author_url ); ?>'><?php echo wp_specialchars( $comment->comment_author_url ); ?></a></td> 
    9595</tr> 
    9696<?php } ?> 
    9797<tr> 
     
    155155        if ((wp_get_referer() != "") && (false == $noredir)) { 
    156156                wp_redirect(wp_get_referer()); 
    157157        } else { 
    158                 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments'); 
     158                wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' . (int) $comment->comment_post_ID.'&c=1#comments'); 
    159159        } 
    160160        exit(); 
    161161        break; 
     
    185185        if ((wp_get_referer() != "") && (false == $noredir)) { 
    186186                wp_redirect(wp_get_referer()); 
    187187        } else { 
    188                 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments'); 
     188                wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' . (int) $comment->comment_post_ID.'&c=1#comments'); 
    189189        } 
    190190        exit(); 
    191191        break; 
  • wp-admin/edit-form.php

     
    66<?php if (isset($mode) && 'bookmarklet' == $mode) : ?> 
    77<input type="hidden" name="mode" value="bookmarklet" /> 
    88<?php endif; ?> 
    9 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" /> 
     9<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 
    1010<input type="hidden" name="action" value='post' /> 
    1111 
    1212<script type="text/javascript"> 
     
    2121<div id="poststuff"> 
    2222    <fieldset id="titlediv"> 
    2323      <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend>  
    24           <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div> 
     24          <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div> 
    2525    </fieldset> 
    2626 
    2727    <fieldset id="categorydiv"> 
     
    4949//--> 
    5050</script> 
    5151 
    52 <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" /> 
     52<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" /> 
    5353 
    5454<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?> 
    5555        <input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p> 
     
    6464<?php if ('bookmarklet' != $mode) { 
    6565                echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />'; 
    6666        } ?> 
    67         <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" /> 
     67        <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" /> 
    6868</p> 
    6969 
    7070<?php do_action('simple_edit_form', ''); ?> 
  • wp-admin/edit-form-comment.php

     
    22$submitbutton_text = __('Edit Comment &raquo;'); 
    33$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID); 
    44$form_action = 'editedcomment'; 
    5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID; 
     5$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . (int) $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . (int) $comment->comment_post_ID; 
    66?> 
    77 
    88<form name="post" action="comment.php" method="post" id="post"> 
    99<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> 
    1010<div class="wrap"> 
    11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" /> 
     11<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 
    1212<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' /> 
    1313 
    1414<script type="text/javascript"> 
     
    2020<fieldset id="namediv"> 
    2121    <legend><label for="name"><?php _e('Name:') ?></label></legend> 
    2222        <div> 
    23           <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" /> 
     23          <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" /> 
    2424    </div> 
    2525</fieldset> 
    2626<fieldset id="emaildiv"> 
    2727        <legend><label for="email"><?php _e('E-mail:') ?></label></legend> 
    2828                <div> 
    29                   <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" /> 
     29                  <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" /> 
    3030    </div> 
    3131</fieldset> 
    3232<fieldset id="uridiv"> 
    3333        <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend> 
    3434                <div> 
    35                   <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" /> 
     35                  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" /> 
    3636    </div> 
    3737</fieldset> 
    3838 
     
    6868        <tr> 
    6969                <th scope="row" valign="top"><?php _e('Delete'); $delete_nonce = wp_create_nonce( 'delete-comment_' . $comment->comment_ID ); ?>:</th> 
    7070                <td><input name="deletecomment" class="button delete" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> />  
    71                 <input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" /> 
    72                 <input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" /> 
     71                <input type="hidden" name="c" value="<?php echo (int) $comment->comment_ID ?>" /> 
     72                <input type="hidden" name="p" value="<?php echo (int) $comment->comment_post_ID ?>" /> 
    7373                <input type="hidden" name="noredir" value="1" /> 
    7474        </td> 
    7575        </tr> 
  • wp-admin/edit-form-advanced.php

     
    11<?php 
     2if ( isset($_GET['message']) ) 
     3        $_GET['message'] = (int) $_GET['message']; 
    24$messages[1] = __('Post updated'); 
    35$messages[2] = __('Custom field updated'); 
    46$messages[3] = __('Custom field deleted.'); 
    57?> 
    68<?php if (isset($_GET['message'])) : ?> 
    7 <div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div> 
     9<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div> 
    810<?php endif; ?> 
    911 
    1012<form name="post" action="post.php" method="post" id="post"> 
     
    2123        $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />"; 
    2224        wp_nonce_field('add-post'); 
    2325} else { 
     26        $post_ID = (int) $post_ID; 
    2427        $form_action = 'editpost'; 
    2528        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 
    2629        wp_nonce_field('update-post_' .  $post_ID); 
    2730} 
    2831 
    29 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />'; 
     32$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />'; 
    3033 
    31 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />'; 
     34$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />'; 
    3235 
    33 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />'; 
     36$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />'; 
    3437 
    3538if ('' != $post->pinged) { 
    3639        $pings = '<p>'. __('Already pinged:') . '</p><ul>'; 
     
    4144        $pings .= '</ul>'; 
    4245} 
    4346 
    44 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />'; 
     47$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />'; 
    4548 
    4649if (empty($post->post_status)) $post->post_status = 'draft'; 
    4750 
    4851?> 
    4952 
    50 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" /> 
     53<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 
    5154<input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" /> 
    5255<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" /> 
    53 <input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" /> 
     56<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" /> 
    5457<input type="hidden" id="post_type" name="post_type" value="post" /> 
    5558 
    5659<?php echo $form_extra ?> 
     
    8891 
    8992<fieldset id="passworddiv" class="dbx-box"> 
    9093<h3 class="dbx-handle"><?php _e('Post Password') ?></h3>  
    91 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div> 
     94<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div> 
    9295</fieldset> 
    9396 
    9497<fieldset id="slugdiv" class="dbx-box"> 
    9598<h3 class="dbx-handle"><?php _e('Post Slug') ?></h3>  
    96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div> 
     99<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div> 
    97100</fieldset> 
    98101 
    99102<fieldset id="poststatusdiv" class="dbx-box"> 
     
    125128$o = get_userdata( $o->ID ); 
    126129if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 
    127130else $selected = ''; 
    128 echo "<option value='$o->ID' $selected>$o->display_name</option>"; 
     131echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>"; 
    129132endforeach; 
    130133?> 
    131134</select> 
     
    140143 
    141144<fieldset id="titlediv"> 
    142145        <legend><?php _e('Title') ?></legend> 
    143         <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div> 
     146        <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div> 
    144147</fieldset> 
    145148 
    146149<fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>"> 
     
    167170<p class="submit"> 
    168171<span id="autosave"></span> 
    169172<?php echo $saveasdraft; ?> 
    170 <input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" />  
     173<input type="submit" name="submit" value="<?php _e('Save'); ?>" style="font-weight: bold;" tabindex="4" />  
    171174<?php  
    172175if ('publish' != $post->post_status || 0 == $post_ID) { 
    173176?> 
     
    190193 
    191194<?php 
    192195if (current_user_can('upload_files')) { 
    193         $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID); 
     196        $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID); 
    194197        $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading'); 
    195198        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 
    196199        if ( false != $uploading_iframe_src ) 
  • wp-admin/edit-category-form.php

     
    2121<div id="ajax-response"></div> 
    2222<?php echo $form ?> 
    2323<input type="hidden" name="action" value="<?php echo $action ?>" /> 
    24 <input type="hidden" name="cat_ID" value="<?php echo $category->term_id ?>" /> 
     24<input type="hidden" name="cat_ID" value="<?php echo (int) $category->term_id ?>" /> 
    2525<?php wp_nonce_field($nonce_action); ?> 
    2626        <table class="editform" width="100%" cellspacing="2" cellpadding="5"> 
    2727                <tr> 
     
    3535                <tr> 
    3636                        <th scope="row" valign="top"><label for="category_parent"><?php _e('Category parent:') ?></label></th> 
    3737                        <td>         
    38                                 <?php wp_dropdown_categories('hide_empty=0&name=category_parent&orderby=name&selected=' . $category->parent . '&hierarchical=1&show_option_none=' . __('None')); ?> 
     38                                <?php wp_dropdown_categories('hide_empty=0&name=category_parent&orderby=name&selected=' . (int) $category->parent . '&hierarchical=1&show_option_none=' . __('None')); ?> 
    3939                        </td> 
    4040                </tr> 
    4141                <tr>