Ticket #4333: 4333.diff
| File 4333.diff, 19.3 KB (added by , 16 years ago) |
|---|
-
wp-admin/admin-functions.php
1007 1007 $key_js = js_escape( $entry['meta_key'] ); 1008 1008 $entry['meta_key'] = attribute_escape($entry['meta_key']); 1009 1009 $entry['meta_value'] = attribute_escape($entry['meta_value']); 1010 $entry['meta_id'] = (int) $entry['meta_id']; 1010 1011 $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; 1011 1012 $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; 1012 1013 $r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>"; … … 1059 1060 <?php 1060 1061 1061 1062 foreach ( $keys as $key ) { 1062 $key = attribute_escape( $key );1063 $key = attribute_escape( $key ); 1063 1064 echo "\n\t<option value='$key'>$key</option>"; 1064 1065 } 1065 1066 ?> -
wp-admin/edit-page-form.php
8 8 $temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post() 9 9 $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />"; 10 10 } else { 11 $post_ID = (int) $post_ID; 11 12 $form_action = 'editpost'; 12 13 $nonce_action = 'update-page_' . $post_ID; 13 14 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; … … 28 29 echo '<input type="hidden" name="mode" value="bookmarklet" />'; 29 30 } 30 31 ?> 31 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />32 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 32 33 <input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' /> 33 34 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" /> 34 35 <?php echo $form_extra ?> … … 68 69 69 70 <fieldset id="passworddiv" class="dbx-box"> 70 71 <h3 class="dbx-handle"><?php _e('Page Password') ?></h3> 71 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password?>" /></div>72 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div> 72 73 </fieldset> 73 74 74 75 <fieldset id="pageparent" class="dbx-box"> … … 93 94 94 95 <fieldset id="slugdiv" class="dbx-box"> 95 96 <h3 class="dbx-handle"><?php _e('Page Slug') ?></h3> 96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name?>" /></div>97 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div> 97 98 </fieldset> 98 99 99 100 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?> … … 106 107 $o = get_userdata( $o->ID ); 107 108 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 108 109 else $selected = ''; 110 $o->ID = (int) $o->ID; 111 $o->display_name = wp_specialchars( $o->display_name ); 109 112 echo "<option value='$o->ID' $selected>$o->display_name</option>"; 110 113 endforeach; 111 114 ?> … … 116 119 117 120 <fieldset id="pageorder" class="dbx-box"> 118 121 <h3 class="dbx-handle"><?php _e('Page Order') ?></h3> 119 <div class="dbx-content"><p><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo $post->menu_order ?>" /></p></div>122 <div class="dbx-content"><p><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo (int) $post->menu_order ?>" /></p></div> 120 123 </fieldset> 121 124 122 125 <?php do_action('dbx_page_sidebar'); ?> … … 126 129 127 130 <fieldset id="titlediv"> 128 131 <legend><?php _e('Page Title') ?></legend> 129 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>132 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div> 130 133 </fieldset> 131 134 132 135 … … 159 162 160 163 <?php 161 164 if (current_user_can('upload_files')) { 162 $uploading_iframe_ID = ( 0 == $post_ID ? $temp_ID : $post_ID);165 $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID); 163 166 $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&tab=upload&post_id=$uploading_iframe_ID", 'inlineuploading'); 164 167 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 165 168 if ( false != $uploading_iframe_src ) -
wp-admin/comment.php
72 72 <?php if ( 'spam' == $_GET['dt'] ) { ?> 73 73 <input type='hidden' name='dt' value='spam' /> 74 74 <?php } ?> 75 <input type='hidden' name='p' value='<?php echo $comment->comment_post_ID; ?>' />76 <input type='hidden' name='c' value='<?php echo $comment->comment_ID; ?>' />75 <input type='hidden' name='p' value='<?php echo (int) $comment->comment_post_ID; ?>' /> 76 <input type='hidden' name='c' value='<?php echo (int) $comment->comment_ID; ?>' /> 77 77 <input type='hidden' name='noredir' value='1' /> 78 78 </form> 79 79 80 80 <table class="editform" cellpadding="5"> 81 81 <tr class="alt"> 82 82 <th scope="row"><?php _e('Author:'); ?></th> 83 <td><?php echo $comment->comment_author; ?></td>83 <td><?php echo wp_specialchars( $comment->comment_author ); ?></td> 84 84 </tr> 85 85 <?php if ( $comment->comment_author_email ) { ?> 86 86 <tr> 87 87 <th scope="row"><?php _e('E-mail:'); ?></th> 88 <td><?php echo $comment->comment_author_email; ?></td>88 <td><?php echo wp_specialchars( $comment->comment_author_email ); ?></td> 89 89 </tr> 90 90 <?php } ?> 91 91 <?php if ( $comment->comment_author_url ) { ?> 92 92 <tr> 93 93 <th scope="row"><?php _e('URL:'); ?></th> 94 <td>< ?php echo "<a href='$comment->comment_author_url'>$comment->comment_author_url</a>"; ?></td>94 <td><a href='<?php echo clean_url( $comment->comment_author_url ); ?>'><?php echo wp_specialchars( $comment->comment_author_url ); ?></a></td> 95 95 </tr> 96 96 <?php } ?> 97 97 <tr> … … 155 155 if ((wp_get_referer() != "") && (false == $noredir)) { 156 156 wp_redirect(wp_get_referer()); 157 157 } else { 158 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' .$comment->comment_post_ID.'&c=1#comments');158 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' . (int) $comment->comment_post_ID.'&c=1#comments'); 159 159 } 160 160 exit(); 161 161 break; … … 185 185 if ((wp_get_referer() != "") && (false == $noredir)) { 186 186 wp_redirect(wp_get_referer()); 187 187 } else { 188 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' .$comment->comment_post_ID.'&c=1#comments');188 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' . (int) $comment->comment_post_ID.'&c=1#comments'); 189 189 } 190 190 exit(); 191 191 break; -
wp-admin/edit-form.php
6 6 <?php if (isset($mode) && 'bookmarklet' == $mode) : ?> 7 7 <input type="hidden" name="mode" value="bookmarklet" /> 8 8 <?php endif; ?> 9 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />9 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 10 10 <input type="hidden" name="action" value='post' /> 11 11 12 12 <script type="text/javascript"> … … 21 21 <div id="poststuff"> 22 22 <fieldset id="titlediv"> 23 23 <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 24 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>24 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div> 25 25 </fieldset> 26 26 27 27 <fieldset id="categorydiv"> … … 49 49 //--> 50 50 </script> 51 51 52 <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />52 <input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" /> 53 53 54 54 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?> 55 55 <input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p> … … 64 64 <?php if ('bookmarklet' != $mode) { 65 65 echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' . __('Advanced Editing »') . '" />'; 66 66 } ?> 67 <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />67 <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" /> 68 68 </p> 69 69 70 70 <?php do_action('simple_edit_form', ''); ?> -
wp-admin/edit-form-comment.php
2 2 $submitbutton_text = __('Edit Comment »'); 3 3 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID); 4 4 $form_action = 'editedcomment'; 5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . (int) $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . (int) $comment->comment_post_ID; 6 6 ?> 7 7 8 8 <form name="post" action="comment.php" method="post" id="post"> 9 9 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> 10 10 <div class="wrap"> 11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />11 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 12 12 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' /> 13 13 14 14 <script type="text/javascript"> … … 20 20 <fieldset id="namediv"> 21 21 <legend><label for="name"><?php _e('Name:') ?></label></legend> 22 22 <div> 23 <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author?>" tabindex="1" id="name" />23 <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" /> 24 24 </div> 25 25 </fieldset> 26 26 <fieldset id="emaildiv"> 27 27 <legend><label for="email"><?php _e('E-mail:') ?></label></legend> 28 28 <div> 29 <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email?>" tabindex="2" id="email" />29 <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" /> 30 30 </div> 31 31 </fieldset> 32 32 <fieldset id="uridiv"> 33 33 <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend> 34 34 <div> 35 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url?>" tabindex="3" />35 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" /> 36 36 </div> 37 37 </fieldset> 38 38 … … 68 68 <tr> 69 69 <th scope="row" valign="top"><?php _e('Delete'); $delete_nonce = wp_create_nonce( 'delete-comment_' . $comment->comment_ID ); ?>:</th> 70 70 <td><input name="deletecomment" class="button delete" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n 'Cancel' to stop, 'OK' to delete.")) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> /> 71 <input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" />72 <input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />71 <input type="hidden" name="c" value="<?php echo (int) $comment->comment_ID ?>" /> 72 <input type="hidden" name="p" value="<?php echo (int) $comment->comment_post_ID ?>" /> 73 73 <input type="hidden" name="noredir" value="1" /> 74 74 </td> 75 75 </tr> -
wp-admin/edit-form-advanced.php
1 1 <?php 2 if ( isset($_GET['message']) ) 3 $_GET['message'] = (int) $_GET['message']; 2 4 $messages[1] = __('Post updated'); 3 5 $messages[2] = __('Custom field updated'); 4 6 $messages[3] = __('Custom field deleted.'); 5 7 ?> 6 8 <?php if (isset($_GET['message'])) : ?> 7 <div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>9 <div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div> 8 10 <?php endif; ?> 9 11 10 12 <form name="post" action="post.php" method="post" id="post"> … … 21 23 $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />"; 22 24 wp_nonce_field('add-post'); 23 25 } else { 26 $post_ID = (int) $post_ID; 24 27 $form_action = 'editpost'; 25 28 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 26 29 wp_nonce_field('update-post_' . $post_ID); 27 30 } 28 31 29 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';32 $form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />'; 30 33 31 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status. '" />';34 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />'; 32 35 33 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';36 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />'; 34 37 35 38 if ('' != $post->pinged) { 36 39 $pings = '<p>'. __('Already pinged:') . '</p><ul>'; … … 41 44 $pings .= '</ul>'; 42 45 } 43 46 44 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';47 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />'; 45 48 46 49 if (empty($post->post_status)) $post->post_status = 'draft'; 47 50 48 51 ?> 49 52 50 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />53 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 51 54 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" /> 52 55 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" /> 53 <input type="hidden" name="post_author" value="<?php echo $post->post_author?>" />56 <input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" /> 54 57 <input type="hidden" id="post_type" name="post_type" value="post" /> 55 58 56 59 <?php echo $form_extra ?> … … 88 91 89 92 <fieldset id="passworddiv" class="dbx-box"> 90 93 <h3 class="dbx-handle"><?php _e('Post Password') ?></h3> 91 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password?>" /></div>94 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div> 92 95 </fieldset> 93 96 94 97 <fieldset id="slugdiv" class="dbx-box"> 95 98 <h3 class="dbx-handle"><?php _e('Post Slug') ?></h3> 96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name?>" /></div>99 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div> 97 100 </fieldset> 98 101 99 102 <fieldset id="poststatusdiv" class="dbx-box"> … … 125 128 $o = get_userdata( $o->ID ); 126 129 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 127 130 else $selected = ''; 128 echo "<option value=' $o->ID' $selected>$o->display_name</option>";131 echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>"; 129 132 endforeach; 130 133 ?> 131 134 </select> … … 140 143 141 144 <fieldset id="titlediv"> 142 145 <legend><?php _e('Title') ?></legend> 143 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>146 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div> 144 147 </fieldset> 145 148 146 149 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>"> … … 167 170 <p class="submit"> 168 171 <span id="autosave"></span> 169 172 <?php echo $saveasdraft; ?> 170 <input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" />173 <input type="submit" name="submit" value="<?php _e('Save'); ?>" style="font-weight: bold;" tabindex="4" /> 171 174 <?php 172 175 if ('publish' != $post->post_status || 0 == $post_ID) { 173 176 ?> … … 190 193 191 194 <?php 192 195 if (current_user_can('upload_files')) { 193 $uploading_iframe_ID = ( 0 == $post_ID ? $temp_ID : $post_ID);196 $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID); 194 197 $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&tab=upload&post_id=$uploading_iframe_ID", 'inlineuploading'); 195 198 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 196 199 if ( false != $uploading_iframe_src ) -
wp-admin/edit-category-form.php
21 21 <div id="ajax-response"></div> 22 22 <?php echo $form ?> 23 23 <input type="hidden" name="action" value="<?php echo $action ?>" /> 24 <input type="hidden" name="cat_ID" value="<?php echo $category->term_id ?>" />24 <input type="hidden" name="cat_ID" value="<?php echo (int) $category->term_id ?>" /> 25 25 <?php wp_nonce_field($nonce_action); ?> 26 26 <table class="editform" width="100%" cellspacing="2" cellpadding="5"> 27 27 <tr> … … 35 35 <tr> 36 36 <th scope="row" valign="top"><label for="category_parent"><?php _e('Category parent:') ?></label></th> 37 37 <td> 38 <?php wp_dropdown_categories('hide_empty=0&name=category_parent&orderby=name&selected=' . $category->parent . '&hierarchical=1&show_option_none=' . __('None')); ?>38 <?php wp_dropdown_categories('hide_empty=0&name=category_parent&orderby=name&selected=' . (int) $category->parent . '&hierarchical=1&show_option_none=' . __('None')); ?> 39 39 </td> 40 40 </tr> 41 41 <tr>