Make WordPress Core


Ignore:
Timestamp:
04/27/2009 11:09:08 PM (16 years ago)
Author:
ryan
Message:

Some attr escaping. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-comment.php

    r10995 r11104  
    1313$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
    1414$form_action = 'editedcomment';
    15 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
     15$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . attr($comment->comment_post_ID);
    1616?>
    1717
     
    7373</div>
    7474<div id="publishing-action">
    75 <input type="submit" name="save" value="<?php _e('Update Comment'); ?>" tabindex="4" class="button-primary" />
     75<input type="submit" name="save" value="<?php _ea('Update Comment'); ?>" tabindex="4" class="button-primary" />
    7676</div>
    7777<div class="clear"></div>
     
    102102        }
    103103?></td>
    104     <td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $email; ?>" tabindex="2" id="email" /></td>
     104    <td><input type="text" name="newcomment_author_email" size="30" value="<?php echo attr($email); ?>" tabindex="2" id="email" /></td>
    105105</tr>
    106106<tr valign="top">
     
    114114            _e( 'URL:' );
    115115        } ?></td>
    116     <td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo $url; ?>" tabindex="3" /></td>
     116    <td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo attr($url); ?>" tabindex="3" /></td>
    117117</tr>
    118118</tbody>
     
    129129<?php do_meta_boxes('comment', 'normal', $comment); ?>
    130130
    131 <input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" />
    132 <input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />
     131<input type="hidden" name="c" value="<?php echo attr($comment->comment_ID) ?>" />
     132<input type="hidden" name="p" value="<?php echo attr($comment->comment_post_ID) ?>" />
    133133<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
    134134<?php wp_original_referer_field(true, 'previous'); ?>
Note: See TracChangeset for help on using the changeset viewer.