WordPress.org

Make WordPress Core

Changeset 11109


Ignore:
Timestamp:
04/28/2009 05:58:45 AM (11 years ago)
Author:
ryan
Message:

s/attribute_escape/attr/. see #9650

Location:
trunk
Files:
84 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r11104 r11109  
    475475        $level++;
    476476    }
    477     $cat_full_name = attribute_escape($cat_full_name);
     477    $cat_full_name = attr($cat_full_name);
    478478
    479479    $x = new WP_Ajax_Response( array(
     
    553553
    554554    $tag_full_name = $tag->name;
    555     $tag_full_name = attribute_escape($tag_full_name);
     555    $tag_full_name = attr($tag_full_name);
    556556
    557557    $x = new WP_Ajax_Response( array(
  • trunk/wp-admin/custom-header.php

    r11104 r11109  
    288288<input type="button" class="button" value="<?php _ea('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php _ea('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
    289289<?php wp_nonce_field('custom-header') ?>
    290 <input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form>
     290<input type="hidden" name="textcolor" id="textcolor" value="#<?php attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form>
    291291<?php } ?>
    292292
     
    297297<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
    298298
    299 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
     299<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
    300300<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
    301301<input type="hidden" name="action" value="save" />
     
    312312<h2><?php _e('Reset Header Image and Color'); ?></h2>
    313313<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
    314 <form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
     314<form method="post" action="<?php echo attr(add_query_arg('step', 1)) ?>">
    315315<?php wp_nonce_field('custom-header'); ?>
    316316<input type="submit" class="button" name="resetheader" value="<?php _ea('Restore Original Header'); ?>" />
     
    373373<div class="wrap">
    374374
    375 <form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
     375<form method="POST" action="<?php echo attr(add_query_arg('step', 3)) ?>">
    376376
    377377<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
  • trunk/wp-admin/edit-attachment-rows.php

    r10774 r11109  
    6363?>
    6464
    65                 <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>">
     65                <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>">
    6666                    <?php echo $thumb; ?>
    6767                </a>
     
    7575    case 'media':
    7676        ?>
    77         <td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
     77        <td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
    7878        <?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
    7979        <p>
     
    8484        if ( current_user_can('delete_post', $post->ID) )
    8585            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    86         $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
     86        $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    8787        $action_count = count($actions);
    8888        $i = 0;
     
    183183        ?>
    184184        <td <?php echo $attributes ?>>
    185         <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
     185        <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
    186186        <a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a>
    187187        </td>
  • trunk/wp-admin/edit-category-form.php

    r11104 r11109  
    5050        <tr class="form-field form-required">
    5151            <th scope="row" valign="top"><label for="cat_name"><?php _e('Category Name') ?></label></th>
    52             <td><input name="cat_name" id="cat_name" type="text" value="<?php echo attribute_escape($category->name); ?>" size="40" aria-required="true" /><br />
     52            <td><input name="cat_name" id="cat_name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /><br />
    5353            <?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></td>
    5454        </tr>
    5555        <tr class="form-field">
    5656            <th scope="row" valign="top"><label for="category_nicename"><?php _e('Category Slug') ?></label></th>
    57             <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attribute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
     57            <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
    5858            <?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
    5959        </tr>
  • trunk/wp-admin/edit-comments.php

    r11104 r11109  
    8484require_once('admin-header.php');
    8585
    86 $mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attribute_escape($_GET['mode']);
     86$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']);
    8787
    8888$default_status = get_user_option('edit_comments_last_view');
     
    9595    update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status);
    9696
    97 $comment_type = !empty($_GET['comment_type']) ? attribute_escape($_GET['comment_type']) : '';
     97$comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : '';
    9898
    9999$search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : '';
    100 $search = attribute_escape( $search_dirty ); ?>
     100$search = attr( $search_dirty ); ?>
    101101
    102102<div class="wrap">
     
    165165    // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
    166166    if ( !empty( $_GET['s'] ) )
    167         $link = add_query_arg( 's', attribute_escape( stripslashes( $_GET['s'] ) ), $link );
     167        $link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link );
    168168    */
    169169    $status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf(
     
    365365    <input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" />
    366366    <input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
    367     <input type="hidden" name="p" value="<?php echo attribute_escape( $post_id ); ?>" />
    368     <input type="hidden" name="comment_type" value="<?php echo attribute_escape( $comment_type ); ?>" />
     367    <input type="hidden" name="p" value="<?php echo attr( $post_id ); ?>" />
     368    <input type="hidden" name="comment_type" value="<?php echo attr( $comment_type ); ?>" />
    369369    <?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>
    370370</form>
  • trunk/wp-admin/edit-form-advanced.php

    r11104 r11109  
    1717if ( isset($_GET['message']) )
    1818    $_GET['message'] = absint( $_GET['message'] );
    19 $messages[1] = sprintf( __( 'Post updated. Continue editing below or <a href="%s">go back</a>.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
     19$messages[1] = sprintf( __( 'Post updated. Continue editing below or <a href="%s">go back</a>.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
    2020$messages[2] = __('Custom field updated.');
    2121$messages[3] = __('Custom field deleted.');
     
    170170
    171171<div id="post-visibility-select" class="hide-if-js">
    172 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attribute_escape($post->post_password); ?>" />
     172<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
    173173<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> />
    174 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attribute_escape( $visibility ); ?>" />
     174<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
    175175
    176176
     
    178178<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
    179179<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
    180 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /><br /></span>
     180<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
    181181<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
    182182
     
    272272    $tax_name = substr($box['id'], 8);
    273273    $taxonomy = get_taxonomy($tax_name);
    274     $helps = isset($taxonomy->helps) ? attribute_escape($taxonomy->helps) : __('Separate tags with commas.');
     274    $helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.');
    275275?>
    276276<div class="tagsdiv" id="<?php echo $tax_name; ?>">
     
    294294    if ( !is_taxonomy_hierarchical($tax_name) ) {
    295295        $taxonomy = get_taxonomy($tax_name);
    296         $label = isset($taxonomy->label) ? attribute_escape($taxonomy->label) : $tax_name;
     296        $label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name;
    297297
    298298        add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core');
     
    385385 */
    386386function post_trackback_meta_box($post) {
    387     $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
     387    $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
    388388    if ('' != $post->pinged) {
    389389        $pings = '<p>'. __('Already pinged:') . '</p><ul>';
     
    498498function post_slug_meta_box($post) {
    499499?>
    500 <label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
     500<label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
    501501<?php
    502502}
     
    575575<input type="hidden" id="hiddenaction" name="action" value="<?php echo attr($form_action) ?>" />
    576576<input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
    577 <input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
     577<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
    578578<input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
    579579<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
     
    596596<div id="titlediv">
    597597<div id="titlewrap">
    598     <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
     598    <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
    599599</div>
    600600<div class="inside">
  • trunk/wp-admin/edit-form-comment.php

    r11104 r11109  
    2727<?php
    2828
    29 $email = attribute_escape( $comment->comment_author_email );
    30 $url = attribute_escape( $comment->comment_author_url );
     29$email = attr( $comment->comment_author_email );
     30$url = attr( $comment->comment_author_url );
    3131// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
    3232?>
     
    9191<tr valign="top">
    9292    <td class="first"><?php _e( 'Name:' ); ?></td>
    93     <td><input type="text" name="newcomment_author" size="30" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
     93    <td><input type="text" name="newcomment_author" size="30" value="<?php echo attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
    9494</tr>
    9595<tr valign="top">
  • trunk/wp-admin/edit-link-category-form.php

    r11104 r11109  
    6868        <tr class="form-field">
    6969            <th scope="row" valign="top"><label for="slug"><?php _e('Link Category slug') ?></label></th>
    70             <td><input name="slug" id="slug" type="text" value="<?php echo attribute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
     70            <td><input name="slug" id="slug" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
    7171            <?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
    7272        </tr>
  • trunk/wp-admin/edit-link-form.php

    r11104 r11109  
    405405<input type="hidden" name="action" value="save" />
    406406<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
    407 <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
     407<input type="hidden" name="order_by" value="<?php echo attr($order_by); ?>" />
    408408<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
    409409<?php else: ?>
  • trunk/wp-admin/edit-page-form.php

    r11104 r11109  
    1919if ( isset($_GET['message']) )
    2020    $_GET['message'] = absint( $_GET['message'] );
    21 $messages[1] = sprintf( __( 'Page updated. Continue editing below or <a href="%s">go back</a>.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
     21$messages[1] = sprintf( __( 'Page updated. Continue editing below or <a href="%s">go back</a>.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
    2222$messages[2] = __('Custom field updated.');
    2323$messages[3] = __('Custom field deleted.');
     
    7474<div id="save-action">
    7575<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?>
    76 <input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />
     76<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attr( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />
    7777<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
    78 <input type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />
     78<input type="submit" name="save" id="save-post" value="<?php echo attr( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />
    7979<?php } ?>
    8080</div>
     
    163163
    164164<div id="post-visibility-select" class="hide-if-js">
    165 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attribute_escape($post->post_password); ?>" />
    166 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attribute_escape( $visibility ); ?>" />
     165<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
     166<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
    167167
    168168
    169169<input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
    170170<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
    171 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /><br /></span>
     171<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
    172172<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
    173173
     
    350350function page_slug_meta_box($post){
    351351?>
    352 <label class="hidden" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
     352<label class="hidden" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
    353353<?php
    354354}
     
    420420<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
    421421<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
    422 <input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
     422<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
    423423<?php echo $form_extra ?>
    424424<input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
     
    443443<div id="titlediv">
    444444<div id="titlewrap">
    445   <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
     445  <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
    446446</div>
    447447<div class="inside">
  • trunk/wp-admin/edit-pages.php

    r11036 r11109  
    176176
    177177<?php if ( isset($_GET['post_status'] ) ) : ?>
    178 <input type="hidden" name="post_status" value="<?php echo attribute_escape($_GET['post_status']) ?>" />
     178<input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
    179179<?php endif; ?>
    180180
  • trunk/wp-admin/edit-tag-form.php

    r10903 r11109  
    2222<input type="hidden" name="action" value="editedtag" />
    2323<input type="hidden" name="tag_ID" value="<?php echo $tag->term_id ?>" />
    24 <input type="hidden" name="taxonomy" value="<?php echo attribute_escape($taxonomy) ?>" />
     24<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy) ?>" />
    2525<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?>
    2626    <table class="form-table">
    2727        <tr class="form-field form-required">
    2828            <th scope="row" valign="top"><label for="name"><?php _e('Tag name') ?></label></th>
    29             <td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attribute_escape($tag->name); ?>" size="40" aria-required="true" />
     29            <td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attr($tag->name); ?>" size="40" aria-required="true" />
    3030            <p><?php _e('The name is how the tag appears on your site.'); ?></p></td>
    3131        </tr>
    3232        <tr class="form-field">
    3333            <th scope="row" valign="top"><label for="slug"><?php _e('Tag slug') ?></label></th>
    34             <td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attribute_escape(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
     34            <td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
    3535            <p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td>
    3636        </tr>
  • trunk/wp-admin/edit-tags.php

    r10943 r11109  
    171171<div class="col-wrap">
    172172<form id="posts-filter" action="" method="get">
    173 <input type="hidden" name="taxonomy" value="<?php echo attribute_escape($taxonomy); ?>" />
     173<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" />
    174174<div class="tablenav">
    175175<?php
     
    277277<form name="addtag" id="addtag" method="post" action="edit-tags.php" class="add:the-list: validate">
    278278<input type="hidden" name="action" value="addtag" />
    279 <input type="hidden" name="taxonomy" value="<?php echo attribute_escape($taxonomy); ?>" />
     279<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" />
    280280<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('add-tag'); ?>
    281281
  • trunk/wp-admin/edit.php

    r10943 r11109  
    9393    $mode = 'list';
    9494else
    95     $mode = attribute_escape($_GET['mode']); ?>
     95    $mode = attr($_GET['mode']); ?>
    9696
    9797<div class="wrap">
     
    171171
    172172<?php if ( isset($_GET['post_status'] ) ) : ?>
    173 <input type="hidden" name="post_status" value="<?php echo attribute_escape($_GET['post_status']) ?>" />
     173<input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
    174174<?php endif; ?>
    175175<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
  • trunk/wp-admin/import/dotclear.php

    r10606 r11109  
    216216        wp_nonce_field('import-dotclear');
    217217        $this->db_form();
    218         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attribute_escape(__('Import Categories')).'" /></p>';
     218        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr(__('Import Categories')).'" /></p>';
    219219        echo '</form></div>';
    220220    }
     
    633633        echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
    634634        wp_nonce_field('import-dotclear');
    635         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Users')));
     635        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Users')));
    636636        echo '</form>';
    637637
     
    646646        echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
    647647        wp_nonce_field('import-dotclear');
    648         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Posts')));
     648        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Posts')));
    649649        echo '</form>';
    650650    }
     
    660660        echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
    661661        wp_nonce_field('import-dotclear');
    662         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Comments')));
     662        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Comments')));
    663663        echo '</form>';
    664664    }
     
    672672        echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
    673673        wp_nonce_field('import-dotclear');
    674         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Links')));
     674        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Links')));
    675675        echo '</form>';
    676676    }
     
    685685        echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
    686686        wp_nonce_field('import-dotclear');
    687         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Finish')));
     687        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Finish')));
    688688        echo '</form>';
    689689    }
  • trunk/wp-admin/import/livejournal.php

    r11081 r11109  
    185185            <p><?php _e( 'It looks like you attempted to import your LiveJournal posts previously and got interrupted.' ) ?></p>
    186186            <p class="submit">
    187                 <input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Continue previous import' ) ) ?>" />
     187                <input type="submit" class="button-primary" value="<?php echo attr( __( 'Continue previous import' ) ) ?>" />
    188188            </p>
    189             <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attribute_escape( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p>
     189            <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p>
    190190            <p>
    191191        <?php else : ?>
     
    224224
    225225            <p class="submit">
    226                 <input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Connect to LiveJournal and Import' ) ) ?>" />
     226                <input type="submit" class="button-primary" value="<?php echo attr( __( 'Connect to LiveJournal and Import' ) ) ?>" />
    227227            </p>
    228228
     
    725725            ?>
    726726            <p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p>
    727             <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attribute_escape( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
     727            <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
    728728            <?php
    729729            return false;
     
    737737                ?>
    738738                <p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p>
    739                 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attribute_escape( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
     739                <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
    740740                <?php
    741741                return false;
     
    817817            <?php wp_nonce_field( 'lj-api-import' ) ?>
    818818            <input type="hidden" name="step" id="step" value="1" />
    819             <p><input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
     819            <p><input type="submit" class="button-primary" value="<?php echo attr( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
    820820            </form>
    821821            <?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?>
     
    867867            <?php wp_nonce_field( 'lj-api-import' ) ?>
    868868            <input type="hidden" name="step" id="step" value="2" />
    869             <p><input type="submit" class="button-primary" value="<?php echo attribute_escape( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
     869            <p><input type="submit" class="button-primary" value="<?php echo attr( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>
    870870            </form>
    871871            <?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?>
     
    943943        $str .= wp_referer_field( false );
    944944        $str .= '<input type="hidden" name="step" id="step" value="' . $next_step . '" />';
    945         $str .= '<p><input type="submit" class="button-primary" value="' . attribute_escape( $label ) . '" /> <span id="auto-message"></span></p>';
     945        $str .= '<p><input type="submit" class="button-primary" value="' . attr( $label ) . '" /> <span id="auto-message"></span></p>';
    946946        $str .= '</form>';
    947947
  • trunk/wp-admin/import/mt.php

    r10810 r11109  
    4040
    4141<?php wp_import_upload_form( add_query_arg('step', 1) ); ?>
    42 <form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)); ?>" class="import-upload-form">
     42<form method="post" action="<?php echo attr(add_query_arg('step', 1)); ?>" class="import-upload-form">
    4343
    4444<?php wp_nonce_field('import-upload'); ?>
     
    4747<?php _e('Or use <code>mt-export.txt</code> in your <code>/wp-content/</code> directory'); ?></p>
    4848<p class="submit">
    49 <input type="submit" class="button" value="<?php echo attribute_escape(__('Import mt-export.txt')); ?>" />
     49<input type="submit" class="button" value="<?php echo attr(__('Import mt-export.txt')); ?>" />
    5050</p>
    5151</form>
  • trunk/wp-admin/import/textpattern.php

    r10606 r11109  
    7171        wp_nonce_field('import-textpattern');
    7272        $this->db_form();
    73         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attribute_escape(__('Import')).'" /></p>';
     73        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr(__('Import')).'" /></p>';
    7474        echo '</form>';
    7575        echo '</div>';
     
    506506        echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
    507507        wp_nonce_field('import-textpattern');
    508         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Users')));
     508        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Users')));
    509509        echo '</form>';
    510510
     
    519519        echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
    520520        wp_nonce_field('import-textpattern');
    521         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Posts')));
     521        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Posts')));
    522522        echo '</form>';
    523523    }
     
    533533        echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
    534534        wp_nonce_field('import-textpattern');
    535         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Comments')));
     535        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Comments')));
    536536        echo '</form>';
    537537    }
     
    545545        echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
    546546        wp_nonce_field('import-textpattern');
    547         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Links')));
     547        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Links')));
    548548        echo '</form>';
    549549    }
     
    558558        echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
    559559        wp_nonce_field('import-textpattern');
    560         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Finish')));
     560        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Finish')));
    561561        echo '</form>';
    562562    }
  • trunk/wp-admin/import/wordpress.php

    r10606 r11109  
    234234
    235235        echo '<p class="submit">';
    236         echo '<input type="submit" class="button" value="'.attribute_escape( __('Submit') ).'" />'.'<br />';
     236        echo '<input type="submit" class="button" value="'.attr( __('Submit') ).'" />'.'<br />';
    237237        echo '</p>';
    238238        echo '</form>';
  • trunk/wp-admin/import/wp-cat2tag.php

    r10608 r11109  
    185185
    186186<?php   foreach ( $this->all_tags as $tag ) { ?>
    187     <li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attribute_escape($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id),  $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>
     187    <li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id),  $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>
    188188
    189189<?php   } ?>
  • trunk/wp-admin/includes/bookmark.php

    r10414 r11109  
    6060
    6161    if ( isset( $_GET['name'] ) )
    62         $link->link_name = attribute_escape( $_GET['name']);
     62        $link->link_name = attr( $_GET['name']);
    6363    else
    6464        $link->link_name = '';
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r11089 r11109  
    821821        }
    822822        $update_actions =  array(
    823             'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attribute_escape(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
    824             'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attribute_escape(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'
     823            'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
     824            'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'
    825825        );
    826826        if ( $this->plugin_active )
     
    872872
    873873        $install_actions = array(
    874             'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attribute_escape(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
     874            'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
    875875                            );
    876876
    877877        if ( $this->type == 'web' )
    878             $install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attribute_escape(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';
     878            $install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attr(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';
    879879        else
    880             $install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attribute_escape(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>';
     880            $install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>';
    881881
    882882
     
    937937
    938938        $install_actions = array(
    939             'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attribute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
    940             'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . attribute_escape( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>'
     939            'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
     940            'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . attr( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>'
    941941                            );
    942942
    943943        if ( $this->type == 'web' )
    944             $install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attribute_escape(__('Back to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>';
     944            $install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attr(__('Back to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>';
    945945        else
    946             $install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attribute_escape(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>';
     946            $install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>';
    947947
    948948        if ( ! $this->result || is_wp_error($this->result) )
     
    996996
    997997        $update_actions =  array(
    998             'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attribute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
    999             'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . attribute_escape( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>',
    1000             'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attribute_escape(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>',
     998            'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',
     999            'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . attr( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>',
     1000            'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>',
    10011001        );
    10021002        if ( ( ! $this->result || is_wp_error($this->result) ) || $stylesheet == get_stylesheet() )
  • trunk/wp-admin/includes/dashboard.php

    r11081 r11109  
    372372        <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
    373373        <div class="input-text-wrap">
    374             <input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attribute_escape( $post->post_title ); ?>" />
     374            <input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attr( $post->post_title ); ?>" />
    375375        </div>
    376376
     
    433433            $url = get_edit_post_link( $draft->ID );
    434434            $title = _draft_or_post_title( $draft->ID );
    435             $item = "<h4><a href='$url' title='" . sprintf( __( 'Edit "%s"' ), attribute_escape( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
     435            $item = "<h4><a href='$url' title='" . sprintf( __( 'Edit "%s"' ), attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
    436436            if ( $the_content = preg_split( '#\s#', strip_tags( $draft->post_content ), 11, PREG_SPLIT_NO_EMPTY ) )
    437437                $item .= '<p>' . join( ' ', array_slice( $the_content, 0, 10 ) ) . ( 10 < count( $the_content ) ? '&hellip;' : '' ) . '</p>';
     
    580580            <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
    581581                <textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
    582                 <div class="author-email"><?php echo attribute_escape( $comment->comment_author_email ); ?></div>
    583                 <div class="author"><?php echo attribute_escape( $comment->comment_author ); ?></div>
    584                 <div class="author-url"><?php echo attribute_escape( $comment->comment_author_url ); ?></div>
     582                <div class="author-email"><?php echo attr( $comment->comment_author_email ); ?></div>
     583                <div class="author"><?php echo attr( $comment->comment_author ); ?></div>
     584                <div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
    585585                <div class="comment_status"><?php echo $comment->comment_approved; ?></div>
    586586            </div>
  • trunk/wp-admin/includes/file.php

    r11063 r11109  
    732732<tr valign="top">
    733733<th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th>
    734 <td><input name="hostname" type="text" id="hostname" value="<?php echo attribute_escape($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
     734<td><input name="hostname" type="text" id="hostname" value="<?php echo attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
    735735</tr>
    736736
    737737<tr valign="top">
    738738<th scope="row"><label for="username"><?php _e('Username') ?></label></th>
    739 <td><input name="username" type="text" id="username" value="<?php echo attribute_escape($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
     739<td><input name="username" type="text" id="username" value="<?php echo attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
    740740</tr>
    741741
     
    751751<label for="private_key"><?php _e('Private Key:') ?></label>
    752752</div></th>
    753 <td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attribute_escape($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attribute_escape($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
     753<td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
    754754<div><?php _e('Enter the location on the server where the keys are located. If a passphrase is needed, enter that in the password field above.') ?></div></td>
    755755</tr>
     
    768768
    769769<?php if ( isset( $_POST['version'] ) ) : ?>
    770 <input type="hidden" name="version" value="<?php echo attribute_escape($_POST['version']) ?>" />
     770<input type="hidden" name="version" value="<?php echo attr($_POST['version']) ?>" />
    771771<?php endif; ?>
    772772<?php if ( isset( $_POST['locale'] ) ) : ?>
    773 <input type="hidden" name="locale" value="<?php echo attribute_escape($_POST['locale']) ?>" />
     773<input type="hidden" name="locale" value="<?php echo attr($_POST['locale']) ?>" />
    774774<?php endif; ?>
    775775<p class="submit">
  • trunk/wp-admin/includes/manifest.php

    r11079 r11109  
    2727 * @ignore
    2828 */
    29 function attribute_escape() {}
     29function attr() {}
    3030
    3131/**
  • trunk/wp-admin/includes/media.php

    r11052 r11109  
    7979            $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
    8080            $link = "<a href='" . clean_url($href) . "'$class>$text</a>";
    81             echo "\t<li id='" . attribute_escape("tab-$callback") . "'>$link</li>\n";
     81            echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n";
    8282        }
    8383        echo "</ul>\n";
     
    105105    $html = get_image_tag($id, $htmlalt, $title, $align, $size);
    106106
    107     $rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : '';
     107    $rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : '';
    108108
    109109    if ( $url )
     
    425425        if ( !empty($attachment['url']) ) {
    426426            if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) )
    427                 $rel = " rel='attachment wp-att-".attribute_escape($send_id)."'";
     427                $rel = " rel='attachment wp-att-".attr($send_id)."'";
    428428            $html = "<a href='{$attachment['url']}'$rel>$html</a>";
    429429        }
     
    460460        if ( !empty($src) && !strpos($src, '://') )
    461461            $src = "http://$src";
    462         $alt = attribute_escape($_POST['insertonly']['alt']);
     462        $alt = attr($_POST['insertonly']['alt']);
    463463        if ( isset($_POST['insertonly']['align']) ) {
    464             $align = attribute_escape($_POST['insertonly']['align']);
     464            $align = attr($_POST['insertonly']['align']);
    465465            $class = " class='align$align'";
    466466        }
     
    554554        if ( !empty($href) && !strpos($href, '://') )
    555555            $href = "http://$href";
    556         $title = attribute_escape($_POST['insertonly']['title']);
     556        $title = attr($_POST['insertonly']['title']);
    557557        if ( empty($title) )
    558558            $title = basename($href);
     
    608608        if ( !empty($href) && !strpos($href, '://') )
    609609            $href = "http://$href";
    610         $title = attribute_escape($_POST['insertonly']['title']);
     610        $title = attr($_POST['insertonly']['title']);
    611611        if ( empty($title) )
    612612            $title = basename($href);
     
    662662        if ( !empty($href) && !strpos($href, '://') )
    663663            $href = "http://$href";
    664         $title = attribute_escape($_POST['insertonly']['title']);
     664        $title = attr($_POST['insertonly']['title']);
    665665        if ( empty($title) )
    666666            $title = basename($href);
     
    826826        $url = $link;
    827827
    828     return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attribute_escape($url) . "' /><br />
     828    return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br />
    829829                <button type='button' class='button urlnone' title=''>" . __('None') . "</button>
    830                 <button type='button' class='button urlfile' title='" . attribute_escape($file) . "'>" . __('File URL') . "</button>
    831                 <button type='button' class='button urlpost' title='" . attribute_escape($link) . "'>" . __('Post URL') . "</button>
     830                <button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button>
     831                <button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button>
    832832";
    833833}
     
    989989            'label'      => __('File URL'),
    990990            'input'      => 'html',
    991             'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attribute_escape($image_url) . "' /><br />",
     991            'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />",
    992992            'value'      => isset($edit_post->post_url) ? $edit_post->post_url : '',
    993993            'helps'      => __('Location of the uploaded file.'),
     
    10861086
    10871087    $filename = basename($post->guid);
    1088     $title = attribute_escape($post->post_title);
     1088    $title = attr($post->post_title);
    10891089
    10901090    if ( $_tags = get_the_tags($attachment_id) ) {
    10911091        foreach ( $_tags as $tag )
    10921092            $tags[] = $tag->name;
    1093         $tags = attribute_escape(join(', ', $tags));
     1093        $tags = attr(join(', ', $tags));
    10941094    }
    10951095
     
    10981098        $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
    10991099        $type = array_shift($keys);
    1100         $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />";
     1100        $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />";
    11011101    }
    11021102
     
    11571157    $delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
    11581158    if ( $send )
    1159         $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />";
     1159        $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attr( __( 'Insert into Post' ) ) . "' />";
    11601160    if ( $delete )
    11611161        $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
     
    11951195            $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
    11961196        } else {
    1197             $item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "'" . $aria_required . "/>";
     1197            $item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>";
    11981198        }
    11991199        if ( !empty($field['helps']) )
     
    12231223
    12241224    foreach ( $hidden_fields as $name => $value )
    1225         $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n";
     1225        $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n";
    12261226
    12271227    if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) {
     
    13041304            button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
    13051305            button_placeholder_id: "flash-browse-button",
    1306             upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
     1306            upload_url : "<?php echo attr( $flash_action_url ); ?>",
    13071307            flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>",
    13081308            file_post_name: "async-upload",
     
    13511351<?php do_action('pre-html-upload-ui'); ?>
    13521352    <p id="async-upload-wrap">
    1353     <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
     1353    <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attr(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
    13541354    </p>
    13551355    <div class="clear"></div>
     
    13811381?>
    13821382
    1383 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
     1383<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
    13841384<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    13851385<?php wp_nonce_field('media-form'); ?>
     
    14131413?>
    14141414</div>
    1415 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
     1415<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
    14161416<?php
    14171417}
     
    14371437?>
    14381438
    1439 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
     1439<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
    14401440<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    14411441<?php wp_nonce_field('media-form'); ?>
     
    15711571<a href="#" id="clear"><?php _e('Clear'); ?></a>
    15721572</div>
    1573 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
     1573<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
    15741574<?php wp_nonce_field('media-form'); ?>
    15751575<?php //media_upload_form( $errors ); ?>
     
    15861586
    15871587<p class="ml-submit">
    1588 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
     1588<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
    15891589<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    1590 <input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" />
    1591 <input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" />
     1590<input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" />
     1591<input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" />
    15921592</p>
    15931593
     
    16631663
    16641664<p class="ml-submit">
    1665 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery' ) ); ?>" />
    1666 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attribute_escape( __( 'Update gallery settings' ) ); ?>" />
     1665<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attr( __( 'Insert gallery' ) ); ?>" />
     1666<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attr( __( 'Update gallery settings' ) ); ?>" />
    16671667</p>
    16681668</div>
     
    17001700
    17011701<form id="filter" action="" method="get">
    1702 <input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" />
    1703 <input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" />
     1702<input type="hidden" name="type" value="<?php echo attr( $type ); ?>" />
     1703<input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" />
    17041704<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
    1705 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attribute_escape( $_GET['post_mime_type'] ) : ''; ?>" />
     1705<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" />
    17061706
    17071707<p id="media-search" class="search-box">
    17081708    <label class="hidden" for="media-search-input"><?php _e('Search Media');?>:</label>
    17091709    <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
    1710     <input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
     1710    <input type="submit" value="<?php echo attr( __( 'Search Media' ) ); ?>" class="button" />
    17111711</p>
    17121712
     
    17871787        $default = '';
    17881788
    1789     echo "<option$default value='" . attribute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";
     1789    echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
    17901790    echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
    17911791    echo "</option>\n";
     
    17951795<?php } ?>
    17961796
    1797 <input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
     1797<input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
    17981798
    17991799</div>
     
    18031803</form>
    18041804
    1805 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="library-form">
     1805<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
    18061806
    18071807<?php wp_nonce_field('media-form'); ?>
     
    18251825</div>
    18261826<p class="ml-submit">
    1827 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
     1827<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
    18281828<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    18291829</p>
     
    19071907            <td></td>
    19081908            <td>
    1909                 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attribute_escape(__('Insert into Post')) . '" />
     1909                <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attr(__('Insert into Post')) . '" />
    19101910            </td>
    19111911        </tr>
     
    19431943            <td></td>
    19441944            <td>
    1945                 <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
     1945                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
    19461946            </td>
    19471947        </tr>
     
    19781978            <td></td>
    19791979            <td>
    1980                 <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
     1980                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
    19811981            </td>
    19821982        </tr>
     
    20132013            <td></td>
    20142014            <td>
    2015                 <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
     2015                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
    20162016            </td>
    20172017        </tr>
  • trunk/wp-admin/includes/plugin-install.php

    r11013 r11109  
    163163            <option value="tag"<?php selected('tag', $type) ?>><?php _x('Tag', 'Plugin Installer') ?></option>
    164164        </select>
    165         <input type="text" name="s" value="<?php echo attribute_escape($term) ?>" />
    166         <input type="submit" name="search" value="<?php echo attribute_escape(__('Search')) ?>" class="button" />
     165        <input type="text" name="s" value="<?php echo attr($term) ?>" />
     166        <input type="submit" name="search" value="<?php echo attr(__('Search')) ?>" class="button" />
    167167    </form><?php
    168168}
     
    335335
    336336                if( isset($plugin['homepage']) )
    337                     $title = '<a target="_blank" href="' . attribute_escape($plugin['homepage']) . '">' . $title . '</a>';
     337                    $title = '<a target="_blank" href="' . attr($plugin['homepage']) . '">' . $title . '</a>';
    338338
    339339                $action_links = array();
    340340                $action_links[] = '<a href="' . admin_url('plugin-install.php?tab=plugin-information&amp;plugin=' . $plugin['slug'] .
    341341                                    '&amp;TB_iframe=true&amp;width=600&amp;height=800') . '" class="thickbox onclick" title="' .
    342                                     attribute_escape($name) . '">' . __('Install') . '</a>';
     342                                    attr($name) . '">' . __('Install') . '</a>';
    343343
    344344                $action_links = apply_filters('plugin_install_action_links', $action_links, $plugin);
     
    349349                <td class="vers">
    350350                    <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $plugin['num_ratings']), number_format_i18n($plugin['num_ratings'])) ?>">
    351                         <div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div>
     351                        <div class="star star-rating" style="width: <?php echo attr($plugin['rating']) ?>px"></div>
    352352                        <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
    353353                        <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
     
    417417        $href = add_query_arg( array('tab' => $tab, 'section' => $section_name) );
    418418        $href = clean_url($href);
    419         $san_title = attribute_escape(sanitize_title_with_dashes($title));
     419        $san_title = attr(sanitize_title_with_dashes($title));
    420420        echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n";
    421421    }
     
    506506        <h2><?php _e('Average Rating') ?></h2>
    507507        <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>">
    508             <div class="star star-rating" style="width: <?php echo attribute_escape($api->rating) ?>px"></div>
     508            <div class="star star-rating" style="width: <?php echo attr($api->rating) ?>px"></div>
    509509            <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
    510510            <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
     
    531531            $content = links_add_target($content, '_blank');
    532532
    533             $san_title = attribute_escape(sanitize_title_with_dashes($title));
     533            $san_title = attr(sanitize_title_with_dashes($title));
    534534
    535535            $display = ( $section_name == $section ) ? 'block' : 'none';
  • trunk/wp-admin/includes/taxonomy.php

    r10906 r11109  
    223223        $tag_names[] = $tag->name;
    224224    $tags_to_edit = join( ',', $tag_names );
    225     $tags_to_edit = attribute_escape( $tags_to_edit );
     225    $tags_to_edit = attr( $tags_to_edit );
    226226    $tags_to_edit = apply_filters( 'terms_to_edit', $tags_to_edit, $taxonomy );
    227227
  • trunk/wp-admin/includes/template.php

    r11073 r11109  
    119119    $edit_link = "categories.php?action=edit&amp;cat_ID=$category->term_id";
    120120    if ( current_user_can( 'manage_categories' ) ) {
    121         $edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attribute_escape( $name ) . '</a><br />';
     121        $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attr( $name ) . '</a><br />';
    122122        $actions = array();
    123123        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     
    258258        <a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a>
    259259        <?php $update_text = ( $is_tag ) ? __( 'Update Tag' ) : __( 'Update Category' ); ?>
    260         <a accesskey="s" href="#inline-edit" title="<?php echo attribute_escape( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
     260        <a accesskey="s" href="#inline-edit" title="<?php echo attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
    261261        <img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
    262262        <span class="error" style="display:none;"></span>
     
    290290    $edit_link = "link-category.php?action=edit&amp;cat_ID=$category->term_id";
    291291    if ( current_user_can( 'manage_categories' ) ) {
    292         $edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
     292        $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
    293293        $actions = array();
    294294        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     
    650650                    break;
    651651                case 'name':
    652                     $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attribute_escape(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
     652                    $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
    653653                    $actions = array();
    654654                    $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     
    12481248            $update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' );
    12491249            ?>
    1250             <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attribute_escape( $update_text ); ?></a>
     1250            <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr( $update_text ); ?></a>
    12511251            <img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
    12521252        <?php } else {
    12531253            $update_text = ( $is_page ) ? __( 'Update Pages' ) : __( 'Update Posts' );
    12541254        ?>
    1255             <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attribute_escape( $update_text ); ?>" />
     1255            <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr( $update_text ); ?>" />
    12561256        <?php } ?>
    12571257        <input type="hidden" name="post_view" value="<?php echo $m; ?>" />
     
    12791279        return;
    12801280
    1281     $title = attribute_escape($post->post_title);
     1281    $title = attr($post->post_title);
    12821282
    12831283    echo '
     
    14281428            $attributes = 'class="post-title column-title"' . $style;
    14291429        ?>
    1430         <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
     1430        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
    14311431        <?php
    14321432            if ( 'excerpt' == $mode )
     
    14351435            $actions = array();
    14361436            if ( current_user_can('edit_post', $post->ID) ) {
    1437                 $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attribute_escape(__('Edit this post')) . '">' . __('Edit') . '</a>';
    1438                 $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attribute_escape(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
    1439                 $actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     1437                $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
     1438                $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
     1439                $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    14401440            }
    14411441            if ( in_array($post->post_status, array('pending', 'draft')) ) {
    14421442                if ( current_user_can('edit_post', $post->ID) )
    1443                     $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
     1443                    $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
    14441444            } else {
    1445                 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
     1445                $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    14461446            }
    14471447            $actions = apply_filters('post_row_actions', $actions, $post);
     
    16441644        $edit_link = get_edit_post_link( $page->ID );
    16451645        ?>
    1646         <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
     1646        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
    16471647        <?php
    16481648        $actions = array();
    16491649        if ( current_user_can('edit_page', $page->ID) ) {
    1650             $actions['edit'] = '<a href="' . $edit_link . '" title="' . attribute_escape(__('Edit this page')) . '">' . __('Edit') . '</a>';
     1650            $actions['edit'] = '<a href="' . $edit_link . '" title="' . attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
    16511651            $actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
    1652             $actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     1652            $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    16531653        }
    16541654        if ( in_array($post->post_status, array('pending', 'draft')) ) {
    16551655            if ( current_user_can('edit_page', $page->ID) )
    1656                 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
     1656                $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
    16571657        } else {
    1658             $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
     1658            $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    16591659        }
    16601660        $actions = apply_filters('page_row_actions', $actions, $page);
     
    21152115                <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
    21162116                <textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
    2117                 <div class="author-email"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author_email ); ?></div>
    2118                 <div class="author"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author ); ?></div>
    2119                 <div class="author-url"><?php echo attribute_escape( $comment->comment_author_url ); ?></div>
     2117                <div class="author-email"><?php if ( $user_can ) echo attr( $comment->comment_author_email ); ?></div>
     2118                <div class="author"><?php if ( $user_can ) echo attr( $comment->comment_author ); ?></div>
     2119                <div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
    21202120                <div class="comment_status"><?php echo $comment->comment_approved; ?></div>
    21212121                </div>
     
    24182418    }
    24192419
    2420     $entry['meta_key'] = attribute_escape($entry['meta_key']);
     2420    $entry['meta_key'] = attr($entry['meta_key']);
    24212421    $entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
    24222422    $entry['meta_id'] = (int) $entry['meta_id'];
     
    24282428
    24292429    $r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' ";
    2430     $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' />";
    2431     $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attribute_escape(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
     2430    $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attr(__( 'Delete' ))."' />";
     2431    $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attr(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
    24322432    $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
    24332433    $r .= "</td>";
     
    24732473
    24742474    foreach ( $keys as $key ) {
    2475         $key = attribute_escape( $key );
     2475        $key = attr( $key );
    24762476        echo "\n<option value='$key'>$key</option>";
    24772477    }
     
    27832783    else :
    27842784?>
    2785 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
     2785<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr($action) ?>">
    27862786<p>
    27872787<?php wp_nonce_field('import-upload'); ?>
     
    28062806function wp_remember_old_slug() {
    28072807    global $post;
    2808     $name = attribute_escape($post->post_name); // just in case
     2808    $name = attr($post->post_name); // just in case
    28092809    if ( strlen($name) )
    28102810        echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
     
    31723172 * Display the post password.
    31733173 *
    3174  * The password is passed through {@link attribute_escape()} to ensure that it
     3174 * The password is passed through {@link attr()} to ensure that it
    31753175 * is safe for placing in an html attribute.
    31763176 *
    3177  * @uses attribute_escape
     3177 * @uses attr
    31783178 * @since 2.7.0
    31793179 */
    31803180function the_post_password() {
    31813181    global $post;
    3182     if ( isset( $post->post_password ) ) echo attribute_escape( $post->post_password );
     3182    if ( isset( $post->post_password ) ) echo attr( $post->post_password );
    31833183}
    31843184
     
    32983298 * should only be used when {@link the_search_query()} cannot.
    32993299 *
    3300  * @uses attribute_escape
     3300 * @uses attr
    33013301 * @since 2.7.0
    33023302 *
    33033303 */
    33043304function _admin_search_query() {
    3305     echo isset($_GET['s']) ? attribute_escape( stripslashes( $_GET['s'] ) ) : '';
     3305    echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : '';
    33063306}
    33073307
  • trunk/wp-admin/includes/theme-install.php

    r11013 r11109  
    159159    <option value="tag" <?php selected('tag', $type) ?>><?php _e('Tag'); ?></option>
    160160    </select>
    161     <input type="text" name="s" size="30" value="<?php echo attribute_escape($term) ?>" />
    162     <input type="submit" name="search" value="<?php echo attribute_escape(__('Search')); ?>" class="button" />
     161    <input type="text" name="s" size="30" value="<?php echo attr($term) ?>" />
     162    <input type="submit" name="search" value="<?php echo attr(__('Search')); ?>" class="button" />
    163163</form>
    164164<?php
     
    203203                $feature_name = $trans[$feature];
    204204            $feature_name = wp_specialchars( $feature_name );
    205             $feature = attribute_escape($feature);
     205            $feature = attr($feature);
    206206?>
    207207
     
    219219</div>
    220220<br class="clear" />
    221 <input type="submit" name="search" value="<?php echo attribute_escape(__('Find Themes')); ?>" class="button" />
     221<input type="submit" name="search" value="<?php echo attr(__('Find Themes')); ?>" class="button" />
    222222</form>
    223223<?php
     
    302302        $actions = array();
    303303        $actions[] = '<a href="' . admin_url('theme-install.php?tab=theme-information&amp;theme=' . $theme->slug .
    304                                         '&amp;TB_iframe=true&amp;tbWidth=500&amp;tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attribute_escape(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . '</a>';
    305         $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attribute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>';
     304                                        '&amp;TB_iframe=true&amp;tbWidth=500&amp;tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attr(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . '</a>';
     305        $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>';
    306306        $actions = apply_filters('theme_install_action_links', $actions, $theme);
    307307    }
     
    311311<a class='thickbox thickbox-preview screenshot'
    312312    href='<? echo clean_url($preview_link); ?>'
    313     title='<?php echo attribute_escape(sprintf(__('Preview "%s"'), $name)); ?>'>
     313    title='<?php echo attr(sprintf(__('Preview "%s"'), $name)); ?>'>
    314314<img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' />
    315315</a>
     
    332332<?php endif; ?>
    333333<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $theme->num_ratings), number_format_i18n($theme->num_ratings)) ?>">
    334     <div class="star star-rating" style="width: <?php echo attribute_escape($theme->rating) ?>px"></div>
     334    <div class="star star-rating" style="width: <?php echo attr($theme->rating) ?>px"></div>
    335335    <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
    336336    <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
  • trunk/wp-admin/includes/user.php

    r11096 r11109  
    367367function get_user_to_edit( $user_id ) {
    368368    $user = new WP_User( $user_id );
    369     $user->user_login   = attribute_escape($user->user_login);
    370     $user->user_email   = attribute_escape($user->user_email);
     369    $user->user_login   = attr($user->user_login);
     370    $user->user_email   = attr($user->user_email);
    371371    $user->user_url     = clean_url($user->user_url);
    372     $user->first_name   = attribute_escape($user->first_name);
    373     $user->last_name    = attribute_escape($user->last_name);
    374     $user->display_name = attribute_escape($user->display_name);
    375     $user->nickname     = attribute_escape($user->nickname);
    376     $user->aim          = isset( $user->aim ) && !empty( $user->aim ) ? attribute_escape($user->aim) : '';
    377     $user->yim          = isset( $user->yim ) && !empty( $user->yim ) ? attribute_escape($user->yim) : '';
    378     $user->jabber       = isset( $user->jabber ) && !empty( $user->jabber ) ? attribute_escape($user->jabber) : '';
     372    $user->first_name   = attr($user->first_name);
     373    $user->last_name    = attr($user->last_name);
     374    $user->display_name = attr($user->display_name);
     375    $user->nickname     = attr($user->nickname);
     376    $user->aim          = isset( $user->aim ) && !empty( $user->aim ) ? attr($user->aim) : '';
     377    $user->yim          = isset( $user->yim ) && !empty( $user->yim ) ? attr($user->yim) : '';
     378    $user->jabber       = isset( $user->jabber ) && !empty( $user->jabber ) ? attr($user->jabber) : '';
    379379    $user->description  = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : '';
    380380
  • trunk/wp-admin/link-manager.php

    r10943 r11109  
    166166    foreach ($links as $link) {
    167167        $link = sanitize_bookmark($link);
    168         $link->link_name = attribute_escape($link->link_name);
     168        $link->link_name = attr($link->link_name);
    169169        $link->link_category = wp_get_link_cats($link->link_id);
    170170        $short_url = str_replace('http://', '', $link->link_url);
     
    195195                case 'name':
    196196
    197                     echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $link->link_name)) . "'>$link->link_name</a></strong><br />";
     197                    echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $link->link_name)) . "'>$link->link_name</a></strong><br />";
    198198                    $actions = array();
    199199                    $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
  • trunk/wp-admin/load-scripts.php

    r11013 r11109  
    3636 * @ignore
    3737 */
    38 function attribute_escape() {}
     38function attr() {}
    3939
    4040/**
  • trunk/wp-admin/load-styles.php

    r11013 r11109  
    3636 * @ignore
    3737 */
    38 function attribute_escape() {}
     38function attr() {}
    3939
    4040/**
  • trunk/wp-admin/media-upload.php

    r10150 r11109  
    7979    <div id="media-items"> </div>
    8080    <p>
    81     <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
     81    <input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
    8282    </p>
    8383    </form>
  • trunk/wp-admin/menu.php

    r11092 r11109  
    4040            continue;
    4141
    42         $submenu['edit.php'][$i] = array( attribute_escape($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name );
     42        $submenu['edit.php'][$i] = array( attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name );
    4343        ++$i;
    4444    }
  • trunk/wp-admin/options-discussion.php

    r10689 r11109  
    5555<label for="close_comments_for_old_posts">
    5656<input name="close_comments_for_old_posts" type="checkbox" id="close_comments_for_old_posts" value="1" <?php checked('1', get_option('close_comments_for_old_posts')); ?> />
    57 <?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attribute_escape(get_option('close_comments_days_old')) . '" class="small-text" />') ?>
     57<?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attr(get_option('close_comments_days_old')) . '" class="small-text" />') ?>
    5858<br />
    5959<label for="thread_comments">
     
    8484$default_comments_page .= '>' . __('first') . '</option></select>';
    8585
    86 printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attribute_escape(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page );
     86printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attr(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page );
    8787
    8888?></label>
  • trunk/wp-admin/options-general.php

    r10971 r11109  
    211211
    212212    foreach ( $date_formats as $format ) {
    213         echo "\t<label title='" . attribute_escape($format) . "'><input type='radio' name='date_format' value='" . attribute_escape($format) . "'";
     213        echo "\t<label title='" . attr($format) . "'><input type='radio' name='date_format' value='" . attr($format) . "'";
    214214        if ( get_option('date_format') === $format ) { // checked() uses "==" rather than "==="
    215215            echo " checked='checked'";
     
    221221    echo '  <label><input type="radio" name="date_format" id="date_format_custom_radio" value="\c\u\s\t\o\m"';
    222222    checked( $custom );
    223     echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attribute_escape( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n";
     223    echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attr( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n";
    224224
    225225    echo "\t<p>" . __('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click &quot;Save Changes&quot; to update sample output.') . "</p>\n";
     
    243243
    244244    foreach ( $time_formats as $format ) {
    245         echo "\t<label title='" . attribute_escape($format) . "'><input type='radio' name='time_format' value='" . attribute_escape($format) . "'";
     245        echo "\t<label title='" . attr($format) . "'><input type='radio' name='time_format' value='" . attr($format) . "'";
    246246        if ( get_option('time_format') === $format ) { // checked() uses "==" rather than "==="
    247247            echo " checked='checked'";
     
    253253    echo '  <label><input type="radio" name="time_format" id="time_format_custom_radio" value="\c\u\s\t\o\m"';
    254254    checked( $custom );
    255     echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attribute_escape( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n";
     255    echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attr( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n";
    256256?>
    257257    </fieldset>
  • trunk/wp-admin/options-misc.php

    r11046 r11109  
    2828<tr valign="top">
    2929<th scope="row"><label for="upload_path"><?php _e('Store uploads in this folder'); ?></label></th>
    30 <td><input name="upload_path" type="text" id="upload_path" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" />
     30<td><input name="upload_path" type="text" id="upload_path" value="<?php echo attr(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" />
    3131<span class="setting-description"><?php _e('Default is <code>wp-content/uploads</code>'); ?></span>
    3232</td>
     
    3535<tr valign="top">
    3636<th scope="row"><label for="upload_url_path"><?php _e('Full URL path to files'); ?></label></th>
    37 <td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attribute_escape( get_option('upload_url_path')); ?>" class="regular-text code" />
     37<td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attr( get_option('upload_url_path')); ?>" class="regular-text code" />
    3838<span class="setting-description"><?php _e('Configuring this is optional. By default, it should be blank.'); ?></span>
    3939</td>
  • trunk/wp-admin/options-permalink.php

    r10150 r11109  
    174174        </th>
    175175        <td>
    176             <input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attribute_escape($permalink_structure); ?>" class="regular-text code" />
     176            <input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attr($permalink_structure); ?>" class="regular-text code" />
    177177        </td>
    178178    </tr>
     
    189189    <tr>
    190190        <th><label for="category_base"><?php _e('Category base'); ?></label></th>
    191         <td><input name="category_base" id="category_base" type="text" value="<?php echo attribute_escape($category_base); ?>" class="regular-text code" /></td>
     191        <td><input name="category_base" id="category_base" type="text" value="<?php echo attr($category_base); ?>" class="regular-text code" /></td>
    192192    </tr>
    193193    <tr>
    194194        <th><label for="tag_base"><?php _e('Tag base'); ?></label></th>
    195         <td><input name="tag_base" id="tag_base" type="text" value="<?php echo attribute_escape($tag_base); ?>" class="regular-text code" /></td>
     195        <td><input name="tag_base" id="tag_base" type="text" value="<?php echo attr($tag_base); ?>" class="regular-text code" /></td>
    196196    </tr>
    197197    <?php do_settings_fields('permalink', 'optional'); ?>
  • trunk/wp-admin/options.php

    r10964 r11109  
    100100foreach ( (array) $options as $option) :
    101101    $disabled = '';
    102     $option->option_name = attribute_escape($option->option_name);
     102    $option->option_name = attr($option->option_name);
    103103    if ( is_serialized($option->option_value) ) {
    104104        if ( is_serialized_string($option->option_value) ) {
     
    123123
    124124    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
    125     else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attribute_escape($value) . "'$disabled />";
     125    else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attr($value) . "'$disabled />";
    126126
    127127    echo "</td>
  • trunk/wp-admin/plugin-editor.php

    r10879 r11109  
    117117            $docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
    118118            foreach ( $functions as $function) {
    119                 $docs_select .= '<option value="' . attribute_escape( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
     119                $docs_select .= '<option value="' . attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
    120120            }
    121121            $docs_select .= '</select>';
     
    133133    <?php
    134134        if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $file) ) { ?>
    135     <iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&amp;plugin=<?php echo attribute_escape($file); ?>&amp;_wpnonce=<?php echo attribute_escape($_GET['_error_nonce']); ?>"></iframe>
     135    <iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&amp;plugin=<?php echo attr($file); ?>&amp;_wpnonce=<?php echo attr($_GET['_error_nonce']); ?>"></iframe>
    136136    <?php } ?>
    137137</div>
     
    151151        else
    152152            $selected = '';
    153         $plugin_name = attribute_escape($plugin_name);
    154         $plugin_key = attribute_escape($plugin_key);
     153        $plugin_name = attr($plugin_name);
     154        $plugin_key = attr($plugin_key);
    155155        echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>";
    156156    }
     
    209209        </div>
    210210        <?php if ( count( $functions ) ) : ?>
    211         <div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attribute_escape(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
     211        <div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attr(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
    212212        <?php endif; ?>
    213213<?php if ( is_writeable($real_file) ) : ?>
  • trunk/wp-admin/plugins.php

    r11055 r11109  
    140140                    <?php
    141141                        foreach ( (array)$plugins as $plugin )
    142                             echo '<input type="hidden" name="checked[]" value="' . attribute_escape($plugin) . '" />';
     142                            echo '<input type="hidden" name="checked[]" value="' . attr($plugin) . '" />';
    143143                    ?>
    144144                    <?php wp_nonce_field('bulk-manage-plugins') ?>
     
    195195    <?php
    196196        if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin) ) { ?>
    197     <iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&amp;plugin=' . attribute_escape($plugin) . '&amp;_wpnonce=' . attribute_escape($_GET['_error_nonce'])); ?>"></iframe>
     197    <iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&amp;plugin=' . attr($plugin) . '&amp;_wpnonce=' . attr($_GET['_error_nonce'])); ?>"></iframe>
    198198    <?php
    199199        }
     
    370370        echo "
    371371    <tr class='$class'>
    372         <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attribute_escape($plugin_file) . "' /></th>
     372        <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attr($plugin_file) . "' /></th>
    373373        <td class='plugin-title'><strong>{$plugin_data['Title']}</strong>";
    374374        $i = 0;
     
    433433<form method="post" action="<?php echo admin_url('plugins.php') ?>">
    434434<?php wp_nonce_field('bulk-manage-plugins') ?>
    435 <input type="hidden" name="plugin_status" value="<?php echo attribute_escape($status) ?>" />
    436 <input type="hidden" name="paged" value="<?php echo attribute_escape($page) ?>" />
     435<input type="hidden" name="plugin_status" value="<?php echo attr($status) ?>" />
     436<input type="hidden" name="paged" value="<?php echo attr($page) ?>" />
    437437
    438438<ul class="subsubsub">
  • trunk/wp-admin/press-this.php

    r11013 r11109  
    136136        <div class="titlediv">
    137137        <div class="titlewrap">
    138             <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>
    139         </div>
    140         </div>
    141 
    142         <p class="centered"><input type="hidden" name="this_photo" value="<?php echo attribute_escape($image); ?>" id="this_photo" />
    143             <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attribute_escape(__('Click to insert.')); ?>" title="<?php echo attribute_escape(__('Click to insert.')); ?>" /></a></p>
     138            <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/>
     139        </div>
     140        </div>
     141
     142        <p class="centered"><input type="hidden" name="this_photo" value="<?php echo attr($image); ?>" id="this_photo" />
     143            <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attr(__('Click to insert.')); ?>" title="<?php echo attr(__('Click to insert.')); ?>" /></a></p>
    144144
    145145        <p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p>
     
    169169        <div id="titlediv">
    170170            <div class="titlewrap">
    171             <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>
     171            <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/>
    172172            </div>
    173173        </div>
     
    378378        switch(tab_name) {
    379379            case 'video' :
    380                 jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attribute_escape($selection); ?>'}, function() {
     380                jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attr($selection); ?>'}, function() {
    381381                    <?php
    382382                    $content = '';
     
    517517        <div id="titlediv">
    518518            <div class="titlewrap">
    519                 <input name="title" id="title" class="text" value="<?php echo attribute_escape($title);?>"/>
     519                <input name="title" id="title" class="text" value="<?php echo attr($title);?>"/>
    520520            </div>
    521521        </div>
  • trunk/wp-admin/theme-editor.php

    r10835 r11109  
    126126    if ($theme_name == $theme) $selected = " selected='selected'";
    127127    else $selected = '';
    128     $theme_name = attribute_escape($theme_name);
     128    $theme_name = attr($theme_name);
    129129    echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
    130130}
  • trunk/wp-admin/themes.php

    r11008 r11109  
    189189    $preview_link = clean_url( get_option('home') . '/');
    190190    $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) );
    191     $preview_text = attribute_escape( sprintf( __('Preview of "%s"'), $title ) );
     191    $preview_text = attr( sprintf( __('Preview of "%s"'), $title ) );
    192192    $tags = $themes[$theme_name]['Tags'];
    193193    $thickbox_class = 'thickbox thickbox-preview';
    194194    $activate_link = wp_nonce_url("themes.php?action=activate&amp;template=".urlencode($template)."&amp;stylesheet=".urlencode($stylesheet), 'switch-theme_' . $template);
    195     $activate_text = attribute_escape( sprintf( __('Activate "%s"'), $title ) );
     195    $activate_text = attr( sprintf( __('Activate "%s"'), $title ) );
    196196    $actions = array();
    197197    $actions[] = '<a href="' . $activate_link .  '" class="activatelink" title="' . $activate_text . '">' . __('Activate') . '</a>';
    198     $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attribute_escape(sprintf(__('Preview "%s"'), $theme_name)) . '">' . __('Preview') . '</a>';
     198    $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $theme_name)) . '">' . __('Preview') . '</a>';
    199199    if ( current_user_can('update_themes') )
    200200        $actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . js_escape(sprintf( __("You are about to delete this theme '%s'\n  'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>';
  • trunk/wp-admin/tools.php

    r10855 r11109  
    8585    <p><?php _e('Use Press This to clip text, images and videos from any web page. Then edit and add more straight from Press This before you save or publish it in a post on your blog.'); ?></p>
    8686    <p><?php _e('Drag-and-drop the following link to your bookmarks bar or right click it and add it to your favorites for a posting shortcut.') ?></p>
    87     <p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attribute_escape(__('Press This')) ?>"><?php _e('Press This') ?></a></p>
     87    <p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attr(__('Press This')) ?>"><?php _e('Press This') ?></a></p>
    8888</div>
    8989<?php endif; ?>
  • trunk/wp-admin/update-core.php

    r10583 r11109  
    4747    if ( 'en_US' != $update->locale )
    4848        if ( !isset( $update->dismissed ) || !$update->dismissed )
    49             echo '<input id="dismiss" class="button" type="submit" value="' . attribute_escape(__('Hide this update')) . '" name="dismiss" />';
     49            echo '<input id="dismiss" class="button" type="submit" value="' . attr(__('Hide this update')) . '" name="dismiss" />';
    5050        else
    51             echo '<input id="undismiss" class="button" type="submit" value="' . attribute_escape(__('Bring back this update')) . '" name="undismiss" />';
     51            echo '<input id="undismiss" class="button" type="submit" value="' . attr(__('Bring back this update')) . '" name="undismiss" />';
    5252    echo '</p>';
    5353    echo '</form>';
  • trunk/wp-admin/upload.php

    r10943 r11109  
    330330        <td class="media-icon"><?php
    331331        if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?>
    332             <a href="media.php?action=edit&amp;attachment_id=<?php echo $post->ID; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $thumb; ?></a>
     332            <a href="media.php?action=edit&amp;attachment_id=<?php echo $post->ID; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $thumb; ?></a>
    333333<?php   } ?></td>
    334334
    335         <td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
     335        <td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
    336336        <?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
    337337
     
    343343        if ( current_user_can('delete_post', $post->ID) )
    344344            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    345         $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
     345        $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    346346        if ( current_user_can('edit_post', $post->ID) )
    347347            $actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>';
  • trunk/wp-admin/users.php

    r10943 r11109  
    2929
    3030if ( empty($_REQUEST) ) {
    31     $referer = '<input type="hidden" name="wp_http_referer" value="'. attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
     31    $referer = '<input type="hidden" name="wp_http_referer" value="'. attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
    3232} elseif ( isset($_REQUEST['wp_http_referer']) ) {
    3333    $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
    34     $referer = '<input type="hidden" name="wp_http_referer" value="' . attribute_escape($redirect) . '" />';
     34    $referer = '<input type="hidden" name="wp_http_referer" value="' . attr($redirect) . '" />';
    3535} else {
    3636    $redirect = 'users.php';
     
    292292<p class="search-box">
    293293    <label class="hidden" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label>
    294     <input type="text" id="user-search-input" name="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" />
     294    <input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" />
    295295    <input type="submit" value="<?php _e( 'Search Users' ); ?>" class="button" />
    296296</p>
     
    389389    foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
    390390        $var = 'new_' . $var;
    391         $$var = isset($_REQUEST[$formpost]) ? attribute_escape(stripslashes($_REQUEST[$formpost])) : '';
     391        $$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : '';
    392392    }
    393393    unset($name);
  • trunk/wp-admin/widgets.php

    r11041 r11109  
    357357    if ( 'wp_inactive_widgets' == $sidebar )
    358358        continue; ?>
    359     <div id="<?php echo attribute_escape( $sidebar ); ?>" class="widgets-holder-wrap">
     359    <div id="<?php echo attr( $sidebar ); ?>" class="widgets-holder-wrap">
    360360    <h3 class="sidebar-name"><?php echo wp_specialchars( $registered_sidebar['name'] ); ?>
    361361    <span><img src="images/loading-publish.gif" class="ajax-feedback" title="" alt="" /></span></h3>
  • trunk/wp-app.php

    r11108 r11109  
    353353            $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
    354354
    355         $entries_url = attribute_escape($this->get_entries_url());
    356         $categories_url = attribute_escape($this->get_categories_url());
    357         $media_url = attribute_escape($this->get_attachments_url());
     355        $entries_url = attr($this->get_entries_url());
     356        $categories_url = attr($this->get_categories_url());
     357        $media_url = attr($this->get_attachments_url());
    358358        foreach ($this->media_content_types as $med) {
    359359            $accepted_media_types = $accepted_media_types . "<accept>" . $med . "</accept>";
     
    393393            $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
    394394
    395         $home = attribute_escape(get_bloginfo_rss('home'));
     395        $home = attr(get_bloginfo_rss('home'));
    396396
    397397        $categories = "";
    398398        $cats = get_categories("hierarchical=0&hide_empty=0");
    399399        foreach ((array) $cats as $cat) {
    400             $categories .= "    <category term=\"" . attribute_escape($cat->name) .  "\" />\n";
     400            $categories .= "    <category term=\"" . attr($cat->name) .  "\" />\n";
    401401}
    402402        $output = <<<EOD
     
    13331333
    13341334        log_app('Status','302: Redirect');
    1335         $escaped_url = attribute_escape($url);
     1335        $escaped_url = attr($url);
    13361336        $content = <<<EOD
    13371337<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  • trunk/wp-content/themes/classic/comments-popup.php

    r11067 r11109  
    6565<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
    6666<?php if ( is_user_logged_in() ) : ?>
    67 <p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attribute_escape(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p>
     67<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attr(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p>
    6868<?php else : ?>
    6969    <p>
     
    9191    <p>
    9292      <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
    93       <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
     93      <input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" />
    9494      <input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" />
    9595    </p>
  • trunk/wp-content/themes/classic/comments.php

    r11067 r11109  
    6969<p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p>
    7070
    71 <p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php echo attribute_escape(__('Submit Comment')); ?>" />
     71<p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php echo attr(__('Submit Comment')); ?>" />
    7272<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
    7373</p>
  • trunk/wp-content/themes/default/comments-popup.php

    r10978 r11109  
    9090    <p>
    9191      <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
    92       <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
     92      <input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" />
    9393      <input name="submit" type="submit" tabindex="5" value="Say It!" />
    9494    </p>
  • trunk/wp-content/themes/default/functions.php

    r10623 r11109  
    167167    }
    168168    function PopupWindow_populate(contents) {
    169         contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php echo attribute_escape(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
     169        contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php echo attr(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
    170170        this.contents = contents;
    171171        this.populated = false;
     
    381381            <form method="post" action="">
    382382                <?php wp_nonce_field('kubrick-header'); ?>
    383                 <div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attribute_escape(__('Save')); ?>" /></div>
    384                     <label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
    385                     <label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
    386                 <label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
    387                 <input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
    388                 <input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attribute_escape(__('Toggle Text')); ?>" />
    389                 <input type="submit" name="defaults" value="<?php echo attribute_escape(__('Use Defaults')); ?>" />
     383                <div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attr(__('Save')); ?>" /></div>
     384                    <label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attr(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
     385                    <label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attr(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
     386                <label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attr(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
     387                <input type="hidden" name="hi" id="hi" value="<?php echo attr(kubrick_header_image()); ?>" />
     388                <input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attr(__('Toggle Text')); ?>" />
     389                <input type="submit" name="defaults" value="<?php echo attr(__('Use Defaults')); ?>" />
    390390                <input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;<?php _e('Save'); ?>&nbsp;&nbsp;" />
    391391                <input type="hidden" name="action" value="save" />
     
    394394        </div>
    395395        <div id="jsForm">
    396             <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
     396            <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attr($_SERVER['REQUEST_URI']); ?>">
    397397                <?php wp_nonce_field('kubrick-header'); ?>
    398     <input type="button"  class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attribute_escape(__('Font Color')); ?>"></input>
    399         <input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attribute_escape(__('Upper Color')); ?>"></input>
    400         <input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attribute_escape(__('Lower Color')); ?>"></input>
    401                 <input type="button" class="button-secondary" name="revert" value="<?php echo attribute_escape(__('Revert')); ?>" onclick="kRevert()" />
    402                 <input type="button" class="button-secondary" value="<?php echo attribute_escape(__('Advanced')); ?>" onclick="toggleAdvanced()" />
     398    <input type="button"  class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attr(__('Font Color')); ?>"></input>
     399        <input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attr(__('Upper Color')); ?>"></input>
     400        <input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attr(__('Lower Color')); ?>"></input>
     401                <input type="button" class="button-secondary" name="revert" value="<?php echo attr(__('Revert')); ?>" onclick="kRevert()" />
     402                <input type="button" class="button-secondary" value="<?php echo attr(__('Advanced')); ?>" onclick="toggleAdvanced()" />
    403403                <input type="hidden" name="action" value="save" />
    404                 <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" />
    405                 <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" />
    406                 <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" />
    407                 <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" />
    408                 <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
    409                 <p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php echo attribute_escape(__('Update Header')); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
     404                <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attr(kubrick_header_display()); ?>" />
     405                <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attr(kubrick_header_color()); ?>" />
     406                <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attr(kubrick_upper_color()); ?>" />
     407                <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attr(kubrick_lower_color()); ?>" />
     408                <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attr(kubrick_header_image()); ?>" />
     409                <p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php echo attr(__('Update Header')); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
    410410            </form>
    411411            <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
     
    413413                <form id="jsAdvanced" style="display:none;" action="">
    414414                    <?php wp_nonce_field('kubrick-header'); ?>
    415                     <label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br />
    416                     <label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br />
    417                     <label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br />
    418                     <input type="button" class="button-secondary" name="default" value="<?php echo attribute_escape(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br />
    419                     <input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attribute_escape(__('Toggle Text Display')); ?>"></input><br />
     415                    <label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attr(kubrick_header_color()); ?>" /><br />
     416                    <label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attr(kubrick_upper_color()); ?>" /><br />
     417                    <label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attr(kubrick_lower_color()); ?>" /><br />
     418                    <input type="button" class="button-secondary" name="default" value="<?php echo attr(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br />
     419                    <input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attr(__('Toggle Text Display')); ?>"></input><br />
    420420                </form>
    421421            </div>
  • trunk/wp-includes/author-template.php

    r10810 r11109  
    422422        '<a href="%1$s" title="%2$s">%3$s</a>',
    423423        get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
    424         sprintf( __( 'Posts by %s' ), attribute_escape( get_the_author() ) ),
     424        sprintf( __( 'Posts by %s' ), attr( get_the_author() ) ),
    425425        get_the_author()
    426426    );
     
    545545                $link = $name;
    546546        } else {
    547             $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>';
     547            $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attr($author->display_name)) . '">' . $name . '</a>';
    548548
    549549            if ( (! empty($feed_image)) || (! empty($feed)) ) {
  • trunk/wp-includes/bookmark-template.php

    r10712 r11109  
    7373            $the_link = clean_url($bookmark->link_url);
    7474
    75         $desc = attribute_escape(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
    76         $name = attribute_escape(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
     75        $desc = attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
     76        $name = attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
    7777        $title = $desc;
    7878
  • trunk/wp-includes/bookmark.php

    r11064 r11109  
    346346            $value = format_to_edit($value);
    347347        } else {
    348             $value = attribute_escape($value);
     348            $value = attr($value);
    349349        }
    350350    } else if ( 'db' == $context ) {
     
    356356
    357357    if ( 'attribute' == $context )
    358         $value = attribute_escape($value);
     358        $value = attr($value);
    359359    else if ( 'js' == $context )
    360360        $value = js_escape($value);
  • trunk/wp-includes/category-template.php

    r11037 r11109  
    662662        $tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key;
    663663        $tag_name = $tags[ $key ]->name;
    664         $a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attribute_escape( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
     664        $a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
    665665            ( $smallest + ( ( $count - $min_count ) * $font_step ) )
    666666            . "$unit;'>$tag_name</a>";
  • trunk/wp-includes/class.wp-styles.php

    r10918 r11109  
    4949
    5050        if ( isset($this->registered[$handle]->args) )
    51             $media = attribute_escape( $this->registered[$handle]->args );
     51            $media = attr( $this->registered[$handle]->args );
    5252        else
    5353            $media = 'all';
     
    5555        $href = $this->_css_href( $this->registered[$handle]->src, $ver, $handle );
    5656        $rel = isset($this->registered[$handle]->extra['alt']) && $this->registered[$handle]->extra['alt'] ? 'alternate stylesheet' : 'stylesheet';
    57         $title = isset($this->registered[$handle]->extra['title']) ? "title='" . attribute_escape( $this->registered[$handle]->extra['title'] ) . "'" : '';
     57        $title = isset($this->registered[$handle]->extra['title']) ? "title='" . attr( $this->registered[$handle]->extra['title'] ) . "'" : '';
    5858
    5959        $end_cond = $tag = '';
  • trunk/wp-includes/classes.php

    r11013 r11109  
    11881188        $css_class = implode(' ', apply_filters('page_css_class', $css_class, $page));
    11891189
    1190         $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attribute_escape(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>';
     1190        $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>';
    11911191
    11921192        if ( !empty($show_date) ) {
     
    13261326        extract($args);
    13271327
    1328         $cat_name = attribute_escape( $category->name);
     1328        $cat_name = attr( $category->name);
    13291329        $cat_name = apply_filters( 'list_cats', $cat_name, $category );
    13301330        $link = '<a href="' . get_category_link( $category->term_id ) . '" ';
     
    13321332            $link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"';
    13331333        else
    1334             $link .= 'title="' . attribute_escape( apply_filters( 'category_description', $category->description, $category )) . '"';
     1334            $link .= 'title="' . attr( apply_filters( 'category_description', $category->description, $category )) . '"';
    13351335        $link .= '>';
    13361336        $link .= $cat_name . '</a>';
  • trunk/wp-includes/comment-template.php

    r11060 r11109  
    946946        echo ' class="'.$css_class.'" ';
    947947    }
    948     $title = attribute_escape( get_the_title() );
     948    $title = attr( get_the_title() );
    949949
    950950    echo apply_filters( 'comments_popup_link_attributes', '' );
  • trunk/wp-includes/comment.php

    r10810 r11109  
    370370        $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
    371371        $comment_author = stripslashes($comment_author);
    372         $comment_author = attribute_escape($comment_author);
     372        $comment_author = attr($comment_author);
    373373        $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
    374374    }
     
    377377        $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
    378378        $comment_author_email = stripslashes($comment_author_email);
    379         $comment_author_email = attribute_escape($comment_author_email);
     379        $comment_author_email = attr($comment_author_email);
    380380        $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
    381381    }
  • trunk/wp-includes/default-widgets.php

    r11094 r11109  
    6161        //Defaults
    6262        $instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') );
    63         $title = attribute_escape( $instance['title'] );
    64         $exclude = attribute_escape( $instance['exclude'] );
     63        $title = attr( $instance['title'] );
     64        $exclude = attr( $instance['exclude'] );
    6565    ?>
    6666        <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></label></p>
     
    211211        if ( $d ) {
    212212?>
    213         <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attribute_escape(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>
     213        <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>
    214214<?php
    215215        } else {
     
    240240        $dropdown = $instance['dropdown'] ? 'checked="checked"' : '';
    241241?>
    242         <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" /></label></p>
     242        <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>
    243243        <p>
    244244            <label for="<?php echo $this->get_field_id('count'); ?>"><input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <?php _e('Show post counts'); ?></label>
     
    274274            <?php wp_register(); ?>
    275275            <li><?php wp_loginout(); ?></li>
    276             <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attribute_escape(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
    277             <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attribute_escape(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
    278             <li><a href="http://wordpress.org/" title="<?php echo attribute_escape(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>
     276            <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
     277            <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
     278            <li><a href="http://wordpress.org/" title="<?php echo attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>
    279279            <?php wp_meta(); ?>
    280280            </ul>
     
    294294        $title = strip_tags($instance['title']);
    295295?>
    296             <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" /></label></p>
     296            <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>
    297297<?php
    298298    }
     
    334334        <p><label for="<?php echo $this->get_field_id('title'); ?>">
    335335        <?php _e('Title:'); ?>
    336         <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" />
     336        <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />
    337337        </label></p>
    338338<?php
     
    382382        <p><label for="<?php echo $this->get_field_id('title'); ?>">
    383383        <?php _e('Title:'); ?>
    384         <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attribute_escape($title); ?>" />
     384        <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />
    385385        </label></p>
    386386
     
    464464        //Defaults
    465465        $instance = wp_parse_args( (array) $instance, array( 'title' => '') );
    466         $title = attribute_escape( $instance['title'] );
     466        $title = attr( $instance['title'] );
    467467        $count = (bool) $instance['count'];
    468468        $hierarchical = (bool) $instance['hierarchical'];
     
    567567
    568568    function form( $instance ) {
    569         $title = attribute_escape($instance['title']);
     569        $title = attr($instance['title']);
    570570        if ( !$number = (int) $instance['number'] )
    571571            $number = 5;
     
    654654
    655655    function form( $instance ) {
    656         $title = attribute_escape($instance['title']);
     656        $title = attr($instance['title']);
    657657        if ( !$number = (int) $instance['number'] )
    658658            $number = 5;
     
    703703
    704704        if ( ! is_wp_error($rss) ) {
    705             $desc = attribute_escape(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
     705            $desc = attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
    706706            if ( empty($title) )
    707707                $title = htmlentities(strip_tags($rss->get_title()));
     
    717717        $url = clean_url(strip_tags($url));
    718718        $icon = includes_url('images/rss.png');
    719         $title = "<a class='rsswidget' href='$url' title='" . attribute_escape(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
     719        $title = "<a class='rsswidget' href='$url' title='" . attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
    720720
    721721        echo $before_widget;
     
    788788            $link = substr($link, 1);
    789789        $link = clean_url(strip_tags($link));
    790         $title = attribute_escape(strip_tags($item->get_title()));
     790        $title = attr(strip_tags($item->get_title()));
    791791        if ( empty($title) )
    792792            $title = __('Untitled');
    793793
    794         $desc = str_replace(array("\n", "\r"), ' ', attribute_escape(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
     794        $desc = str_replace(array("\n", "\r"), ' ', attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
    795795        $desc = wp_html_excerpt( $desc, 360 ) . ' [&hellip;]';
    796796        $desc = wp_specialchars( $desc );
     
    851851    extract( $inputs, EXTR_SKIP);
    852852
    853     $number = attribute_escape( $number );
    854     $title  = attribute_escape( $title );
    855     $url    = attribute_escape( $url );
     853    $number = attr( $number );
     854    $title  = attr( $title );
     855    $url    = attr( $url );
    856856    $items  = (int) $items;
    857857    if ( $items < 1 || 20 < $items )
     
    985985    <p><label for="<?php echo $this->get_field_id('title'); ?>">
    986986    <?php _e('Title:') ?>
    987     <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attribute_escape( $instance['title'] ); ?>" />
     987    <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attr( $instance['title'] ); ?>" />
    988988    </label></p>
    989989<?php
  • trunk/wp-includes/deprecated.php

    r10959 r11109  
    10071007            $rel = ' rel="' . $rel . '"';
    10081008
    1009         $desc = attribute_escape(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display'));
    1010         $name = attribute_escape(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display'));
     1009        $desc = attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display'));
     1010        $name = attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display'));
    10111011        $title = $desc;
    10121012
  • trunk/wp-includes/feed-atom-comments.php

    r11013 r11109  
    1919            printf(ent2ncr(__('Comments on: %s')), get_the_title_rss());
    2020        elseif ( is_search() )
    21             printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attribute_escape(get_search_query()));
     21            printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attr(get_search_query()));
    2222        else
    2323            printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
     
    3333    <id><?php echo get_post_comments_feed_link('', 'atom'); ?></id>
    3434<?php } elseif(is_search()) { ?>
    35     <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attribute_escape(get_search_query()); ?>" />
     35    <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attr(get_search_query()); ?>" />
    3636    <link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link('', 'atom'); ?>" />
    3737    <id><?php echo get_search_comments_feed_link('', 'atom'); ?></id>
  • trunk/wp-includes/feed-rss2-comments.php

    r10377 r11109  
    2121            printf(ent2ncr(__('Comments on: %s')), get_the_title_rss());
    2222        elseif ( is_search() )
    23             printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attribute_escape($wp_query->query_vars['s']));
     23            printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attr($wp_query->query_vars['s']));
    2424        else
    2525            printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
  • trunk/wp-includes/feed.php

    r11081 r11109  
    339339            $the_list .= "\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n";
    340340        elseif ( 'atom' == $type )
    341             $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attribute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $cat_name ) );
     341            $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attr( $cat_name ) );
    342342        else
    343343            $the_list .= "\t\t<category><![CDATA[" . @html_entity_decode( $cat_name, ENT_COMPAT, get_option('blog_charset') ) . "]]></category>\n";
  • trunk/wp-includes/formatting.php

    r11103 r11109  
    12711271    $smiley = trim(reset($smiley));
    12721272    $img = $wpsmiliestrans[$smiley];
    1273     $smiley_masked = attribute_escape($smiley);
     1273    $smiley_masked = attr($smiley);
    12741274
    12751275    return " <img src='$siteurl/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> ";
  • trunk/wp-includes/functions.php

    r11059 r11109  
    386386 * Print option value after sanitizing for forms.
    387387 *
    388  * @uses attribute_escape Sanitizes value.
     388 * @uses attr Sanitizes value.
    389389 * @since 1.5.0
    390390 * @package WordPress
     
    394394 */
    395395function form_option( $option ) {
    396     echo attribute_escape (get_option( $option ) );
     396    echo attr (get_option( $option ) );
    397397}
    398398
     
    17421742 */
    17431743function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) {
    1744     $name = attribute_escape( $name );
     1744    $name = attr( $name );
    17451745    $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';
    17461746    if ( $echo )
     
    17671767 */
    17681768function wp_referer_field( $echo = true) {
    1769     $ref = attribute_escape( $_SERVER['REQUEST_URI'] );
     1769    $ref = attr( $_SERVER['REQUEST_URI'] );
    17701770    $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
    17711771
     
    17931793    $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
    17941794    $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
    1795     $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape( stripslashes( $ref ) ) . '" />';
     1795    $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attr( stripslashes( $ref ) ) . '" />';
    17961796    if ( $echo )
    17971797        echo $orig_referer_field;
  • trunk/wp-includes/general-template.php

    r11101 r11109  
    121121    $form = '<form role="search" method="get" id="searchform" action="' . get_option('home') . '/" >
    122122    <div><label class="hidden" for="s">' . __('Search for:') . '</label>
    123     <input type="text" value="' . attribute_escape(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
    124     <input type="submit" id="searchsubmit" value="'.attribute_escape(__('Search')).'" />
     123    <input type="text" value="' . attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
     124    <input type="submit" id="searchsubmit" value="'.attr(__('Search')).'" />
    125125    </div>
    126126    </form>';
     
    689689function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
    690690    $text = wptexturize($text);
    691     $title_text = attribute_escape($text);
     691    $title_text = attr($text);
    692692    $url = clean_url($url);
    693693
     
    14351435    $args = wp_parse_args( $args, $defaults );
    14361436
    1437     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
    1438     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
     1437    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
     1438    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
    14391439}
    14401440
     
    14681468
    14691469        if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
    1470             $title = attribute_escape(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
     1470            $title = attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
    14711471            $href = get_post_comments_feed_link( $post->ID );
    14721472        }
     
    14741474        $cat_id = intval( get_query_var('cat') );
    14751475
    1476         $title = attribute_escape(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) ));
     1476        $title = attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) ));
    14771477        $href = get_category_feed_link( $cat_id );
    14781478    } elseif ( is_tag() ) {
     
    14801480        $tag = get_tag( $tag_id );
    14811481
    1482         $title = attribute_escape(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name ));
     1482        $title = attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name ));
    14831483        $href = get_tag_feed_link( $tag_id );
    14841484    } elseif ( is_author() ) {
    14851485        $author_id = intval( get_query_var('author') );
    14861486
    1487         $title = attribute_escape(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) ));
     1487        $title = attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) ));
    14881488        $href = get_author_feed_link( $author_id );
    14891489    } elseif ( is_search() ) {
    1490         $title = attribute_escape(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
     1490        $title = attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
    14911491        $href = get_search_feed_link();
    14921492    }
     
    16791679 * Display the contents of the search query variable.
    16801680 *
    1681  * The search query string is passed through {@link attribute_escape()}
     1681 * The search query string is passed through {@link attr()}
    16821682 * to ensure that it is safe for placing in an html attribute.
    16831683 *
    1684  * @uses attribute_escape
     1684 * @uses attr
    16851685 * @since 2.1.0
    16861686 */
    16871687function the_search_query() {
    1688     echo attribute_escape( apply_filters( 'the_search_query', get_search_query() ) );
     1688    echo attr( apply_filters( 'the_search_query', get_search_query() ) );
    16891689}
    16901690
  • trunk/wp-includes/link-template.php

    r11069 r11109  
    620620function get_search_feed_link($search_query = '', $feed = '') {
    621621    if ( empty($search_query) )
    622         $search = attribute_escape(get_search_query());
     622        $search = attr(get_search_query());
    623623    else
    624         $search = attribute_escape(stripslashes($search_query));
     624        $search = attr(stripslashes($search_query));
    625625
    626626    if ( empty($feed) )
     
    645645function get_search_comments_feed_link($search_query = '', $feed = '') {
    646646    if ( empty($search_query) )
    647         $search = attribute_escape(get_search_query());
     647        $search = attr(get_search_query());
    648648    else
    649         $search = attribute_escape(stripslashes($search_query));
     649        $search = attr(stripslashes($search_query));
    650650
    651651    if ( empty($feed) )
     
    731731    }
    732732
    733     $link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>';
     733    $link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attr( __( 'Edit post' ) ) . '">' . $link . '</a>';
    734734    echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after;
    735735}
     
    941941
    942942    $link = $previous ? "<link rel='prev' title='" : "<link rel='next' title='";
    943     $link .= attribute_escape( $title );
     943    $link .= attr( $title );
    944944    $link .= "' href='" . get_permalink($post) . "' />\n";
    945945
     
    10651065
    10661066    $link = $start ? "<link rel='start' title='" : "<link rel='end' title='";
    1067     $link .= attribute_escape($title);
     1067    $link .= attr($title);
    10681068    $link .= "' href='" . get_permalink($post) . "' />\n";
    10691069
     
    10931093 */
    10941094function get_index_rel_link() {
    1095     $link = "<link rel='index' title='" . attribute_escape(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n";
     1095    $link = "<link rel='index' title='" . attr(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n";
    10961096    return apply_filters( "index_rel_link", $link );
    10971097}
     
    11281128
    11291129    $link = "<link rel='up' title='";
    1130     $link .= attribute_escape( $title );
     1130    $link .= attr( $title );
    11311131    $link .= "' href='" . get_permalink($post) . "' />\n";
    11321132
  • trunk/wp-includes/media.php

    r10744 r11109  
    201201    $hwstring = image_hwstring($width, $height);
    202202
    203     $class = 'align'.attribute_escape($align).' size-'.attribute_escape($size).' wp-image-'.$id;
     203    $class = 'align'.attr($align).' size-'.attr($size).' wp-image-'.$id;
    204204    $class = apply_filters('get_image_tag_class', $class, $id, $align, $size);
    205205
    206     $html = '<img src="'.attribute_escape($img_src).'" alt="'.attribute_escape($alt).'" title="'.attribute_escape($title).'" '.$hwstring.'class="'.$class.'" />';
     206    $html = '<img src="'.attr($img_src).'" alt="'.attr($alt).'" title="'.attr($title).'" '.$hwstring.'class="'.$class.'" />';
    207207
    208208    $html = apply_filters( 'get_image_tag', $html, $id, $alt, $title, $align, $size );
     
    543543            );
    544544        $attr = apply_filters( 'wp_get_attachment_image_attributes', $attr, $attachment );
    545         $attr = array_map( 'attribute_escape', $attr );
     545        $attr = array_map( 'attr', $attr );
    546546        $html = rtrim("<img $hwstring");
    547547        foreach ( $attr as $name => $value ) {
  • trunk/wp-includes/pluggable.php

    r11057 r11109  
    15001500        $safe_alt = '';
    15011501    else
    1502         $safe_alt = attribute_escape( $alt );
     1502        $safe_alt = attr( $alt );
    15031503
    15041504    if ( !is_numeric($size) )
  • trunk/wp-includes/post-template.php

    r11054 r11109  
    6464 *
    6565 * The title before it is displayed will have the tags stripped and {@link
    66  * attribute_escape()} before it is passed to the user or displayed. The default
     66 * attr()} before it is passed to the user or displayed. The default
    6767 * as with {@link the_title()}, is to display the title.
    6868 *
     
    8484
    8585    $title = $before . $title . $after;
    86     $title = attribute_escape(strip_tags($title));
     86    $title = attr(strip_tags($title));
    8787
    8888    if ( $echo )
     
    925925        $url = get_attachment_link($_post->ID);
    926926
    927     $post_title = attribute_escape($_post->post_title);
     927    $post_title = attr($_post->post_title);
    928928
    929929    if ( $text ) {
    930         $link_text = attribute_escape($text);
     930        $link_text = attr($text);
    931931    } elseif ( ( is_int($size) && $size != 0 ) or ( is_string($size) && $size != 'none' ) or $size != false ) {
    932932        $link_text = wp_get_attachment_image($id, $size, $icon);
     
    962962        $url = get_attachment_link($_post->ID);
    963963
    964     $post_title = attribute_escape($_post->post_title);
     964    $post_title = attr($_post->post_title);
    965965
    966966    $innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims);
     
    10581058    }
    10591059
    1060     $post_title = attribute_escape($post->post_title);
     1060    $post_title = attr($post->post_title);
    10611061
    10621062    $icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>";
     
    10861086
    10871087
    1088     $innerHTML = attribute_escape($post->post_title);
     1088    $innerHTML = attr($post->post_title);
    10891089
    10901090    return apply_filters('attachment_innerHTML', $innerHTML, $post->ID);
  • trunk/wp-includes/post.php

    r11108 r11109  
    870870                $value = format_to_edit($value);
    871871        } else {
    872             $value = attribute_escape($value);
     872            $value = attr($value);
    873873        }
    874874    } else if ( 'db' == $context ) {
     
    889889
    890890    if ( 'attribute' == $context )
    891         $value = attribute_escape($value);
     891        $value = attr($value);
    892892    else if ( 'js' == $context )
    893893        $value = js_escape($value);
  • trunk/wp-includes/rss.php

    r11016 r11109  
    874874                '<li><a href="%1$s" title="%2$s">%3$s</a></li>',
    875875                clean_url( $item['link'] ),
    876                 attribute_escape( strip_tags( $item['description'] ) ),
     876                attr( strip_tags( $item['description'] ) ),
    877877                htmlentities( $item['title'] )
    878878            );
  • trunk/wp-includes/script-loader.php

    r11093 r11109  
    7575        'quickLinks' => __('(Quick Links)'),
    7676        'wordLookup' => __('Enter a word to look up:'),
    77         'dictionaryLookup' => attribute_escape(__('Dictionary lookup')),
    78         'lookup' => attribute_escape(__('lookup')),
    79         'closeAllOpenTags' => attribute_escape(__('Close all open tags')),
    80         'closeTags' => attribute_escape(__('close tags')),
     77        'dictionaryLookup' => attr(__('Dictionary lookup')),
     78        'lookup' => attr(__('lookup')),
     79        'closeAllOpenTags' => attr(__('Close all open tags')),
     80        'closeTags' => attr(__('close tags')),
    8181        'enterURL' => __('Enter the URL'),
    8282        'enterImageURL' => __('Enter the URL of the image'),
     
    213213        $scripts->add_data( 'ajaxcat', 'group', 1 );
    214214        $scripts->localize( 'ajaxcat', 'catL10n', array(
    215             'add' => attribute_escape(__('Add')),
     215            'add' => attr(__('Add')),
    216216            'how' => __('Separate multiple categories with commas.'),
    217217            'l10n_print_after' => 'try{convertEntities(catL10n);}catch(e){};'
     
    267267        $scripts->localize( 'post', 'postL10n', array(
    268268            'tagsUsed' =>  __('Tags used on this post:'),
    269             'add' => attribute_escape(__('Add')),
    270             'addTag' => attribute_escape(__('Add new tag')),
     269            'add' => attr(__('Add')),
     270            'addTag' => attr(__('Add new tag')),
    271271            'separate' => __('Separate tags with commas'),
    272272            'cancel' => __('Cancel'),
     
    605605        $ver = md5("$wp_scripts->concat_version");
    606606        $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&load=" . trim($wp_scripts->concat, ', ') . "&ver=$ver";
    607         echo "<script type='text/javascript' src='" . attribute_escape($src) . "'></script>\n";
     607        echo "<script type='text/javascript' src='" . attr($src) . "'></script>\n";
    608608    }
    609609
     
    672672            $ver = md5("$wp_styles->concat_version{$dir}");
    673673            $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}&load=" . trim($wp_styles->concat, ', ') . "&ver=$ver";
    674             echo "<link rel='stylesheet' href='" . attribute_escape($href) . "' type='text/css' media='all' />\n";
     674            echo "<link rel='stylesheet' href='" . attr($href) . "' type='text/css' media='all' />\n";
    675675        }
    676676
  • trunk/wp-includes/taxonomy.php

    r11068 r11109  
    992992            $value = format_to_edit($value);
    993993        else
    994             $value = attribute_escape($value);
     994            $value = attr($value);
    995995    } else if ( 'db' == $context ) {
    996996        $value = apply_filters("pre_term_$field", $value, $taxonomy);
     
    10101010
    10111011    if ( 'attribute' == $context )
    1012         $value = attribute_escape($value);
     1012        $value = attr($value);
    10131013    else if ( 'js' == $context )
    10141014        $value = js_escape($value);
     
    22612261
    22622262        foreach ( $terms as $term )
    2263             $links[] = "<a href='" . attribute_escape(get_term_link($term, $taxonomy)) . "'>$term->name</a>";
     2263            $links[] = "<a href='" . attr(get_term_link($term, $taxonomy)) . "'>$term->name</a>";
    22642264
    22652265        if ( $links )
  • trunk/wp-includes/theme.php

    r11061 r11109  
    933933    if ( 0 === strpos($link, 'preview=1') )
    934934        $link = "?$link";
    935     return $matches[1] . attribute_escape( $link ) . $matches[4];
     935    return $matches[1] . attr( $link ) . $matches[4];
    936936}
    937937
  • trunk/wp-includes/update.php

    r10939 r11109  
    6363        $returns = explode("\n", $entry);
    6464        $new_option = new stdClass();
    65         $new_option->response = attribute_escape( $returns[0] );
     65        $new_option->response = attr( $returns[0] );
    6666        if ( isset( $returns[1] ) )
    6767            $new_option->url = clean_url( $returns[1] );
     
    6969            $new_option->package = clean_url( $returns[2] );
    7070        if ( isset( $returns[3] ) )
    71             $new_option->current = attribute_escape( $returns[3] );
     71            $new_option->current = attr( $returns[3] );
    7272        if ( isset( $returns[4] ) )
    73             $new_option->locale = attribute_escape( $returns[4] );
     73            $new_option->locale = attr( $returns[4] );
    7474        $new_options[] = $new_option;
    7575    }
  • trunk/wp-links-opml.php

    r7991 r11109  
    3030<opml version="1.0">
    3131    <head>
    32         <title>Links for <?php echo attribute_escape(get_bloginfo('name', 'display').$cat_name); ?></title>
     32        <title>Links for <?php echo attr(get_bloginfo('name', 'display').$cat_name); ?></title>
    3333        <dateCreated><?php echo gmdate("D, d M Y H:i:s"); ?> GMT</dateCreated>
    3434    </head>
     
    4545
    4646?>
    47 <outline type="category" title="<?php echo attribute_escape($catname); ?>">
     47<outline type="category" title="<?php echo attr($catname); ?>">
    4848<?php
    4949
    5050    $bookmarks = get_bookmarks("category={$cat->term_id}");
    5151    foreach ((array) $bookmarks as $bookmark) {
    52         $title = attribute_escape(apply_filters('link_title', $bookmark->link_name));
     52        $title = attr(apply_filters('link_title', $bookmark->link_name));
    5353?>
    54     <outline text="<?php echo $title; ?>" type="link" xmlUrl="<?php echo attribute_escape($bookmark->link_rss); ?>" htmlUrl="<?php echo attribute_escape($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />
     54    <outline text="<?php echo $title; ?>" type="link" xmlUrl="<?php echo attr($bookmark->link_rss); ?>" htmlUrl="<?php echo attr($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />
    5555<?php
    5656
  • trunk/wp-login.php

    r11104 r11109  
    308308    <p>
    309309        <label><?php _e('Username or E-mail:') ?><br />
    310         <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape($user_login); ?>" size="20" tabindex="10" /></label>
     310        <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr($user_login); ?>" size="20" tabindex="10" /></label>
    311311    </p>
    312312<?php do_action('lostpassword_form'); ?>
     
    375375    <p>
    376376        <label><?php _e('Username') ?><br />
    377         <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
     377        <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
    378378    </p>
    379379    <p>
    380380        <label><?php _e('E-mail') ?><br />
    381         <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
     381        <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
    382382    </p>
    383383<?php do_action('register_form'); ?>
     
    461461
    462462    if ( isset($_POST['log']) )
    463         $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attribute_escape(stripslashes($_POST['log'])) : '';
     463        $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attr(stripslashes($_POST['log'])) : '';
    464464?>
    465465
     
    478478    <p class="submit">
    479479        <input type="submit" name="wp-submit" id="wp-submit" value="<?php _ea('Log In'); ?>" tabindex="100" />
    480         <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
     480        <input type="hidden" name="redirect_to" value="<?php echo attr($redirect_to); ?>" />
    481481        <input type="hidden" name="testcookie" value="1" />
    482482    </p>
Note: See TracChangeset for help on using the changeset viewer.