Changeset 11109
- Timestamp:
- 04/28/2009 05:58:45 AM (16 years ago)
- Location:
- trunk
- Files:
-
- 84 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r11104 r11109 475 475 $level++; 476 476 } 477 $cat_full_name = attr ibute_escape($cat_full_name);477 $cat_full_name = attr($cat_full_name); 478 478 479 479 $x = new WP_Ajax_Response( array( … … 553 553 554 554 $tag_full_name = $tag->name; 555 $tag_full_name = attr ibute_escape($tag_full_name);555 $tag_full_name = attr($tag_full_name); 556 556 557 557 $x = new WP_Ajax_Response( array( -
trunk/wp-admin/custom-header.php
r11104 r11109 288 288 <input type="button" class="button" value="<?php _ea('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php _ea('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" /> 289 289 <?php wp_nonce_field('custom-header') ?> 290 <input type="hidden" name="textcolor" id="textcolor" value="#<?php attr ibute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form>290 <input type="hidden" name="textcolor" id="textcolor" value="#<?php attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form> 291 291 <?php } ?> 292 292 … … 297 297 <p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p> 298 298 299 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attr ibute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">299 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;"> 300 300 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" /> 301 301 <input type="hidden" name="action" value="save" /> … … 312 312 <h2><?php _e('Reset Header Image and Color'); ?></h2> 313 313 <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p> 314 <form method="post" action="<?php echo attr ibute_escape(add_query_arg('step', 1)) ?>">314 <form method="post" action="<?php echo attr(add_query_arg('step', 1)) ?>"> 315 315 <?php wp_nonce_field('custom-header'); ?> 316 316 <input type="submit" class="button" name="resetheader" value="<?php _ea('Restore Original Header'); ?>" /> … … 373 373 <div class="wrap"> 374 374 375 <form method="POST" action="<?php echo attr ibute_escape(add_query_arg('step', 3)) ?>">375 <form method="POST" action="<?php echo attr(add_query_arg('step', 3)) ?>"> 376 376 377 377 <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p> -
trunk/wp-admin/edit-attachment-rows.php
r10774 r11109 63 63 ?> 64 64 65 <a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attr ibute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>">65 <a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"> 66 66 <?php echo $thumb; ?> 67 67 </a> … … 75 75 case 'media': 76 76 ?> 77 <td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr ibute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />77 <td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br /> 78 78 <?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?> 79 79 <p> … … 84 84 if ( current_user_can('delete_post', $post->ID) ) 85 85 $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 86 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr ibute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';86 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 87 87 $action_count = count($actions); 88 88 $i = 0; … … 183 183 ?> 184 184 <td <?php echo $attributes ?>> 185 <a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attr ibute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php _e('Edit'); ?></a> |185 <a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php _e('Edit'); ?></a> | 186 186 <a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a> 187 187 </td> -
trunk/wp-admin/edit-category-form.php
r11104 r11109 50 50 <tr class="form-field form-required"> 51 51 <th scope="row" valign="top"><label for="cat_name"><?php _e('Category Name') ?></label></th> 52 <td><input name="cat_name" id="cat_name" type="text" value="<?php echo attr ibute_escape($category->name); ?>" size="40" aria-required="true" /><br />52 <td><input name="cat_name" id="cat_name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /><br /> 53 53 <?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></td> 54 54 </tr> 55 55 <tr class="form-field"> 56 56 <th scope="row" valign="top"><label for="category_nicename"><?php _e('Category Slug') ?></label></th> 57 <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attr ibute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />57 <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br /> 58 58 <?php _e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td> 59 59 </tr> -
trunk/wp-admin/edit-comments.php
r11104 r11109 84 84 require_once('admin-header.php'); 85 85 86 $mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr ibute_escape($_GET['mode']);86 $mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']); 87 87 88 88 $default_status = get_user_option('edit_comments_last_view'); … … 95 95 update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status); 96 96 97 $comment_type = !empty($_GET['comment_type']) ? attr ibute_escape($_GET['comment_type']) : '';97 $comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : ''; 98 98 99 99 $search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : ''; 100 $search = attr ibute_escape( $search_dirty ); ?>100 $search = attr( $search_dirty ); ?> 101 101 102 102 <div class="wrap"> … … 165 165 // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark 166 166 if ( !empty( $_GET['s'] ) ) 167 $link = add_query_arg( 's', attr ibute_escape( stripslashes( $_GET['s'] ) ), $link );167 $link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link ); 168 168 */ 169 169 $status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf( … … 365 365 <input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" /> 366 366 <input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" /> 367 <input type="hidden" name="p" value="<?php echo attr ibute_escape( $post_id ); ?>" />368 <input type="hidden" name="comment_type" value="<?php echo attr ibute_escape( $comment_type ); ?>" />367 <input type="hidden" name="p" value="<?php echo attr( $post_id ); ?>" /> 368 <input type="hidden" name="comment_type" value="<?php echo attr( $comment_type ); ?>" /> 369 369 <?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?> 370 370 </form> -
trunk/wp-admin/edit-form-advanced.php
r11104 r11109 17 17 if ( isset($_GET['message']) ) 18 18 $_GET['message'] = absint( $_GET['message'] ); 19 $messages[1] = sprintf( __( 'Post updated. Continue editing below or <a href="%s">go back</a>.' ), attr ibute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );19 $messages[1] = sprintf( __( 'Post updated. Continue editing below or <a href="%s">go back</a>.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) ); 20 20 $messages[2] = __('Custom field updated.'); 21 21 $messages[3] = __('Custom field deleted.'); … … 170 170 171 171 <div id="post-visibility-select" class="hide-if-js"> 172 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr ibute_escape($post->post_password); ?>" />172 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" /> 173 173 <input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> /> 174 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr ibute_escape( $visibility ); ?>" />174 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" /> 175 175 176 176 … … 178 178 <span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span> 179 179 <input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br /> 180 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr ibute_escape($post->post_password); ?>" /><br /></span>180 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span> 181 181 <input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br /> 182 182 … … 272 272 $tax_name = substr($box['id'], 8); 273 273 $taxonomy = get_taxonomy($tax_name); 274 $helps = isset($taxonomy->helps) ? attr ibute_escape($taxonomy->helps) : __('Separate tags with commas.');274 $helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.'); 275 275 ?> 276 276 <div class="tagsdiv" id="<?php echo $tax_name; ?>"> … … 294 294 if ( !is_taxonomy_hierarchical($tax_name) ) { 295 295 $taxonomy = get_taxonomy($tax_name); 296 $label = isset($taxonomy->label) ? attr ibute_escape($taxonomy->label) : $tax_name;296 $label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name; 297 297 298 298 add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core'); … … 385 385 */ 386 386 function post_trackback_meta_box($post) { 387 $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr ibute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';387 $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr( str_replace("\n", ' ', $post->to_ping) ) .'" />'; 388 388 if ('' != $post->pinged) { 389 389 $pings = '<p>'. __('Already pinged:') . '</p><ul>'; … … 498 498 function post_slug_meta_box($post) { 499 499 ?> 500 <label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr ibute_escape( $post->post_name ); ?>" />500 <label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" /> 501 501 <?php 502 502 } … … 575 575 <input type="hidden" id="hiddenaction" name="action" value="<?php echo attr($form_action) ?>" /> 576 576 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" /> 577 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr ibute_escape( $post->post_author ); ?>" />577 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" /> 578 578 <input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" /> 579 579 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" /> … … 596 596 <div id="titlediv"> 597 597 <div id="titlewrap"> 598 <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr ibute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />598 <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 599 599 </div> 600 600 <div class="inside"> -
trunk/wp-admin/edit-form-comment.php
r11104 r11109 27 27 <?php 28 28 29 $email = attr ibute_escape( $comment->comment_author_email );30 $url = attr ibute_escape( $comment->comment_author_url );29 $email = attr( $comment->comment_author_email ); 30 $url = attr( $comment->comment_author_url ); 31 31 // add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core'); 32 32 ?> … … 91 91 <tr valign="top"> 92 92 <td class="first"><?php _e( 'Name:' ); ?></td> 93 <td><input type="text" name="newcomment_author" size="30" value="<?php echo attr ibute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>93 <td><input type="text" name="newcomment_author" size="30" value="<?php echo attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td> 94 94 </tr> 95 95 <tr valign="top"> -
trunk/wp-admin/edit-link-category-form.php
r11104 r11109 68 68 <tr class="form-field"> 69 69 <th scope="row" valign="top"><label for="slug"><?php _e('Link Category slug') ?></label></th> 70 <td><input name="slug" id="slug" type="text" value="<?php echo attr ibute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />70 <td><input name="slug" id="slug" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br /> 71 71 <?php _e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td> 72 72 </tr> -
trunk/wp-admin/edit-link-form.php
r11104 r11109 405 405 <input type="hidden" name="action" value="save" /> 406 406 <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" /> 407 <input type="hidden" name="order_by" value="<?php echo attr ibute_escape($order_by); ?>" />407 <input type="hidden" name="order_by" value="<?php echo attr($order_by); ?>" /> 408 408 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> 409 409 <?php else: ?> -
trunk/wp-admin/edit-page-form.php
r11104 r11109 19 19 if ( isset($_GET['message']) ) 20 20 $_GET['message'] = absint( $_GET['message'] ); 21 $messages[1] = sprintf( __( 'Page updated. Continue editing below or <a href="%s">go back</a>.' ), attr ibute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );21 $messages[1] = sprintf( __( 'Page updated. Continue editing below or <a href="%s">go back</a>.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) ); 22 22 $messages[2] = __('Custom field updated.'); 23 23 $messages[3] = __('Custom field deleted.'); … … 74 74 <div id="save-action"> 75 75 <?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status ) { ?> 76 <input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attr ibute_escape( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />76 <input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attr( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" /> 77 77 <?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?> 78 <input type="submit" name="save" id="save-post" value="<?php echo attr ibute_escape( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />78 <input type="submit" name="save" id="save-post" value="<?php echo attr( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" /> 79 79 <?php } ?> 80 80 </div> … … 163 163 164 164 <div id="post-visibility-select" class="hide-if-js"> 165 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr ibute_escape($post->post_password); ?>" />166 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr ibute_escape( $visibility ); ?>" />165 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" /> 166 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" /> 167 167 168 168 169 169 <input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br /> 170 170 <input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br /> 171 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr ibute_escape($post->post_password); ?>" /><br /></span>171 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span> 172 172 <input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br /> 173 173 … … 350 350 function page_slug_meta_box($post){ 351 351 ?> 352 <label class="hidden" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr ibute_escape( $post->post_name ); ?>" />352 <label class="hidden" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" /> 353 353 <?php 354 354 } … … 420 420 <input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' /> 421 421 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" /> 422 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr ibute_escape( $post->post_author ); ?>" />422 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" /> 423 423 <?php echo $form_extra ?> 424 424 <input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" /> … … 443 443 <div id="titlediv"> 444 444 <div id="titlewrap"> 445 <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr ibute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />445 <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 446 446 </div> 447 447 <div class="inside"> -
trunk/wp-admin/edit-pages.php
r11036 r11109 176 176 177 177 <?php if ( isset($_GET['post_status'] ) ) : ?> 178 <input type="hidden" name="post_status" value="<?php echo attr ibute_escape($_GET['post_status']) ?>" />178 <input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" /> 179 179 <?php endif; ?> 180 180 -
trunk/wp-admin/edit-tag-form.php
r10903 r11109 22 22 <input type="hidden" name="action" value="editedtag" /> 23 23 <input type="hidden" name="tag_ID" value="<?php echo $tag->term_id ?>" /> 24 <input type="hidden" name="taxonomy" value="<?php echo attr ibute_escape($taxonomy) ?>" />24 <input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy) ?>" /> 25 25 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?> 26 26 <table class="form-table"> 27 27 <tr class="form-field form-required"> 28 28 <th scope="row" valign="top"><label for="name"><?php _e('Tag name') ?></label></th> 29 <td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attr ibute_escape($tag->name); ?>" size="40" aria-required="true" />29 <td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attr($tag->name); ?>" size="40" aria-required="true" /> 30 30 <p><?php _e('The name is how the tag appears on your site.'); ?></p></td> 31 31 </tr> 32 32 <tr class="form-field"> 33 33 <th scope="row" valign="top"><label for="slug"><?php _e('Tag slug') ?></label></th> 34 <td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attr ibute_escape(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />34 <td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" /> 35 35 <p><?php _e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td> 36 36 </tr> -
trunk/wp-admin/edit-tags.php
r10943 r11109 171 171 <div class="col-wrap"> 172 172 <form id="posts-filter" action="" method="get"> 173 <input type="hidden" name="taxonomy" value="<?php echo attr ibute_escape($taxonomy); ?>" />173 <input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" /> 174 174 <div class="tablenav"> 175 175 <?php … … 277 277 <form name="addtag" id="addtag" method="post" action="edit-tags.php" class="add:the-list: validate"> 278 278 <input type="hidden" name="action" value="addtag" /> 279 <input type="hidden" name="taxonomy" value="<?php echo attr ibute_escape($taxonomy); ?>" />279 <input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" /> 280 280 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('add-tag'); ?> 281 281 -
trunk/wp-admin/edit.php
r10943 r11109 93 93 $mode = 'list'; 94 94 else 95 $mode = attr ibute_escape($_GET['mode']); ?>95 $mode = attr($_GET['mode']); ?> 96 96 97 97 <div class="wrap"> … … 171 171 172 172 <?php if ( isset($_GET['post_status'] ) ) : ?> 173 <input type="hidden" name="post_status" value="<?php echo attr ibute_escape($_GET['post_status']) ?>" />173 <input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" /> 174 174 <?php endif; ?> 175 175 <input type="hidden" name="mode" value="<?php echo $mode; ?>" /> -
trunk/wp-admin/import/dotclear.php
r10606 r11109 216 216 wp_nonce_field('import-dotclear'); 217 217 $this->db_form(); 218 echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr ibute_escape(__('Import Categories')).'" /></p>';218 echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr(__('Import Categories')).'" /></p>'; 219 219 echo '</form></div>'; 220 220 } … … 633 633 echo '<form action="admin.php?import=dotclear&step=2" method="post">'; 634 634 wp_nonce_field('import-dotclear'); 635 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Users')));635 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Users'))); 636 636 echo '</form>'; 637 637 … … 646 646 echo '<form action="admin.php?import=dotclear&step=3" method="post">'; 647 647 wp_nonce_field('import-dotclear'); 648 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Posts')));648 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Posts'))); 649 649 echo '</form>'; 650 650 } … … 660 660 echo '<form action="admin.php?import=dotclear&step=4" method="post">'; 661 661 wp_nonce_field('import-dotclear'); 662 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Comments')));662 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Comments'))); 663 663 echo '</form>'; 664 664 } … … 672 672 echo '<form action="admin.php?import=dotclear&step=5" method="post">'; 673 673 wp_nonce_field('import-dotclear'); 674 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Links')));674 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Links'))); 675 675 echo '</form>'; 676 676 } … … 685 685 echo '<form action="admin.php?import=dotclear&step=6" method="post">'; 686 686 wp_nonce_field('import-dotclear'); 687 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Finish')));687 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Finish'))); 688 688 echo '</form>'; 689 689 } -
trunk/wp-admin/import/livejournal.php
r11081 r11109 185 185 <p><?php _e( 'It looks like you attempted to import your LiveJournal posts previously and got interrupted.' ) ?></p> 186 186 <p class="submit"> 187 <input type="submit" class="button-primary" value="<?php echo attr ibute_escape( __( 'Continue previous import' ) ) ?>" />187 <input type="submit" class="button-primary" value="<?php echo attr( __( 'Continue previous import' ) ) ?>" /> 188 188 </p> 189 <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr ibute_escape( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p>189 <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p> 190 190 <p> 191 191 <?php else : ?> … … 224 224 225 225 <p class="submit"> 226 <input type="submit" class="button-primary" value="<?php echo attr ibute_escape( __( 'Connect to LiveJournal and Import' ) ) ?>" />226 <input type="submit" class="button-primary" value="<?php echo attr( __( 'Connect to LiveJournal and Import' ) ) ?>" /> 227 227 </p> 228 228 … … 725 725 ?> 726 726 <p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p> 727 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr ibute_escape( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>727 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 728 728 <?php 729 729 return false; … … 737 737 ?> 738 738 <p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p> 739 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr ibute_escape( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>739 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 740 740 <?php 741 741 return false; … … 817 817 <?php wp_nonce_field( 'lj-api-import' ) ?> 818 818 <input type="hidden" name="step" id="step" value="1" /> 819 <p><input type="submit" class="button-primary" value="<?php echo attr ibute_escape( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>819 <p><input type="submit" class="button-primary" value="<?php echo attr( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p> 820 820 </form> 821 821 <?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?> … … 867 867 <?php wp_nonce_field( 'lj-api-import' ) ?> 868 868 <input type="hidden" name="step" id="step" value="2" /> 869 <p><input type="submit" class="button-primary" value="<?php echo attr ibute_escape( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p>869 <p><input type="submit" class="button-primary" value="<?php echo attr( __( 'Import the next batch' ) ) ?>" /> <span id="auto-message"></span></p> 870 870 </form> 871 871 <?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?> … … 943 943 $str .= wp_referer_field( false ); 944 944 $str .= '<input type="hidden" name="step" id="step" value="' . $next_step . '" />'; 945 $str .= '<p><input type="submit" class="button-primary" value="' . attr ibute_escape( $label ) . '" /> <span id="auto-message"></span></p>';945 $str .= '<p><input type="submit" class="button-primary" value="' . attr( $label ) . '" /> <span id="auto-message"></span></p>'; 946 946 $str .= '</form>'; 947 947 -
trunk/wp-admin/import/mt.php
r10810 r11109 40 40 41 41 <?php wp_import_upload_form( add_query_arg('step', 1) ); ?> 42 <form method="post" action="<?php echo attr ibute_escape(add_query_arg('step', 1)); ?>" class="import-upload-form">42 <form method="post" action="<?php echo attr(add_query_arg('step', 1)); ?>" class="import-upload-form"> 43 43 44 44 <?php wp_nonce_field('import-upload'); ?> … … 47 47 <?php _e('Or use <code>mt-export.txt</code> in your <code>/wp-content/</code> directory'); ?></p> 48 48 <p class="submit"> 49 <input type="submit" class="button" value="<?php echo attr ibute_escape(__('Import mt-export.txt')); ?>" />49 <input type="submit" class="button" value="<?php echo attr(__('Import mt-export.txt')); ?>" /> 50 50 </p> 51 51 </form> -
trunk/wp-admin/import/textpattern.php
r10606 r11109 71 71 wp_nonce_field('import-textpattern'); 72 72 $this->db_form(); 73 echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr ibute_escape(__('Import')).'" /></p>';73 echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attr(__('Import')).'" /></p>'; 74 74 echo '</form>'; 75 75 echo '</div>'; … … 506 506 echo '<form action="admin.php?import=textpattern&step=2" method="post">'; 507 507 wp_nonce_field('import-textpattern'); 508 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Users')));508 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Users'))); 509 509 echo '</form>'; 510 510 … … 519 519 echo '<form action="admin.php?import=textpattern&step=3" method="post">'; 520 520 wp_nonce_field('import-textpattern'); 521 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Posts')));521 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Posts'))); 522 522 echo '</form>'; 523 523 } … … 533 533 echo '<form action="admin.php?import=textpattern&step=4" method="post">'; 534 534 wp_nonce_field('import-textpattern'); 535 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Comments')));535 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Comments'))); 536 536 echo '</form>'; 537 537 } … … 545 545 echo '<form action="admin.php?import=textpattern&step=5" method="post">'; 546 546 wp_nonce_field('import-textpattern'); 547 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Import Links')));547 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Import Links'))); 548 548 echo '</form>'; 549 549 } … … 558 558 echo '<form action="admin.php?import=textpattern&step=6" method="post">'; 559 559 wp_nonce_field('import-textpattern'); 560 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr ibute_escape(__('Finish')));560 printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attr(__('Finish'))); 561 561 echo '</form>'; 562 562 } -
trunk/wp-admin/import/wordpress.php
r10606 r11109 234 234 235 235 echo '<p class="submit">'; 236 echo '<input type="submit" class="button" value="'.attr ibute_escape( __('Submit') ).'" />'.'<br />';236 echo '<input type="submit" class="button" value="'.attr( __('Submit') ).'" />'.'<br />'; 237 237 echo '</p>'; 238 238 echo '</form>'; -
trunk/wp-admin/import/wp-cat2tag.php
r10608 r11109 185 185 186 186 <?php foreach ( $this->all_tags as $tag ) { ?> 187 <li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attr ibute_escape($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id), $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>187 <li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id), $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li> 188 188 189 189 <?php } ?> -
trunk/wp-admin/includes/bookmark.php
r10414 r11109 60 60 61 61 if ( isset( $_GET['name'] ) ) 62 $link->link_name = attr ibute_escape( $_GET['name']);62 $link->link_name = attr( $_GET['name']); 63 63 else 64 64 $link->link_name = ''; -
trunk/wp-admin/includes/class-wp-upgrader.php
r11089 r11109 821 821 } 822 822 $update_actions = array( 823 'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attr ibute_escape(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',824 'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attr ibute_escape(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'823 'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>', 824 'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>' 825 825 ); 826 826 if ( $this->plugin_active ) … … 872 872 873 873 $install_actions = array( 874 'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attr ibute_escape(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',874 'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>', 875 875 ); 876 876 877 877 if ( $this->type == 'web' ) 878 $install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attr ibute_escape(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';878 $install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attr(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>'; 879 879 else 880 $install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attr ibute_escape(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>';880 $install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'; 881 881 882 882 … … 937 937 938 938 $install_actions = array( 939 'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr ibute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',940 'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr ibute_escape( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>'939 'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>', 940 'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>' 941 941 ); 942 942 943 943 if ( $this->type == 'web' ) 944 $install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attr ibute_escape(__('Back to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>';944 $install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attr(__('Back to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>'; 945 945 else 946 $install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attr ibute_escape(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>';946 $install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>'; 947 947 948 948 if ( ! $this->result || is_wp_error($this->result) ) … … 996 996 997 997 $update_actions = array( 998 'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr ibute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>',999 'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr ibute_escape( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>',1000 'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attr ibute_escape(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>',998 'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>', 999 'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr( sprintf( __('Activate "%s"'), $name ) ) . '">' . __('Activate') . '</a>', 1000 'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>', 1001 1001 ); 1002 1002 if ( ( ! $this->result || is_wp_error($this->result) ) || $stylesheet == get_stylesheet() ) -
trunk/wp-admin/includes/dashboard.php
r11081 r11109 372 372 <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4> 373 373 <div class="input-text-wrap"> 374 <input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attr ibute_escape( $post->post_title ); ?>" />374 <input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attr( $post->post_title ); ?>" /> 375 375 </div> 376 376 … … 433 433 $url = get_edit_post_link( $draft->ID ); 434 434 $title = _draft_or_post_title( $draft->ID ); 435 $item = "<h4><a href='$url' title='" . sprintf( __( 'Edit "%s"' ), attr ibute_escape( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';435 $item = "<h4><a href='$url' title='" . sprintf( __( 'Edit "%s"' ), attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>'; 436 436 if ( $the_content = preg_split( '#\s#', strip_tags( $draft->post_content ), 11, PREG_SPLIT_NO_EMPTY ) ) 437 437 $item .= '<p>' . join( ' ', array_slice( $the_content, 0, 10 ) ) . ( 10 < count( $the_content ) ? '…' : '' ) . '</p>'; … … 580 580 <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden"> 581 581 <textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea> 582 <div class="author-email"><?php echo attr ibute_escape( $comment->comment_author_email ); ?></div>583 <div class="author"><?php echo attr ibute_escape( $comment->comment_author ); ?></div>584 <div class="author-url"><?php echo attr ibute_escape( $comment->comment_author_url ); ?></div>582 <div class="author-email"><?php echo attr( $comment->comment_author_email ); ?></div> 583 <div class="author"><?php echo attr( $comment->comment_author ); ?></div> 584 <div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div> 585 585 <div class="comment_status"><?php echo $comment->comment_approved; ?></div> 586 586 </div> -
trunk/wp-admin/includes/file.php
r11063 r11109 732 732 <tr valign="top"> 733 733 <th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th> 734 <td><input name="hostname" type="text" id="hostname" value="<?php echo attr ibute_escape($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>734 <td><input name="hostname" type="text" id="hostname" value="<?php echo attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td> 735 735 </tr> 736 736 737 737 <tr valign="top"> 738 738 <th scope="row"><label for="username"><?php _e('Username') ?></label></th> 739 <td><input name="username" type="text" id="username" value="<?php echo attr ibute_escape($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>739 <td><input name="username" type="text" id="username" value="<?php echo attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td> 740 740 </tr> 741 741 … … 751 751 <label for="private_key"><?php _e('Private Key:') ?></label> 752 752 </div></th> 753 <td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attr ibute_escape($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attribute_escape($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />753 <td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" /> 754 754 <div><?php _e('Enter the location on the server where the keys are located. If a passphrase is needed, enter that in the password field above.') ?></div></td> 755 755 </tr> … … 768 768 769 769 <?php if ( isset( $_POST['version'] ) ) : ?> 770 <input type="hidden" name="version" value="<?php echo attr ibute_escape($_POST['version']) ?>" />770 <input type="hidden" name="version" value="<?php echo attr($_POST['version']) ?>" /> 771 771 <?php endif; ?> 772 772 <?php if ( isset( $_POST['locale'] ) ) : ?> 773 <input type="hidden" name="locale" value="<?php echo attr ibute_escape($_POST['locale']) ?>" />773 <input type="hidden" name="locale" value="<?php echo attr($_POST['locale']) ?>" /> 774 774 <?php endif; ?> 775 775 <p class="submit"> -
trunk/wp-admin/includes/manifest.php
r11079 r11109 27 27 * @ignore 28 28 */ 29 function attr ibute_escape() {}29 function attr() {} 30 30 31 31 /** -
trunk/wp-admin/includes/media.php
r11052 r11109 79 79 $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false)); 80 80 $link = "<a href='" . clean_url($href) . "'$class>$text</a>"; 81 echo "\t<li id='" . attr ibute_escape("tab-$callback") . "'>$link</li>\n";81 echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n"; 82 82 } 83 83 echo "</ul>\n"; … … 105 105 $html = get_image_tag($id, $htmlalt, $title, $align, $size); 106 106 107 $rel = $rel ? ' rel="attachment wp-att-'.attr ibute_escape($id).'"' : '';107 $rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : ''; 108 108 109 109 if ( $url ) … … 425 425 if ( !empty($attachment['url']) ) { 426 426 if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) ) 427 $rel = " rel='attachment wp-att-".attr ibute_escape($send_id)."'";427 $rel = " rel='attachment wp-att-".attr($send_id)."'"; 428 428 $html = "<a href='{$attachment['url']}'$rel>$html</a>"; 429 429 } … … 460 460 if ( !empty($src) && !strpos($src, '://') ) 461 461 $src = "http://$src"; 462 $alt = attr ibute_escape($_POST['insertonly']['alt']);462 $alt = attr($_POST['insertonly']['alt']); 463 463 if ( isset($_POST['insertonly']['align']) ) { 464 $align = attr ibute_escape($_POST['insertonly']['align']);464 $align = attr($_POST['insertonly']['align']); 465 465 $class = " class='align$align'"; 466 466 } … … 554 554 if ( !empty($href) && !strpos($href, '://') ) 555 555 $href = "http://$href"; 556 $title = attr ibute_escape($_POST['insertonly']['title']);556 $title = attr($_POST['insertonly']['title']); 557 557 if ( empty($title) ) 558 558 $title = basename($href); … … 608 608 if ( !empty($href) && !strpos($href, '://') ) 609 609 $href = "http://$href"; 610 $title = attr ibute_escape($_POST['insertonly']['title']);610 $title = attr($_POST['insertonly']['title']); 611 611 if ( empty($title) ) 612 612 $title = basename($href); … … 662 662 if ( !empty($href) && !strpos($href, '://') ) 663 663 $href = "http://$href"; 664 $title = attr ibute_escape($_POST['insertonly']['title']);664 $title = attr($_POST['insertonly']['title']); 665 665 if ( empty($title) ) 666 666 $title = basename($href); … … 826 826 $url = $link; 827 827 828 return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr ibute_escape($url) . "' /><br />828 return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br /> 829 829 <button type='button' class='button urlnone' title=''>" . __('None') . "</button> 830 <button type='button' class='button urlfile' title='" . attr ibute_escape($file) . "'>" . __('File URL') . "</button>831 <button type='button' class='button urlpost' title='" . attr ibute_escape($link) . "'>" . __('Post URL') . "</button>830 <button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button> 831 <button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button> 832 832 "; 833 833 } … … 989 989 'label' => __('File URL'), 990 990 'input' => 'html', 991 'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr ibute_escape($image_url) . "' /><br />",991 'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />", 992 992 'value' => isset($edit_post->post_url) ? $edit_post->post_url : '', 993 993 'helps' => __('Location of the uploaded file.'), … … 1086 1086 1087 1087 $filename = basename($post->guid); 1088 $title = attr ibute_escape($post->post_title);1088 $title = attr($post->post_title); 1089 1089 1090 1090 if ( $_tags = get_the_tags($attachment_id) ) { 1091 1091 foreach ( $_tags as $tag ) 1092 1092 $tags[] = $tag->name; 1093 $tags = attr ibute_escape(join(', ', $tags));1093 $tags = attr(join(', ', $tags)); 1094 1094 } 1095 1095 … … 1098 1098 $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type)); 1099 1099 $type = array_shift($keys); 1100 $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr ibute_escape( $type ) . "' />";1100 $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />"; 1101 1101 } 1102 1102 … … 1157 1157 $delete_href = wp_nonce_url("post.php?action=delete-post&post=$attachment_id", 'delete-post_' . $attachment_id); 1158 1158 if ( $send ) 1159 $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attr ibute_escape( __( 'Insert into Post' ) ) . "' />";1159 $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attr( __( 'Insert into Post' ) ) . "' />"; 1160 1160 if ( $delete ) 1161 1161 $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>"; … … 1195 1195 $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>"; 1196 1196 } else { 1197 $item .= "<input type='text' id='$name' name='$name' value='" . attr ibute_escape( $field['value'] ) . "'" . $aria_required . "/>";1197 $item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>"; 1198 1198 } 1199 1199 if ( !empty($field['helps']) ) … … 1223 1223 1224 1224 foreach ( $hidden_fields as $name => $value ) 1225 $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr ibute_escape( $value ) . "' />\n";1225 $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n"; 1226 1226 1227 1227 if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) { … … 1304 1304 button_image_url: '<?php echo includes_url('images/upload.png'); ?>', 1305 1305 button_placeholder_id: "flash-browse-button", 1306 upload_url : "<?php echo attr ibute_escape( $flash_action_url ); ?>",1306 upload_url : "<?php echo attr( $flash_action_url ); ?>", 1307 1307 flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>", 1308 1308 file_post_name: "async-upload", … … 1351 1351 <?php do_action('pre-html-upload-ui'); ?> 1352 1352 <p id="async-upload-wrap"> 1353 <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attr ibute_escape(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>1353 <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attr(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a> 1354 1354 </p> 1355 1355 <div class="clear"></div> … … 1381 1381 ?> 1382 1382 1383 <form enctype="multipart/form-data" method="post" action="<?php echo attr ibute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">1383 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 1384 1384 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1385 1385 <?php wp_nonce_field('media-form'); ?> … … 1413 1413 ?> 1414 1414 </div> 1415 <input type="submit" class="button savebutton" name="save" value="<?php echo attr ibute_escape( __( 'Save all changes' ) ); ?>" />1415 <input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" /> 1416 1416 <?php 1417 1417 } … … 1437 1437 ?> 1438 1438 1439 <form enctype="multipart/form-data" method="post" action="<?php echo attr ibute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">1439 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 1440 1440 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1441 1441 <?php wp_nonce_field('media-form'); ?> … … 1571 1571 <a href="#" id="clear"><?php _e('Clear'); ?></a> 1572 1572 </div> 1573 <form enctype="multipart/form-data" method="post" action="<?php echo attr ibute_escape($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">1573 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form"> 1574 1574 <?php wp_nonce_field('media-form'); ?> 1575 1575 <?php //media_upload_form( $errors ); ?> … … 1586 1586 1587 1587 <p class="ml-submit"> 1588 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attr ibute_escape( __( 'Save all changes' ) ); ?>" />1588 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attr( __( 'Save all changes' ) ); ?>" /> 1589 1589 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1590 <input type="hidden" name="type" value="<?php echo attr ibute_escape( $GLOBALS['type'] ); ?>" />1591 <input type="hidden" name="tab" value="<?php echo attr ibute_escape( $GLOBALS['tab'] ); ?>" />1590 <input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" /> 1591 <input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" /> 1592 1592 </p> 1593 1593 … … 1663 1663 1664 1664 <p class="ml-submit"> 1665 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attr ibute_escape( __( 'Insert gallery' ) ); ?>" />1666 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attr ibute_escape( __( 'Update gallery settings' ) ); ?>" />1665 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attr( __( 'Insert gallery' ) ); ?>" /> 1666 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attr( __( 'Update gallery settings' ) ); ?>" /> 1667 1667 </p> 1668 1668 </div> … … 1700 1700 1701 1701 <form id="filter" action="" method="get"> 1702 <input type="hidden" name="type" value="<?php echo attr ibute_escape( $type ); ?>" />1703 <input type="hidden" name="tab" value="<?php echo attr ibute_escape( $tab ); ?>" />1702 <input type="hidden" name="type" value="<?php echo attr( $type ); ?>" /> 1703 <input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" /> 1704 1704 <input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" /> 1705 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr ibute_escape( $_GET['post_mime_type'] ) : ''; ?>" />1705 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" /> 1706 1706 1707 1707 <p id="media-search" class="search-box"> 1708 1708 <label class="hidden" for="media-search-input"><?php _e('Search Media');?>:</label> 1709 1709 <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" /> 1710 <input type="submit" value="<?php echo attr ibute_escape( __( 'Search Media' ) ); ?>" class="button" />1710 <input type="submit" value="<?php echo attr( __( 'Search Media' ) ); ?>" class="button" /> 1711 1711 </p> 1712 1712 … … 1787 1787 $default = ''; 1788 1788 1789 echo "<option$default value='" . attr ibute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";1789 echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>"; 1790 1790 echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" ); 1791 1791 echo "</option>\n"; … … 1795 1795 <?php } ?> 1796 1796 1797 <input type="submit" id="post-query-submit" value="<?php echo attr ibute_escape( __( 'Filter »' ) ); ?>" class="button-secondary" />1797 <input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter »' ) ); ?>" class="button-secondary" /> 1798 1798 1799 1799 </div> … … 1803 1803 </form> 1804 1804 1805 <form enctype="multipart/form-data" method="post" action="<?php echo attr ibute_escape($form_action_url); ?>" class="media-upload-form validate" id="library-form">1805 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form"> 1806 1806 1807 1807 <?php wp_nonce_field('media-form'); ?> … … 1825 1825 </div> 1826 1826 <p class="ml-submit"> 1827 <input type="submit" class="button savebutton" name="save" value="<?php echo attr ibute_escape( __( 'Save all changes' ) ); ?>" />1827 <input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" /> 1828 1828 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1829 1829 </p> … … 1907 1907 <td></td> 1908 1908 <td> 1909 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attr ibute_escape(__('Insert into Post')) . '" />1909 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attr(__('Insert into Post')) . '" /> 1910 1910 </td> 1911 1911 </tr> … … 1943 1943 <td></td> 1944 1944 <td> 1945 <input type="submit" class="button" name="insertonlybutton" value="' . attr ibute_escape(__('Insert into Post')) . '" />1945 <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" /> 1946 1946 </td> 1947 1947 </tr> … … 1978 1978 <td></td> 1979 1979 <td> 1980 <input type="submit" class="button" name="insertonlybutton" value="' . attr ibute_escape(__('Insert into Post')) . '" />1980 <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" /> 1981 1981 </td> 1982 1982 </tr> … … 2013 2013 <td></td> 2014 2014 <td> 2015 <input type="submit" class="button" name="insertonlybutton" value="' . attr ibute_escape(__('Insert into Post')) . '" />2015 <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" /> 2016 2016 </td> 2017 2017 </tr> -
trunk/wp-admin/includes/plugin-install.php
r11013 r11109 163 163 <option value="tag"<?php selected('tag', $type) ?>><?php _x('Tag', 'Plugin Installer') ?></option> 164 164 </select> 165 <input type="text" name="s" value="<?php echo attr ibute_escape($term) ?>" />166 <input type="submit" name="search" value="<?php echo attr ibute_escape(__('Search')) ?>" class="button" />165 <input type="text" name="s" value="<?php echo attr($term) ?>" /> 166 <input type="submit" name="search" value="<?php echo attr(__('Search')) ?>" class="button" /> 167 167 </form><?php 168 168 } … … 335 335 336 336 if( isset($plugin['homepage']) ) 337 $title = '<a target="_blank" href="' . attr ibute_escape($plugin['homepage']) . '">' . $title . '</a>';337 $title = '<a target="_blank" href="' . attr($plugin['homepage']) . '">' . $title . '</a>'; 338 338 339 339 $action_links = array(); 340 340 $action_links[] = '<a href="' . admin_url('plugin-install.php?tab=plugin-information&plugin=' . $plugin['slug'] . 341 341 '&TB_iframe=true&width=600&height=800') . '" class="thickbox onclick" title="' . 342 attr ibute_escape($name) . '">' . __('Install') . '</a>';342 attr($name) . '">' . __('Install') . '</a>'; 343 343 344 344 $action_links = apply_filters('plugin_install_action_links', $action_links, $plugin); … … 349 349 <td class="vers"> 350 350 <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $plugin['num_ratings']), number_format_i18n($plugin['num_ratings'])) ?>"> 351 <div class="star star-rating" style="width: <?php echo attr ibute_escape($plugin['rating']) ?>px"></div>351 <div class="star star-rating" style="width: <?php echo attr($plugin['rating']) ?>px"></div> 352 352 <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> 353 353 <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> … … 417 417 $href = add_query_arg( array('tab' => $tab, 'section' => $section_name) ); 418 418 $href = clean_url($href); 419 $san_title = attr ibute_escape(sanitize_title_with_dashes($title));419 $san_title = attr(sanitize_title_with_dashes($title)); 420 420 echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n"; 421 421 } … … 506 506 <h2><?php _e('Average Rating') ?></h2> 507 507 <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>"> 508 <div class="star star-rating" style="width: <?php echo attr ibute_escape($api->rating) ?>px"></div>508 <div class="star star-rating" style="width: <?php echo attr($api->rating) ?>px"></div> 509 509 <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> 510 510 <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> … … 531 531 $content = links_add_target($content, '_blank'); 532 532 533 $san_title = attr ibute_escape(sanitize_title_with_dashes($title));533 $san_title = attr(sanitize_title_with_dashes($title)); 534 534 535 535 $display = ( $section_name == $section ) ? 'block' : 'none'; -
trunk/wp-admin/includes/taxonomy.php
r10906 r11109 223 223 $tag_names[] = $tag->name; 224 224 $tags_to_edit = join( ',', $tag_names ); 225 $tags_to_edit = attr ibute_escape( $tags_to_edit );225 $tags_to_edit = attr( $tags_to_edit ); 226 226 $tags_to_edit = apply_filters( 'terms_to_edit', $tags_to_edit, $taxonomy ); 227 227 -
trunk/wp-admin/includes/template.php
r11073 r11109 119 119 $edit_link = "categories.php?action=edit&cat_ID=$category->term_id"; 120 120 if ( current_user_can( 'manage_categories' ) ) { 121 $edit = "<a class='row-title' href='$edit_link' title='" . attr ibute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attribute_escape( $name ) . '</a><br />';121 $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attr( $name ) . '</a><br />'; 122 122 $actions = array(); 123 123 $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; … … 258 258 <a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a> 259 259 <?php $update_text = ( $is_tag ) ? __( 'Update Tag' ) : __( 'Update Category' ); ?> 260 <a accesskey="s" href="#inline-edit" title="<?php echo attr ibute_escape( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>260 <a accesskey="s" href="#inline-edit" title="<?php echo attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a> 261 261 <img class="waiting" style="display:none;" src="images/loading.gif" alt="" /> 262 262 <span class="error" style="display:none;"></span> … … 290 290 $edit_link = "link-category.php?action=edit&cat_ID=$category->term_id"; 291 291 if ( current_user_can( 'manage_categories' ) ) { 292 $edit = "<a class='row-title' href='$edit_link' title='" . attr ibute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";292 $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />"; 293 293 $actions = array(); 294 294 $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; … … 650 650 break; 651 651 case 'name': 652 $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr ibute_escape(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';652 $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />'; 653 653 $actions = array(); 654 654 $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; … … 1248 1248 $update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' ); 1249 1249 ?> 1250 <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr ibute_escape( $update_text ); ?></a>1250 <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr( $update_text ); ?></a> 1251 1251 <img class="waiting" style="display:none;" src="images/loading.gif" alt="" /> 1252 1252 <?php } else { 1253 1253 $update_text = ( $is_page ) ? __( 'Update Pages' ) : __( 'Update Posts' ); 1254 1254 ?> 1255 <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr ibute_escape( $update_text ); ?>" />1255 <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr( $update_text ); ?>" /> 1256 1256 <?php } ?> 1257 1257 <input type="hidden" name="post_view" value="<?php echo $m; ?>" /> … … 1279 1279 return; 1280 1280 1281 $title = attr ibute_escape($post->post_title);1281 $title = attr($post->post_title); 1282 1282 1283 1283 echo ' … … 1428 1428 $attributes = 'class="post-title column-title"' . $style; 1429 1429 ?> 1430 <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr ibute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>1430 <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong> 1431 1431 <?php 1432 1432 if ( 'excerpt' == $mode ) … … 1435 1435 $actions = array(); 1436 1436 if ( current_user_can('edit_post', $post->ID) ) { 1437 $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr ibute_escape(__('Edit this post')) . '">' . __('Edit') . '</a>';1438 $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr ibute_escape(__('Edit this post inline')) . '">' . __('Quick Edit') . '</a>';1439 $actions['delete'] = "<a class='submitdelete' title='" . attr ibute_escape(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";1437 $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr(__('Edit this post')) . '">' . __('Edit') . '</a>'; 1438 $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr(__('Edit this post inline')) . '">' . __('Quick Edit') . '</a>'; 1439 $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 1440 1440 } 1441 1441 if ( in_array($post->post_status, array('pending', 'draft')) ) { 1442 1442 if ( current_user_can('edit_post', $post->ID) ) 1443 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr ibute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';1443 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 1444 1444 } else { 1445 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr ibute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';1445 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 1446 1446 } 1447 1447 $actions = apply_filters('post_row_actions', $actions, $post); … … 1644 1644 $edit_link = get_edit_post_link( $page->ID ); 1645 1645 ?> 1646 <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr ibute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>1646 <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong> 1647 1647 <?php 1648 1648 $actions = array(); 1649 1649 if ( current_user_can('edit_page', $page->ID) ) { 1650 $actions['edit'] = '<a href="' . $edit_link . '" title="' . attr ibute_escape(__('Edit this page')) . '">' . __('Edit') . '</a>';1650 $actions['edit'] = '<a href="' . $edit_link . '" title="' . attr(__('Edit this page')) . '">' . __('Edit') . '</a>'; 1651 1651 $actions['inline'] = '<a href="#" class="editinline">' . __('Quick Edit') . '</a>'; 1652 $actions['delete'] = "<a class='submitdelete' title='" . attr ibute_escape(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";1652 $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 1653 1653 } 1654 1654 if ( in_array($post->post_status, array('pending', 'draft')) ) { 1655 1655 if ( current_user_can('edit_page', $page->ID) ) 1656 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr ibute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';1656 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 1657 1657 } else { 1658 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr ibute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';1658 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 1659 1659 } 1660 1660 $actions = apply_filters('page_row_actions', $actions, $page); … … 2115 2115 <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden"> 2116 2116 <textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea> 2117 <div class="author-email"><?php if ( $user_can ) echo attr ibute_escape( $comment->comment_author_email ); ?></div>2118 <div class="author"><?php if ( $user_can ) echo attr ibute_escape( $comment->comment_author ); ?></div>2119 <div class="author-url"><?php echo attr ibute_escape( $comment->comment_author_url ); ?></div>2117 <div class="author-email"><?php if ( $user_can ) echo attr( $comment->comment_author_email ); ?></div> 2118 <div class="author"><?php if ( $user_can ) echo attr( $comment->comment_author ); ?></div> 2119 <div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div> 2120 2120 <div class="comment_status"><?php echo $comment->comment_approved; ?></div> 2121 2121 </div> … … 2418 2418 } 2419 2419 2420 $entry['meta_key'] = attr ibute_escape($entry['meta_key']);2420 $entry['meta_key'] = attr($entry['meta_key']); 2421 2421 $entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea /> 2422 2422 $entry['meta_id'] = (int) $entry['meta_id']; … … 2428 2428 2429 2429 $r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' "; 2430 $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attr ibute_escape(__( 'Delete' ))."' />";2431 $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attr ibute_escape(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";2430 $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attr(__( 'Delete' ))."' />"; 2431 $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attr(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>"; 2432 2432 $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false ); 2433 2433 $r .= "</td>"; … … 2473 2473 2474 2474 foreach ( $keys as $key ) { 2475 $key = attr ibute_escape( $key );2475 $key = attr( $key ); 2476 2476 echo "\n<option value='$key'>$key</option>"; 2477 2477 } … … 2783 2783 else : 2784 2784 ?> 2785 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr ibute_escape($action) ?>">2785 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr($action) ?>"> 2786 2786 <p> 2787 2787 <?php wp_nonce_field('import-upload'); ?> … … 2806 2806 function wp_remember_old_slug() { 2807 2807 global $post; 2808 $name = attr ibute_escape($post->post_name); // just in case2808 $name = attr($post->post_name); // just in case 2809 2809 if ( strlen($name) ) 2810 2810 echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />'; … … 3172 3172 * Display the post password. 3173 3173 * 3174 * The password is passed through {@link attr ibute_escape()} to ensure that it3174 * The password is passed through {@link attr()} to ensure that it 3175 3175 * is safe for placing in an html attribute. 3176 3176 * 3177 * @uses attr ibute_escape3177 * @uses attr 3178 3178 * @since 2.7.0 3179 3179 */ 3180 3180 function the_post_password() { 3181 3181 global $post; 3182 if ( isset( $post->post_password ) ) echo attr ibute_escape( $post->post_password );3182 if ( isset( $post->post_password ) ) echo attr( $post->post_password ); 3183 3183 } 3184 3184 … … 3298 3298 * should only be used when {@link the_search_query()} cannot. 3299 3299 * 3300 * @uses attr ibute_escape3300 * @uses attr 3301 3301 * @since 2.7.0 3302 3302 * 3303 3303 */ 3304 3304 function _admin_search_query() { 3305 echo isset($_GET['s']) ? attr ibute_escape( stripslashes( $_GET['s'] ) ) : '';3305 echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : ''; 3306 3306 } 3307 3307 -
trunk/wp-admin/includes/theme-install.php
r11013 r11109 159 159 <option value="tag" <?php selected('tag', $type) ?>><?php _e('Tag'); ?></option> 160 160 </select> 161 <input type="text" name="s" size="30" value="<?php echo attr ibute_escape($term) ?>" />162 <input type="submit" name="search" value="<?php echo attr ibute_escape(__('Search')); ?>" class="button" />161 <input type="text" name="s" size="30" value="<?php echo attr($term) ?>" /> 162 <input type="submit" name="search" value="<?php echo attr(__('Search')); ?>" class="button" /> 163 163 </form> 164 164 <?php … … 203 203 $feature_name = $trans[$feature]; 204 204 $feature_name = wp_specialchars( $feature_name ); 205 $feature = attr ibute_escape($feature);205 $feature = attr($feature); 206 206 ?> 207 207 … … 219 219 </div> 220 220 <br class="clear" /> 221 <input type="submit" name="search" value="<?php echo attr ibute_escape(__('Find Themes')); ?>" class="button" />221 <input type="submit" name="search" value="<?php echo attr(__('Find Themes')); ?>" class="button" /> 222 222 </form> 223 223 <?php … … 302 302 $actions = array(); 303 303 $actions[] = '<a href="' . admin_url('theme-install.php?tab=theme-information&theme=' . $theme->slug . 304 '&TB_iframe=true&tbWidth=500&tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attr ibute_escape(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . '</a>';305 $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attr ibute_escape(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>';304 '&TB_iframe=true&tbWidth=500&tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attr(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . '</a>'; 305 $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attr(sprintf(__('Preview "%s"'), $name)) . '">' . __('Preview') . '</a>'; 306 306 $actions = apply_filters('theme_install_action_links', $actions, $theme); 307 307 } … … 311 311 <a class='thickbox thickbox-preview screenshot' 312 312 href='<? echo clean_url($preview_link); ?>' 313 title='<?php echo attr ibute_escape(sprintf(__('Preview "%s"'), $name)); ?>'>313 title='<?php echo attr(sprintf(__('Preview "%s"'), $name)); ?>'> 314 314 <img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' /> 315 315 </a> … … 332 332 <?php endif; ?> 333 333 <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $theme->num_ratings), number_format_i18n($theme->num_ratings)) ?>"> 334 <div class="star star-rating" style="width: <?php echo attr ibute_escape($theme->rating) ?>px"></div>334 <div class="star star-rating" style="width: <?php echo attr($theme->rating) ?>px"></div> 335 335 <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> 336 336 <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> -
trunk/wp-admin/includes/user.php
r11096 r11109 367 367 function get_user_to_edit( $user_id ) { 368 368 $user = new WP_User( $user_id ); 369 $user->user_login = attr ibute_escape($user->user_login);370 $user->user_email = attr ibute_escape($user->user_email);369 $user->user_login = attr($user->user_login); 370 $user->user_email = attr($user->user_email); 371 371 $user->user_url = clean_url($user->user_url); 372 $user->first_name = attr ibute_escape($user->first_name);373 $user->last_name = attr ibute_escape($user->last_name);374 $user->display_name = attr ibute_escape($user->display_name);375 $user->nickname = attr ibute_escape($user->nickname);376 $user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attr ibute_escape($user->aim) : '';377 $user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attr ibute_escape($user->yim) : '';378 $user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attr ibute_escape($user->jabber) : '';372 $user->first_name = attr($user->first_name); 373 $user->last_name = attr($user->last_name); 374 $user->display_name = attr($user->display_name); 375 $user->nickname = attr($user->nickname); 376 $user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attr($user->aim) : ''; 377 $user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attr($user->yim) : ''; 378 $user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attr($user->jabber) : ''; 379 379 $user->description = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : ''; 380 380 -
trunk/wp-admin/link-manager.php
r10943 r11109 166 166 foreach ($links as $link) { 167 167 $link = sanitize_bookmark($link); 168 $link->link_name = attr ibute_escape($link->link_name);168 $link->link_name = attr($link->link_name); 169 169 $link->link_category = wp_get_link_cats($link->link_id); 170 170 $short_url = str_replace('http://', '', $link->link_url); … … 195 195 case 'name': 196 196 197 echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attr ibute_escape(sprintf(__('Edit "%s"'), $link->link_name)) . "'>$link->link_name</a></strong><br />";197 echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $link->link_name)) . "'>$link->link_name</a></strong><br />"; 198 198 $actions = array(); 199 199 $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; -
trunk/wp-admin/load-scripts.php
r11013 r11109 36 36 * @ignore 37 37 */ 38 function attr ibute_escape() {}38 function attr() {} 39 39 40 40 /** -
trunk/wp-admin/load-styles.php
r11013 r11109 36 36 * @ignore 37 37 */ 38 function attr ibute_escape() {}38 function attr() {} 39 39 40 40 /** -
trunk/wp-admin/media-upload.php
r10150 r11109 79 79 <div id="media-items"> </div> 80 80 <p> 81 <input type="submit" class="button savebutton" name="save" value="<?php echo attr ibute_escape( __( 'Save all changes' ) ); ?>" />81 <input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" /> 82 82 </p> 83 83 </form> -
trunk/wp-admin/menu.php
r11092 r11109 40 40 continue; 41 41 42 $submenu['edit.php'][$i] = array( attr ibute_escape($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name );42 $submenu['edit.php'][$i] = array( attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name ); 43 43 ++$i; 44 44 } -
trunk/wp-admin/options-discussion.php
r10689 r11109 55 55 <label for="close_comments_for_old_posts"> 56 56 <input name="close_comments_for_old_posts" type="checkbox" id="close_comments_for_old_posts" value="1" <?php checked('1', get_option('close_comments_for_old_posts')); ?> /> 57 <?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attr ibute_escape(get_option('close_comments_days_old')) . '" class="small-text" />') ?>57 <?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attr(get_option('close_comments_days_old')) . '" class="small-text" />') ?> 58 58 <br /> 59 59 <label for="thread_comments"> … … 84 84 $default_comments_page .= '>' . __('first') . '</option></select>'; 85 85 86 printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attr ibute_escape(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page );86 printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attr(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page ); 87 87 88 88 ?></label> -
trunk/wp-admin/options-general.php
r10971 r11109 211 211 212 212 foreach ( $date_formats as $format ) { 213 echo "\t<label title='" . attr ibute_escape($format) . "'><input type='radio' name='date_format' value='" . attribute_escape($format) . "'";213 echo "\t<label title='" . attr($format) . "'><input type='radio' name='date_format' value='" . attr($format) . "'"; 214 214 if ( get_option('date_format') === $format ) { // checked() uses "==" rather than "===" 215 215 echo " checked='checked'"; … … 221 221 echo ' <label><input type="radio" name="date_format" id="date_format_custom_radio" value="\c\u\s\t\o\m"'; 222 222 checked( $custom ); 223 echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attr ibute_escape( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n";223 echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attr( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n"; 224 224 225 225 echo "\t<p>" . __('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click "Save Changes" to update sample output.') . "</p>\n"; … … 243 243 244 244 foreach ( $time_formats as $format ) { 245 echo "\t<label title='" . attr ibute_escape($format) . "'><input type='radio' name='time_format' value='" . attribute_escape($format) . "'";245 echo "\t<label title='" . attr($format) . "'><input type='radio' name='time_format' value='" . attr($format) . "'"; 246 246 if ( get_option('time_format') === $format ) { // checked() uses "==" rather than "===" 247 247 echo " checked='checked'"; … … 253 253 echo ' <label><input type="radio" name="time_format" id="time_format_custom_radio" value="\c\u\s\t\o\m"'; 254 254 checked( $custom ); 255 echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attr ibute_escape( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n";255 echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attr( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n"; 256 256 ?> 257 257 </fieldset> -
trunk/wp-admin/options-misc.php
r11046 r11109 28 28 <tr valign="top"> 29 29 <th scope="row"><label for="upload_path"><?php _e('Store uploads in this folder'); ?></label></th> 30 <td><input name="upload_path" type="text" id="upload_path" value="<?php echo attr ibute_escape(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" />30 <td><input name="upload_path" type="text" id="upload_path" value="<?php echo attr(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" /> 31 31 <span class="setting-description"><?php _e('Default is <code>wp-content/uploads</code>'); ?></span> 32 32 </td> … … 35 35 <tr valign="top"> 36 36 <th scope="row"><label for="upload_url_path"><?php _e('Full URL path to files'); ?></label></th> 37 <td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attr ibute_escape( get_option('upload_url_path')); ?>" class="regular-text code" />37 <td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attr( get_option('upload_url_path')); ?>" class="regular-text code" /> 38 38 <span class="setting-description"><?php _e('Configuring this is optional. By default, it should be blank.'); ?></span> 39 39 </td> -
trunk/wp-admin/options-permalink.php
r10150 r11109 174 174 </th> 175 175 <td> 176 <input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attr ibute_escape($permalink_structure); ?>" class="regular-text code" />176 <input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attr($permalink_structure); ?>" class="regular-text code" /> 177 177 </td> 178 178 </tr> … … 189 189 <tr> 190 190 <th><label for="category_base"><?php _e('Category base'); ?></label></th> 191 <td><input name="category_base" id="category_base" type="text" value="<?php echo attr ibute_escape($category_base); ?>" class="regular-text code" /></td>191 <td><input name="category_base" id="category_base" type="text" value="<?php echo attr($category_base); ?>" class="regular-text code" /></td> 192 192 </tr> 193 193 <tr> 194 194 <th><label for="tag_base"><?php _e('Tag base'); ?></label></th> 195 <td><input name="tag_base" id="tag_base" type="text" value="<?php echo attr ibute_escape($tag_base); ?>" class="regular-text code" /></td>195 <td><input name="tag_base" id="tag_base" type="text" value="<?php echo attr($tag_base); ?>" class="regular-text code" /></td> 196 196 </tr> 197 197 <?php do_settings_fields('permalink', 'optional'); ?> -
trunk/wp-admin/options.php
r10964 r11109 100 100 foreach ( (array) $options as $option) : 101 101 $disabled = ''; 102 $option->option_name = attr ibute_escape($option->option_name);102 $option->option_name = attr($option->option_name); 103 103 if ( is_serialized($option->option_value) ) { 104 104 if ( is_serialized_string($option->option_value) ) { … … 123 123 124 124 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>"; 125 else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attr ibute_escape($value) . "'$disabled />";125 else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attr($value) . "'$disabled />"; 126 126 127 127 echo "</td> -
trunk/wp-admin/plugin-editor.php
r10879 r11109 117 117 $docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>'; 118 118 foreach ( $functions as $function) { 119 $docs_select .= '<option value="' . attr ibute_escape( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';119 $docs_select .= '<option value="' . attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>'; 120 120 } 121 121 $docs_select .= '</select>'; … … 133 133 <?php 134 134 if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $file) ) { ?> 135 <iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&plugin=<?php echo attr ibute_escape($file); ?>&_wpnonce=<?php echo attribute_escape($_GET['_error_nonce']); ?>"></iframe>135 <iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&plugin=<?php echo attr($file); ?>&_wpnonce=<?php echo attr($_GET['_error_nonce']); ?>"></iframe> 136 136 <?php } ?> 137 137 </div> … … 151 151 else 152 152 $selected = ''; 153 $plugin_name = attr ibute_escape($plugin_name);154 $plugin_key = attr ibute_escape($plugin_key);153 $plugin_name = attr($plugin_name); 154 $plugin_key = attr($plugin_key); 155 155 echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>"; 156 156 } … … 209 209 </div> 210 210 <?php if ( count( $functions ) ) : ?> 211 <div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attr ibute_escape(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>211 <div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attr(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div> 212 212 <?php endif; ?> 213 213 <?php if ( is_writeable($real_file) ) : ?> -
trunk/wp-admin/plugins.php
r11055 r11109 140 140 <?php 141 141 foreach ( (array)$plugins as $plugin ) 142 echo '<input type="hidden" name="checked[]" value="' . attr ibute_escape($plugin) . '" />';142 echo '<input type="hidden" name="checked[]" value="' . attr($plugin) . '" />'; 143 143 ?> 144 144 <?php wp_nonce_field('bulk-manage-plugins') ?> … … 195 195 <?php 196 196 if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin) ) { ?> 197 <iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&plugin=' . attr ibute_escape($plugin) . '&_wpnonce=' . attribute_escape($_GET['_error_nonce'])); ?>"></iframe>197 <iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&plugin=' . attr($plugin) . '&_wpnonce=' . attr($_GET['_error_nonce'])); ?>"></iframe> 198 198 <?php 199 199 } … … 370 370 echo " 371 371 <tr class='$class'> 372 <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attr ibute_escape($plugin_file) . "' /></th>372 <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attr($plugin_file) . "' /></th> 373 373 <td class='plugin-title'><strong>{$plugin_data['Title']}</strong>"; 374 374 $i = 0; … … 433 433 <form method="post" action="<?php echo admin_url('plugins.php') ?>"> 434 434 <?php wp_nonce_field('bulk-manage-plugins') ?> 435 <input type="hidden" name="plugin_status" value="<?php echo attr ibute_escape($status) ?>" />436 <input type="hidden" name="paged" value="<?php echo attr ibute_escape($page) ?>" />435 <input type="hidden" name="plugin_status" value="<?php echo attr($status) ?>" /> 436 <input type="hidden" name="paged" value="<?php echo attr($page) ?>" /> 437 437 438 438 <ul class="subsubsub"> -
trunk/wp-admin/press-this.php
r11013 r11109 136 136 <div class="titlediv"> 137 137 <div class="titlewrap"> 138 <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr ibute_escape($title);?>"/>139 </div> 140 </div> 141 142 <p class="centered"><input type="hidden" name="this_photo" value="<?php echo attr ibute_escape($image); ?>" id="this_photo" />143 <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attr ibute_escape(__('Click to insert.')); ?>" title="<?php echo attribute_escape(__('Click to insert.')); ?>" /></a></p>138 <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/> 139 </div> 140 </div> 141 142 <p class="centered"><input type="hidden" name="this_photo" value="<?php echo attr($image); ?>" id="this_photo" /> 143 <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attr(__('Click to insert.')); ?>" title="<?php echo attr(__('Click to insert.')); ?>" /></a></p> 144 144 145 145 <p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p> … … 169 169 <div id="titlediv"> 170 170 <div class="titlewrap"> 171 <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr ibute_escape($title);?>"/>171 <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/> 172 172 </div> 173 173 </div> … … 378 378 switch(tab_name) { 379 379 case 'video' : 380 jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attr ibute_escape($selection); ?>'}, function() {380 jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attr($selection); ?>'}, function() { 381 381 <?php 382 382 $content = ''; … … 517 517 <div id="titlediv"> 518 518 <div class="titlewrap"> 519 <input name="title" id="title" class="text" value="<?php echo attr ibute_escape($title);?>"/>519 <input name="title" id="title" class="text" value="<?php echo attr($title);?>"/> 520 520 </div> 521 521 </div> -
trunk/wp-admin/theme-editor.php
r10835 r11109 126 126 if ($theme_name == $theme) $selected = " selected='selected'"; 127 127 else $selected = ''; 128 $theme_name = attr ibute_escape($theme_name);128 $theme_name = attr($theme_name); 129 129 echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>"; 130 130 } -
trunk/wp-admin/themes.php
r11008 r11109 189 189 $preview_link = clean_url( get_option('home') . '/'); 190 190 $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) ); 191 $preview_text = attr ibute_escape( sprintf( __('Preview of "%s"'), $title ) );191 $preview_text = attr( sprintf( __('Preview of "%s"'), $title ) ); 192 192 $tags = $themes[$theme_name]['Tags']; 193 193 $thickbox_class = 'thickbox thickbox-preview'; 194 194 $activate_link = wp_nonce_url("themes.php?action=activate&template=".urlencode($template)."&stylesheet=".urlencode($stylesheet), 'switch-theme_' . $template); 195 $activate_text = attr ibute_escape( sprintf( __('Activate "%s"'), $title ) );195 $activate_text = attr( sprintf( __('Activate "%s"'), $title ) ); 196 196 $actions = array(); 197 197 $actions[] = '<a href="' . $activate_link . '" class="activatelink" title="' . $activate_text . '">' . __('Activate') . '</a>'; 198 $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr ibute_escape(sprintf(__('Preview "%s"'), $theme_name)) . '">' . __('Preview') . '</a>';198 $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview "%s"'), $theme_name)) . '">' . __('Preview') . '</a>'; 199 199 if ( current_user_can('update_themes') ) 200 200 $actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . js_escape(sprintf( __("You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>'; -
trunk/wp-admin/tools.php
r10855 r11109 85 85 <p><?php _e('Use Press This to clip text, images and videos from any web page. Then edit and add more straight from Press This before you save or publish it in a post on your blog.'); ?></p> 86 86 <p><?php _e('Drag-and-drop the following link to your bookmarks bar or right click it and add it to your favorites for a posting shortcut.') ?></p> 87 <p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attr ibute_escape(__('Press This')) ?>"><?php _e('Press This') ?></a></p>87 <p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attr(__('Press This')) ?>"><?php _e('Press This') ?></a></p> 88 88 </div> 89 89 <?php endif; ?> -
trunk/wp-admin/update-core.php
r10583 r11109 47 47 if ( 'en_US' != $update->locale ) 48 48 if ( !isset( $update->dismissed ) || !$update->dismissed ) 49 echo '<input id="dismiss" class="button" type="submit" value="' . attr ibute_escape(__('Hide this update')) . '" name="dismiss" />';49 echo '<input id="dismiss" class="button" type="submit" value="' . attr(__('Hide this update')) . '" name="dismiss" />'; 50 50 else 51 echo '<input id="undismiss" class="button" type="submit" value="' . attr ibute_escape(__('Bring back this update')) . '" name="undismiss" />';51 echo '<input id="undismiss" class="button" type="submit" value="' . attr(__('Bring back this update')) . '" name="undismiss" />'; 52 52 echo '</p>'; 53 53 echo '</form>'; -
trunk/wp-admin/upload.php
r10943 r11109 330 330 <td class="media-icon"><?php 331 331 if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?> 332 <a href="media.php?action=edit&attachment_id=<?php echo $post->ID; ?>" title="<?php echo attr ibute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $thumb; ?></a>332 <a href="media.php?action=edit&attachment_id=<?php echo $post->ID; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $thumb; ?></a> 333 333 <?php } ?></td> 334 334 335 <td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr ibute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />335 <td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br /> 336 336 <?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?> 337 337 … … 343 343 if ( current_user_can('delete_post', $post->ID) ) 344 344 $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 345 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr ibute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';345 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 346 346 if ( current_user_can('edit_post', $post->ID) ) 347 347 $actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>'; -
trunk/wp-admin/users.php
r10943 r11109 29 29 30 30 if ( empty($_REQUEST) ) { 31 $referer = '<input type="hidden" name="wp_http_referer" value="'. attr ibute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';31 $referer = '<input type="hidden" name="wp_http_referer" value="'. attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 32 32 } elseif ( isset($_REQUEST['wp_http_referer']) ) { 33 33 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); 34 $referer = '<input type="hidden" name="wp_http_referer" value="' . attr ibute_escape($redirect) . '" />';34 $referer = '<input type="hidden" name="wp_http_referer" value="' . attr($redirect) . '" />'; 35 35 } else { 36 36 $redirect = 'users.php'; … … 292 292 <p class="search-box"> 293 293 <label class="hidden" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label> 294 <input type="text" id="user-search-input" name="usersearch" value="<?php echo attr ibute_escape($wp_user_search->search_term); ?>" />294 <input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" /> 295 295 <input type="submit" value="<?php _e( 'Search Users' ); ?>" class="button" /> 296 296 </p> … … 389 389 foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { 390 390 $var = 'new_' . $var; 391 $$var = isset($_REQUEST[$formpost]) ? attr ibute_escape(stripslashes($_REQUEST[$formpost])) : '';391 $$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : ''; 392 392 } 393 393 unset($name); -
trunk/wp-admin/widgets.php
r11041 r11109 357 357 if ( 'wp_inactive_widgets' == $sidebar ) 358 358 continue; ?> 359 <div id="<?php echo attr ibute_escape( $sidebar ); ?>" class="widgets-holder-wrap">359 <div id="<?php echo attr( $sidebar ); ?>" class="widgets-holder-wrap"> 360 360 <h3 class="sidebar-name"><?php echo wp_specialchars( $registered_sidebar['name'] ); ?> 361 361 <span><img src="images/loading-publish.gif" class="ajax-feedback" title="" alt="" /></span></h3> -
trunk/wp-app.php
r11108 r11109 353 353 $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 354 354 355 $entries_url = attr ibute_escape($this->get_entries_url());356 $categories_url = attr ibute_escape($this->get_categories_url());357 $media_url = attr ibute_escape($this->get_attachments_url());355 $entries_url = attr($this->get_entries_url()); 356 $categories_url = attr($this->get_categories_url()); 357 $media_url = attr($this->get_attachments_url()); 358 358 foreach ($this->media_content_types as $med) { 359 359 $accepted_media_types = $accepted_media_types . "<accept>" . $med . "</accept>"; … … 393 393 $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 394 394 395 $home = attr ibute_escape(get_bloginfo_rss('home'));395 $home = attr(get_bloginfo_rss('home')); 396 396 397 397 $categories = ""; 398 398 $cats = get_categories("hierarchical=0&hide_empty=0"); 399 399 foreach ((array) $cats as $cat) { 400 $categories .= " <category term=\"" . attr ibute_escape($cat->name) . "\" />\n";400 $categories .= " <category term=\"" . attr($cat->name) . "\" />\n"; 401 401 } 402 402 $output = <<<EOD … … 1333 1333 1334 1334 log_app('Status','302: Redirect'); 1335 $escaped_url = attr ibute_escape($url);1335 $escaped_url = attr($url); 1336 1336 $content = <<<EOD 1337 1337 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> -
trunk/wp-content/themes/classic/comments-popup.php
r11067 r11109 65 65 <form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform"> 66 66 <?php if ( is_user_logged_in() ) : ?> 67 <p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attr ibute_escape(__('Log out of this account')); ?>"><?php _e('Log out »'); ?></a></p>67 <p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attr(__('Log out of this account')); ?>"><?php _e('Log out »'); ?></a></p> 68 68 <?php else : ?> 69 69 <p> … … 91 91 <p> 92 92 <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 93 <input type="hidden" name="redirect_to" value="<?php echo attr ibute_escape($_SERVER["REQUEST_URI"]); ?>" />93 <input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" /> 94 94 <input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" /> 95 95 </p> -
trunk/wp-content/themes/classic/comments.php
r11067 r11109 69 69 <p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p> 70 70 71 <p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php echo attr ibute_escape(__('Submit Comment')); ?>" />71 <p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php echo attr(__('Submit Comment')); ?>" /> 72 72 <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 73 73 </p> -
trunk/wp-content/themes/default/comments-popup.php
r10978 r11109 90 90 <p> 91 91 <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 92 <input type="hidden" name="redirect_to" value="<?php echo attr ibute_escape($_SERVER["REQUEST_URI"]); ?>" />92 <input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" /> 93 93 <input name="submit" type="submit" tabindex="5" value="Say It!" /> 94 94 </p> -
trunk/wp-content/themes/default/functions.php
r10623 r11109 167 167 } 168 168 function PopupWindow_populate(contents) { 169 contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php echo attr ibute_escape(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';169 contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php echo attr(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>'; 170 170 this.contents = contents; 171 171 this.populated = false; … … 381 381 <form method="post" action=""> 382 382 <?php wp_nonce_field('kubrick-header'); ?> 383 <div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attr ibute_escape(__('Save')); ?>" /></div>384 <label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attr ibute_escape(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />385 <label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attr ibute_escape(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />386 <label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attr ibute_escape(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />387 <input type="hidden" name="hi" id="hi" value="<?php echo attr ibute_escape(kubrick_header_image()); ?>" />388 <input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attr ibute_escape(__('Toggle Text')); ?>" />389 <input type="submit" name="defaults" value="<?php echo attr ibute_escape(__('Use Defaults')); ?>" />383 <div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attr(__('Save')); ?>" /></div> 384 <label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attr(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br /> 385 <label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attr(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br /> 386 <label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attr(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br /> 387 <input type="hidden" name="hi" id="hi" value="<?php echo attr(kubrick_header_image()); ?>" /> 388 <input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attr(__('Toggle Text')); ?>" /> 389 <input type="submit" name="defaults" value="<?php echo attr(__('Use Defaults')); ?>" /> 390 390 <input type="submit" class="defbutton" name="submitform" value=" <?php _e('Save'); ?> " /> 391 391 <input type="hidden" name="action" value="save" /> … … 394 394 </div> 395 395 <div id="jsForm"> 396 <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attr ibute_escape($_SERVER['REQUEST_URI']); ?>">396 <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attr($_SERVER['REQUEST_URI']); ?>"> 397 397 <?php wp_nonce_field('kubrick-header'); ?> 398 <input type="button" class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attr ibute_escape(__('Font Color')); ?>"></input>399 <input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attr ibute_escape(__('Upper Color')); ?>"></input>400 <input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attr ibute_escape(__('Lower Color')); ?>"></input>401 <input type="button" class="button-secondary" name="revert" value="<?php echo attr ibute_escape(__('Revert')); ?>" onclick="kRevert()" />402 <input type="button" class="button-secondary" value="<?php echo attr ibute_escape(__('Advanced')); ?>" onclick="toggleAdvanced()" />398 <input type="button" class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attr(__('Font Color')); ?>"></input> 399 <input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attr(__('Upper Color')); ?>"></input> 400 <input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attr(__('Lower Color')); ?>"></input> 401 <input type="button" class="button-secondary" name="revert" value="<?php echo attr(__('Revert')); ?>" onclick="kRevert()" /> 402 <input type="button" class="button-secondary" value="<?php echo attr(__('Advanced')); ?>" onclick="toggleAdvanced()" /> 403 403 <input type="hidden" name="action" value="save" /> 404 <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attr ibute_escape(kubrick_header_display()); ?>" />405 <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attr ibute_escape(kubrick_header_color()); ?>" />406 <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attr ibute_escape(kubrick_upper_color()); ?>" />407 <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attr ibute_escape(kubrick_lower_color()); ?>" />408 <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attr ibute_escape(kubrick_header_image()); ?>" />409 <p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php echo attr ibute_escape(__('Update Header')); ?>" onclick="cp.hidePopup('prettyplease')" /></p>404 <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attr(kubrick_header_display()); ?>" /> 405 <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attr(kubrick_header_color()); ?>" /> 406 <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attr(kubrick_upper_color()); ?>" /> 407 <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attr(kubrick_lower_color()); ?>" /> 408 <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attr(kubrick_header_image()); ?>" /> 409 <p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php echo attr(__('Update Header')); ?>" onclick="cp.hidePopup('prettyplease')" /></p> 410 410 </form> 411 411 <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div> … … 413 413 <form id="jsAdvanced" style="display:none;" action=""> 414 414 <?php wp_nonce_field('kubrick-header'); ?> 415 <label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attr ibute_escape(kubrick_header_color()); ?>" /><br />416 <label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attr ibute_escape(kubrick_upper_color()); ?>" /><br />417 <label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attr ibute_escape(kubrick_lower_color()); ?>" /><br />418 <input type="button" class="button-secondary" name="default" value="<?php echo attr ibute_escape(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br />419 <input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attr ibute_escape(__('Toggle Text Display')); ?>"></input><br />415 <label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attr(kubrick_header_color()); ?>" /><br /> 416 <label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attr(kubrick_upper_color()); ?>" /><br /> 417 <label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attr(kubrick_lower_color()); ?>" /><br /> 418 <input type="button" class="button-secondary" name="default" value="<?php echo attr(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br /> 419 <input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attr(__('Toggle Text Display')); ?>"></input><br /> 420 420 </form> 421 421 </div> -
trunk/wp-includes/author-template.php
r10810 r11109 422 422 '<a href="%1$s" title="%2$s">%3$s</a>', 423 423 get_author_posts_url( $authordata->ID, $authordata->user_nicename ), 424 sprintf( __( 'Posts by %s' ), attr ibute_escape( get_the_author() ) ),424 sprintf( __( 'Posts by %s' ), attr( get_the_author() ) ), 425 425 get_the_author() 426 426 ); … … 545 545 $link = $name; 546 546 } else { 547 $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attr ibute_escape($author->display_name)) . '">' . $name . '</a>';547 $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attr($author->display_name)) . '">' . $name . '</a>'; 548 548 549 549 if ( (! empty($feed_image)) || (! empty($feed)) ) { -
trunk/wp-includes/bookmark-template.php
r10712 r11109 73 73 $the_link = clean_url($bookmark->link_url); 74 74 75 $desc = attr ibute_escape(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));76 $name = attr ibute_escape(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));75 $desc = attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display')); 76 $name = attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display')); 77 77 $title = $desc; 78 78 -
trunk/wp-includes/bookmark.php
r11064 r11109 346 346 $value = format_to_edit($value); 347 347 } else { 348 $value = attr ibute_escape($value);348 $value = attr($value); 349 349 } 350 350 } else if ( 'db' == $context ) { … … 356 356 357 357 if ( 'attribute' == $context ) 358 $value = attr ibute_escape($value);358 $value = attr($value); 359 359 else if ( 'js' == $context ) 360 360 $value = js_escape($value); -
trunk/wp-includes/category-template.php
r11037 r11109 662 662 $tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key; 663 663 $tag_name = $tags[ $key ]->name; 664 $a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attr ibute_escape( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .664 $a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " . 665 665 ( $smallest + ( ( $count - $min_count ) * $font_step ) ) 666 666 . "$unit;'>$tag_name</a>"; -
trunk/wp-includes/class.wp-styles.php
r10918 r11109 49 49 50 50 if ( isset($this->registered[$handle]->args) ) 51 $media = attr ibute_escape( $this->registered[$handle]->args );51 $media = attr( $this->registered[$handle]->args ); 52 52 else 53 53 $media = 'all'; … … 55 55 $href = $this->_css_href( $this->registered[$handle]->src, $ver, $handle ); 56 56 $rel = isset($this->registered[$handle]->extra['alt']) && $this->registered[$handle]->extra['alt'] ? 'alternate stylesheet' : 'stylesheet'; 57 $title = isset($this->registered[$handle]->extra['title']) ? "title='" . attr ibute_escape( $this->registered[$handle]->extra['title'] ) . "'" : '';57 $title = isset($this->registered[$handle]->extra['title']) ? "title='" . attr( $this->registered[$handle]->extra['title'] ) . "'" : ''; 58 58 59 59 $end_cond = $tag = ''; -
trunk/wp-includes/classes.php
r11013 r11109 1188 1188 $css_class = implode(' ', apply_filters('page_css_class', $css_class, $page)); 1189 1189 1190 $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attr ibute_escape(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>';1190 $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>'; 1191 1191 1192 1192 if ( !empty($show_date) ) { … … 1326 1326 extract($args); 1327 1327 1328 $cat_name = attr ibute_escape( $category->name);1328 $cat_name = attr( $category->name); 1329 1329 $cat_name = apply_filters( 'list_cats', $cat_name, $category ); 1330 1330 $link = '<a href="' . get_category_link( $category->term_id ) . '" '; … … 1332 1332 $link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"'; 1333 1333 else 1334 $link .= 'title="' . attr ibute_escape( apply_filters( 'category_description', $category->description, $category )) . '"';1334 $link .= 'title="' . attr( apply_filters( 'category_description', $category->description, $category )) . '"'; 1335 1335 $link .= '>'; 1336 1336 $link .= $cat_name . '</a>'; -
trunk/wp-includes/comment-template.php
r11060 r11109 946 946 echo ' class="'.$css_class.'" '; 947 947 } 948 $title = attr ibute_escape( get_the_title() );948 $title = attr( get_the_title() ); 949 949 950 950 echo apply_filters( 'comments_popup_link_attributes', '' ); -
trunk/wp-includes/comment.php
r10810 r11109 370 370 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 371 371 $comment_author = stripslashes($comment_author); 372 $comment_author = attr ibute_escape($comment_author);372 $comment_author = attr($comment_author); 373 373 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; 374 374 } … … 377 377 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 378 378 $comment_author_email = stripslashes($comment_author_email); 379 $comment_author_email = attr ibute_escape($comment_author_email);379 $comment_author_email = attr($comment_author_email); 380 380 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; 381 381 } -
trunk/wp-includes/default-widgets.php
r11094 r11109 61 61 //Defaults 62 62 $instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') ); 63 $title = attr ibute_escape( $instance['title'] );64 $exclude = attr ibute_escape( $instance['exclude'] );63 $title = attr( $instance['title'] ); 64 $exclude = attr( $instance['exclude'] ); 65 65 ?> 66 66 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></label></p> … … 211 211 if ( $d ) { 212 212 ?> 213 <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attr ibute_escape(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>213 <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select> 214 214 <?php 215 215 } else { … … 240 240 $dropdown = $instance['dropdown'] ? 'checked="checked"' : ''; 241 241 ?> 242 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr ibute_escape($title); ?>" /></label></p>242 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p> 243 243 <p> 244 244 <label for="<?php echo $this->get_field_id('count'); ?>"><input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <?php _e('Show post counts'); ?></label> … … 274 274 <?php wp_register(); ?> 275 275 <li><?php wp_loginout(); ?></li> 276 <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attr ibute_escape(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>277 <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attr ibute_escape(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>278 <li><a href="http://wordpress.org/" title="<?php echo attr ibute_escape(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>276 <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 277 <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 278 <li><a href="http://wordpress.org/" title="<?php echo attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li> 279 279 <?php wp_meta(); ?> 280 280 </ul> … … 294 294 $title = strip_tags($instance['title']); 295 295 ?> 296 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr ibute_escape($title); ?>" /></label></p>296 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p> 297 297 <?php 298 298 } … … 334 334 <p><label for="<?php echo $this->get_field_id('title'); ?>"> 335 335 <?php _e('Title:'); ?> 336 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr ibute_escape($title); ?>" />336 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /> 337 337 </label></p> 338 338 <?php … … 382 382 <p><label for="<?php echo $this->get_field_id('title'); ?>"> 383 383 <?php _e('Title:'); ?> 384 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr ibute_escape($title); ?>" />384 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /> 385 385 </label></p> 386 386 … … 464 464 //Defaults 465 465 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 466 $title = attr ibute_escape( $instance['title'] );466 $title = attr( $instance['title'] ); 467 467 $count = (bool) $instance['count']; 468 468 $hierarchical = (bool) $instance['hierarchical']; … … 567 567 568 568 function form( $instance ) { 569 $title = attr ibute_escape($instance['title']);569 $title = attr($instance['title']); 570 570 if ( !$number = (int) $instance['number'] ) 571 571 $number = 5; … … 654 654 655 655 function form( $instance ) { 656 $title = attr ibute_escape($instance['title']);656 $title = attr($instance['title']); 657 657 if ( !$number = (int) $instance['number'] ) 658 658 $number = 5; … … 703 703 704 704 if ( ! is_wp_error($rss) ) { 705 $desc = attr ibute_escape(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));705 $desc = attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 706 706 if ( empty($title) ) 707 707 $title = htmlentities(strip_tags($rss->get_title())); … … 717 717 $url = clean_url(strip_tags($url)); 718 718 $icon = includes_url('images/rss.png'); 719 $title = "<a class='rsswidget' href='$url' title='" . attr ibute_escape(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";719 $title = "<a class='rsswidget' href='$url' title='" . attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>"; 720 720 721 721 echo $before_widget; … … 788 788 $link = substr($link, 1); 789 789 $link = clean_url(strip_tags($link)); 790 $title = attr ibute_escape(strip_tags($item->get_title()));790 $title = attr(strip_tags($item->get_title())); 791 791 if ( empty($title) ) 792 792 $title = __('Untitled'); 793 793 794 $desc = str_replace(array("\n", "\r"), ' ', attr ibute_escape(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));794 $desc = str_replace(array("\n", "\r"), ' ', attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); 795 795 $desc = wp_html_excerpt( $desc, 360 ) . ' […]'; 796 796 $desc = wp_specialchars( $desc ); … … 851 851 extract( $inputs, EXTR_SKIP); 852 852 853 $number = attr ibute_escape( $number );854 $title = attr ibute_escape( $title );855 $url = attr ibute_escape( $url );853 $number = attr( $number ); 854 $title = attr( $title ); 855 $url = attr( $url ); 856 856 $items = (int) $items; 857 857 if ( $items < 1 || 20 < $items ) … … 985 985 <p><label for="<?php echo $this->get_field_id('title'); ?>"> 986 986 <?php _e('Title:') ?> 987 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attr ibute_escape( $instance['title'] ); ?>" />987 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attr( $instance['title'] ); ?>" /> 988 988 </label></p> 989 989 <?php -
trunk/wp-includes/deprecated.php
r10959 r11109 1007 1007 $rel = ' rel="' . $rel . '"'; 1008 1008 1009 $desc = attr ibute_escape(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display'));1010 $name = attr ibute_escape(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display'));1009 $desc = attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display')); 1010 $name = attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display')); 1011 1011 $title = $desc; 1012 1012 -
trunk/wp-includes/feed-atom-comments.php
r11013 r11109 19 19 printf(ent2ncr(__('Comments on: %s')), get_the_title_rss()); 20 20 elseif ( is_search() ) 21 printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attr ibute_escape(get_search_query()));21 printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attr(get_search_query())); 22 22 else 23 23 printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss()); … … 33 33 <id><?php echo get_post_comments_feed_link('', 'atom'); ?></id> 34 34 <?php } elseif(is_search()) { ?> 35 <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attr ibute_escape(get_search_query()); ?>" />35 <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attr(get_search_query()); ?>" /> 36 36 <link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link('', 'atom'); ?>" /> 37 37 <id><?php echo get_search_comments_feed_link('', 'atom'); ?></id> -
trunk/wp-includes/feed-rss2-comments.php
r10377 r11109 21 21 printf(ent2ncr(__('Comments on: %s')), get_the_title_rss()); 22 22 elseif ( is_search() ) 23 printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attr ibute_escape($wp_query->query_vars['s']));23 printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attr($wp_query->query_vars['s'])); 24 24 else 25 25 printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss()); -
trunk/wp-includes/feed.php
r11081 r11109 339 339 $the_list .= "\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n"; 340 340 elseif ( 'atom' == $type ) 341 $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attr ibute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $cat_name ) );341 $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attr( $cat_name ) ); 342 342 else 343 343 $the_list .= "\t\t<category><![CDATA[" . @html_entity_decode( $cat_name, ENT_COMPAT, get_option('blog_charset') ) . "]]></category>\n"; -
trunk/wp-includes/formatting.php
r11103 r11109 1271 1271 $smiley = trim(reset($smiley)); 1272 1272 $img = $wpsmiliestrans[$smiley]; 1273 $smiley_masked = attr ibute_escape($smiley);1273 $smiley_masked = attr($smiley); 1274 1274 1275 1275 return " <img src='$siteurl/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> "; -
trunk/wp-includes/functions.php
r11059 r11109 386 386 * Print option value after sanitizing for forms. 387 387 * 388 * @uses attr ibute_escapeSanitizes value.388 * @uses attr Sanitizes value. 389 389 * @since 1.5.0 390 390 * @package WordPress … … 394 394 */ 395 395 function form_option( $option ) { 396 echo attr ibute_escape(get_option( $option ) );396 echo attr (get_option( $option ) ); 397 397 } 398 398 … … 1742 1742 */ 1743 1743 function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { 1744 $name = attr ibute_escape( $name );1744 $name = attr( $name ); 1745 1745 $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; 1746 1746 if ( $echo ) … … 1767 1767 */ 1768 1768 function wp_referer_field( $echo = true) { 1769 $ref = attr ibute_escape( $_SERVER['REQUEST_URI'] );1769 $ref = attr( $_SERVER['REQUEST_URI'] ); 1770 1770 $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />'; 1771 1771 … … 1793 1793 $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI']; 1794 1794 $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to; 1795 $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attr ibute_escape( stripslashes( $ref ) ) . '" />';1795 $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attr( stripslashes( $ref ) ) . '" />'; 1796 1796 if ( $echo ) 1797 1797 echo $orig_referer_field; -
trunk/wp-includes/general-template.php
r11101 r11109 121 121 $form = '<form role="search" method="get" id="searchform" action="' . get_option('home') . '/" > 122 122 <div><label class="hidden" for="s">' . __('Search for:') . '</label> 123 <input type="text" value="' . attr ibute_escape(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />124 <input type="submit" id="searchsubmit" value="'.attr ibute_escape(__('Search')).'" />123 <input type="text" value="' . attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" /> 124 <input type="submit" id="searchsubmit" value="'.attr(__('Search')).'" /> 125 125 </div> 126 126 </form>'; … … 689 689 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 690 690 $text = wptexturize($text); 691 $title_text = attr ibute_escape($text);691 $title_text = attr($text); 692 692 $url = clean_url($url); 693 693 … … 1435 1435 $args = wp_parse_args( $args, $defaults ); 1436 1436 1437 echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr ibute_escape(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";1438 echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr ibute_escape(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";1437 echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n"; 1438 echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n"; 1439 1439 } 1440 1440 … … 1468 1468 1469 1469 if ( comments_open() || pings_open() || $post->comment_count > 0 ) { 1470 $title = attr ibute_escape(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));1470 $title = attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) )); 1471 1471 $href = get_post_comments_feed_link( $post->ID ); 1472 1472 } … … 1474 1474 $cat_id = intval( get_query_var('cat') ); 1475 1475 1476 $title = attr ibute_escape(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) ));1476 $title = attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) )); 1477 1477 $href = get_category_feed_link( $cat_id ); 1478 1478 } elseif ( is_tag() ) { … … 1480 1480 $tag = get_tag( $tag_id ); 1481 1481 1482 $title = attr ibute_escape(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name ));1482 $title = attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name )); 1483 1483 $href = get_tag_feed_link( $tag_id ); 1484 1484 } elseif ( is_author() ) { 1485 1485 $author_id = intval( get_query_var('author') ); 1486 1486 1487 $title = attr ibute_escape(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) ));1487 $title = attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) )); 1488 1488 $href = get_author_feed_link( $author_id ); 1489 1489 } elseif ( is_search() ) { 1490 $title = attr ibute_escape(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));1490 $title = attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() )); 1491 1491 $href = get_search_feed_link(); 1492 1492 } … … 1679 1679 * Display the contents of the search query variable. 1680 1680 * 1681 * The search query string is passed through {@link attr ibute_escape()}1681 * The search query string is passed through {@link attr()} 1682 1682 * to ensure that it is safe for placing in an html attribute. 1683 1683 * 1684 * @uses attr ibute_escape1684 * @uses attr 1685 1685 * @since 2.1.0 1686 1686 */ 1687 1687 function the_search_query() { 1688 echo attr ibute_escape( apply_filters( 'the_search_query', get_search_query() ) );1688 echo attr( apply_filters( 'the_search_query', get_search_query() ) ); 1689 1689 } 1690 1690 -
trunk/wp-includes/link-template.php
r11069 r11109 620 620 function get_search_feed_link($search_query = '', $feed = '') { 621 621 if ( empty($search_query) ) 622 $search = attr ibute_escape(get_search_query());622 $search = attr(get_search_query()); 623 623 else 624 $search = attr ibute_escape(stripslashes($search_query));624 $search = attr(stripslashes($search_query)); 625 625 626 626 if ( empty($feed) ) … … 645 645 function get_search_comments_feed_link($search_query = '', $feed = '') { 646 646 if ( empty($search_query) ) 647 $search = attr ibute_escape(get_search_query());647 $search = attr(get_search_query()); 648 648 else 649 $search = attr ibute_escape(stripslashes($search_query));649 $search = attr(stripslashes($search_query)); 650 650 651 651 if ( empty($feed) ) … … 731 731 } 732 732 733 $link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attr ibute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>';733 $link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attr( __( 'Edit post' ) ) . '">' . $link . '</a>'; 734 734 echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after; 735 735 } … … 941 941 942 942 $link = $previous ? "<link rel='prev' title='" : "<link rel='next' title='"; 943 $link .= attr ibute_escape( $title );943 $link .= attr( $title ); 944 944 $link .= "' href='" . get_permalink($post) . "' />\n"; 945 945 … … 1065 1065 1066 1066 $link = $start ? "<link rel='start' title='" : "<link rel='end' title='"; 1067 $link .= attr ibute_escape($title);1067 $link .= attr($title); 1068 1068 $link .= "' href='" . get_permalink($post) . "' />\n"; 1069 1069 … … 1093 1093 */ 1094 1094 function get_index_rel_link() { 1095 $link = "<link rel='index' title='" . attr ibute_escape(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n";1095 $link = "<link rel='index' title='" . attr(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n"; 1096 1096 return apply_filters( "index_rel_link", $link ); 1097 1097 } … … 1128 1128 1129 1129 $link = "<link rel='up' title='"; 1130 $link .= attr ibute_escape( $title );1130 $link .= attr( $title ); 1131 1131 $link .= "' href='" . get_permalink($post) . "' />\n"; 1132 1132 -
trunk/wp-includes/media.php
r10744 r11109 201 201 $hwstring = image_hwstring($width, $height); 202 202 203 $class = 'align'.attr ibute_escape($align).' size-'.attribute_escape($size).' wp-image-'.$id;203 $class = 'align'.attr($align).' size-'.attr($size).' wp-image-'.$id; 204 204 $class = apply_filters('get_image_tag_class', $class, $id, $align, $size); 205 205 206 $html = '<img src="'.attr ibute_escape($img_src).'" alt="'.attribute_escape($alt).'" title="'.attribute_escape($title).'" '.$hwstring.'class="'.$class.'" />';206 $html = '<img src="'.attr($img_src).'" alt="'.attr($alt).'" title="'.attr($title).'" '.$hwstring.'class="'.$class.'" />'; 207 207 208 208 $html = apply_filters( 'get_image_tag', $html, $id, $alt, $title, $align, $size ); … … 543 543 ); 544 544 $attr = apply_filters( 'wp_get_attachment_image_attributes', $attr, $attachment ); 545 $attr = array_map( 'attr ibute_escape', $attr );545 $attr = array_map( 'attr', $attr ); 546 546 $html = rtrim("<img $hwstring"); 547 547 foreach ( $attr as $name => $value ) { -
trunk/wp-includes/pluggable.php
r11057 r11109 1500 1500 $safe_alt = ''; 1501 1501 else 1502 $safe_alt = attr ibute_escape( $alt );1502 $safe_alt = attr( $alt ); 1503 1503 1504 1504 if ( !is_numeric($size) ) -
trunk/wp-includes/post-template.php
r11054 r11109 64 64 * 65 65 * The title before it is displayed will have the tags stripped and {@link 66 * attr ibute_escape()} before it is passed to the user or displayed. The default66 * attr()} before it is passed to the user or displayed. The default 67 67 * as with {@link the_title()}, is to display the title. 68 68 * … … 84 84 85 85 $title = $before . $title . $after; 86 $title = attr ibute_escape(strip_tags($title));86 $title = attr(strip_tags($title)); 87 87 88 88 if ( $echo ) … … 925 925 $url = get_attachment_link($_post->ID); 926 926 927 $post_title = attr ibute_escape($_post->post_title);927 $post_title = attr($_post->post_title); 928 928 929 929 if ( $text ) { 930 $link_text = attr ibute_escape($text);930 $link_text = attr($text); 931 931 } elseif ( ( is_int($size) && $size != 0 ) or ( is_string($size) && $size != 'none' ) or $size != false ) { 932 932 $link_text = wp_get_attachment_image($id, $size, $icon); … … 962 962 $url = get_attachment_link($_post->ID); 963 963 964 $post_title = attr ibute_escape($_post->post_title);964 $post_title = attr($_post->post_title); 965 965 966 966 $innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims); … … 1058 1058 } 1059 1059 1060 $post_title = attr ibute_escape($post->post_title);1060 $post_title = attr($post->post_title); 1061 1061 1062 1062 $icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>"; … … 1086 1086 1087 1087 1088 $innerHTML = attr ibute_escape($post->post_title);1088 $innerHTML = attr($post->post_title); 1089 1089 1090 1090 return apply_filters('attachment_innerHTML', $innerHTML, $post->ID); -
trunk/wp-includes/post.php
r11108 r11109 870 870 $value = format_to_edit($value); 871 871 } else { 872 $value = attr ibute_escape($value);872 $value = attr($value); 873 873 } 874 874 } else if ( 'db' == $context ) { … … 889 889 890 890 if ( 'attribute' == $context ) 891 $value = attr ibute_escape($value);891 $value = attr($value); 892 892 else if ( 'js' == $context ) 893 893 $value = js_escape($value); -
trunk/wp-includes/rss.php
r11016 r11109 874 874 '<li><a href="%1$s" title="%2$s">%3$s</a></li>', 875 875 clean_url( $item['link'] ), 876 attr ibute_escape( strip_tags( $item['description'] ) ),876 attr( strip_tags( $item['description'] ) ), 877 877 htmlentities( $item['title'] ) 878 878 ); -
trunk/wp-includes/script-loader.php
r11093 r11109 75 75 'quickLinks' => __('(Quick Links)'), 76 76 'wordLookup' => __('Enter a word to look up:'), 77 'dictionaryLookup' => attr ibute_escape(__('Dictionary lookup')),78 'lookup' => attr ibute_escape(__('lookup')),79 'closeAllOpenTags' => attr ibute_escape(__('Close all open tags')),80 'closeTags' => attr ibute_escape(__('close tags')),77 'dictionaryLookup' => attr(__('Dictionary lookup')), 78 'lookup' => attr(__('lookup')), 79 'closeAllOpenTags' => attr(__('Close all open tags')), 80 'closeTags' => attr(__('close tags')), 81 81 'enterURL' => __('Enter the URL'), 82 82 'enterImageURL' => __('Enter the URL of the image'), … … 213 213 $scripts->add_data( 'ajaxcat', 'group', 1 ); 214 214 $scripts->localize( 'ajaxcat', 'catL10n', array( 215 'add' => attr ibute_escape(__('Add')),215 'add' => attr(__('Add')), 216 216 'how' => __('Separate multiple categories with commas.'), 217 217 'l10n_print_after' => 'try{convertEntities(catL10n);}catch(e){};' … … 267 267 $scripts->localize( 'post', 'postL10n', array( 268 268 'tagsUsed' => __('Tags used on this post:'), 269 'add' => attr ibute_escape(__('Add')),270 'addTag' => attr ibute_escape(__('Add new tag')),269 'add' => attr(__('Add')), 270 'addTag' => attr(__('Add new tag')), 271 271 'separate' => __('Separate tags with commas'), 272 272 'cancel' => __('Cancel'), … … 605 605 $ver = md5("$wp_scripts->concat_version"); 606 606 $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&load=" . trim($wp_scripts->concat, ', ') . "&ver=$ver"; 607 echo "<script type='text/javascript' src='" . attr ibute_escape($src) . "'></script>\n";607 echo "<script type='text/javascript' src='" . attr($src) . "'></script>\n"; 608 608 } 609 609 … … 672 672 $ver = md5("$wp_styles->concat_version{$dir}"); 673 673 $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}&load=" . trim($wp_styles->concat, ', ') . "&ver=$ver"; 674 echo "<link rel='stylesheet' href='" . attr ibute_escape($href) . "' type='text/css' media='all' />\n";674 echo "<link rel='stylesheet' href='" . attr($href) . "' type='text/css' media='all' />\n"; 675 675 } 676 676 -
trunk/wp-includes/taxonomy.php
r11068 r11109 992 992 $value = format_to_edit($value); 993 993 else 994 $value = attr ibute_escape($value);994 $value = attr($value); 995 995 } else if ( 'db' == $context ) { 996 996 $value = apply_filters("pre_term_$field", $value, $taxonomy); … … 1010 1010 1011 1011 if ( 'attribute' == $context ) 1012 $value = attr ibute_escape($value);1012 $value = attr($value); 1013 1013 else if ( 'js' == $context ) 1014 1014 $value = js_escape($value); … … 2261 2261 2262 2262 foreach ( $terms as $term ) 2263 $links[] = "<a href='" . attr ibute_escape(get_term_link($term, $taxonomy)) . "'>$term->name</a>";2263 $links[] = "<a href='" . attr(get_term_link($term, $taxonomy)) . "'>$term->name</a>"; 2264 2264 2265 2265 if ( $links ) -
trunk/wp-includes/theme.php
r11061 r11109 933 933 if ( 0 === strpos($link, 'preview=1') ) 934 934 $link = "?$link"; 935 return $matches[1] . attr ibute_escape( $link ) . $matches[4];935 return $matches[1] . attr( $link ) . $matches[4]; 936 936 } 937 937 -
trunk/wp-includes/update.php
r10939 r11109 63 63 $returns = explode("\n", $entry); 64 64 $new_option = new stdClass(); 65 $new_option->response = attr ibute_escape( $returns[0] );65 $new_option->response = attr( $returns[0] ); 66 66 if ( isset( $returns[1] ) ) 67 67 $new_option->url = clean_url( $returns[1] ); … … 69 69 $new_option->package = clean_url( $returns[2] ); 70 70 if ( isset( $returns[3] ) ) 71 $new_option->current = attr ibute_escape( $returns[3] );71 $new_option->current = attr( $returns[3] ); 72 72 if ( isset( $returns[4] ) ) 73 $new_option->locale = attr ibute_escape( $returns[4] );73 $new_option->locale = attr( $returns[4] ); 74 74 $new_options[] = $new_option; 75 75 } -
trunk/wp-links-opml.php
r7991 r11109 30 30 <opml version="1.0"> 31 31 <head> 32 <title>Links for <?php echo attr ibute_escape(get_bloginfo('name', 'display').$cat_name); ?></title>32 <title>Links for <?php echo attr(get_bloginfo('name', 'display').$cat_name); ?></title> 33 33 <dateCreated><?php echo gmdate("D, d M Y H:i:s"); ?> GMT</dateCreated> 34 34 </head> … … 45 45 46 46 ?> 47 <outline type="category" title="<?php echo attr ibute_escape($catname); ?>">47 <outline type="category" title="<?php echo attr($catname); ?>"> 48 48 <?php 49 49 50 50 $bookmarks = get_bookmarks("category={$cat->term_id}"); 51 51 foreach ((array) $bookmarks as $bookmark) { 52 $title = attr ibute_escape(apply_filters('link_title', $bookmark->link_name));52 $title = attr(apply_filters('link_title', $bookmark->link_name)); 53 53 ?> 54 <outline text="<?php echo $title; ?>" type="link" xmlUrl="<?php echo attr ibute_escape($bookmark->link_rss); ?>" htmlUrl="<?php echo attribute_escape($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />54 <outline text="<?php echo $title; ?>" type="link" xmlUrl="<?php echo attr($bookmark->link_rss); ?>" htmlUrl="<?php echo attr($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" /> 55 55 <?php 56 56 -
trunk/wp-login.php
r11104 r11109 308 308 <p> 309 309 <label><?php _e('Username or E-mail:') ?><br /> 310 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr ibute_escape($user_login); ?>" size="20" tabindex="10" /></label>310 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr($user_login); ?>" size="20" tabindex="10" /></label> 311 311 </p> 312 312 <?php do_action('lostpassword_form'); ?> … … 375 375 <p> 376 376 <label><?php _e('Username') ?><br /> 377 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr ibute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>377 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label> 378 378 </p> 379 379 <p> 380 380 <label><?php _e('E-mail') ?><br /> 381 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attr ibute_escape(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>381 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label> 382 382 </p> 383 383 <?php do_action('register_form'); ?> … … 461 461 462 462 if ( isset($_POST['log']) ) 463 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attr ibute_escape(stripslashes($_POST['log'])) : '';463 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attr(stripslashes($_POST['log'])) : ''; 464 464 ?> 465 465 … … 478 478 <p class="submit"> 479 479 <input type="submit" name="wp-submit" id="wp-submit" value="<?php _ea('Log In'); ?>" tabindex="100" /> 480 <input type="hidden" name="redirect_to" value="<?php echo attr ibute_escape($redirect_to); ?>" />480 <input type="hidden" name="redirect_to" value="<?php echo attr($redirect_to); ?>" /> 481 481 <input type="hidden" name="testcookie" value="1" /> 482 482 </p>
Note: See TracChangeset
for help on using the changeset viewer.