Make WordPress Core


Ignore:
Timestamp:
04/28/2009 05:58:45 AM (16 years ago)
Author:
ryan
Message:

s/attribute_escape/attr/. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r11052 r11109  
    7979            $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
    8080            $link = "<a href='" . clean_url($href) . "'$class>$text</a>";
    81             echo "\t<li id='" . attribute_escape("tab-$callback") . "'>$link</li>\n";
     81            echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n";
    8282        }
    8383        echo "</ul>\n";
     
    105105    $html = get_image_tag($id, $htmlalt, $title, $align, $size);
    106106
    107     $rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : '';
     107    $rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : '';
    108108
    109109    if ( $url )
     
    425425        if ( !empty($attachment['url']) ) {
    426426            if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) )
    427                 $rel = " rel='attachment wp-att-".attribute_escape($send_id)."'";
     427                $rel = " rel='attachment wp-att-".attr($send_id)."'";
    428428            $html = "<a href='{$attachment['url']}'$rel>$html</a>";
    429429        }
     
    460460        if ( !empty($src) && !strpos($src, '://') )
    461461            $src = "http://$src";
    462         $alt = attribute_escape($_POST['insertonly']['alt']);
     462        $alt = attr($_POST['insertonly']['alt']);
    463463        if ( isset($_POST['insertonly']['align']) ) {
    464             $align = attribute_escape($_POST['insertonly']['align']);
     464            $align = attr($_POST['insertonly']['align']);
    465465            $class = " class='align$align'";
    466466        }
     
    554554        if ( !empty($href) && !strpos($href, '://') )
    555555            $href = "http://$href";
    556         $title = attribute_escape($_POST['insertonly']['title']);
     556        $title = attr($_POST['insertonly']['title']);
    557557        if ( empty($title) )
    558558            $title = basename($href);
     
    608608        if ( !empty($href) && !strpos($href, '://') )
    609609            $href = "http://$href";
    610         $title = attribute_escape($_POST['insertonly']['title']);
     610        $title = attr($_POST['insertonly']['title']);
    611611        if ( empty($title) )
    612612            $title = basename($href);
     
    662662        if ( !empty($href) && !strpos($href, '://') )
    663663            $href = "http://$href";
    664         $title = attribute_escape($_POST['insertonly']['title']);
     664        $title = attr($_POST['insertonly']['title']);
    665665        if ( empty($title) )
    666666            $title = basename($href);
     
    826826        $url = $link;
    827827
    828     return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attribute_escape($url) . "' /><br />
     828    return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br />
    829829                <button type='button' class='button urlnone' title=''>" . __('None') . "</button>
    830                 <button type='button' class='button urlfile' title='" . attribute_escape($file) . "'>" . __('File URL') . "</button>
    831                 <button type='button' class='button urlpost' title='" . attribute_escape($link) . "'>" . __('Post URL') . "</button>
     830                <button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button>
     831                <button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button>
    832832";
    833833}
     
    989989            'label'      => __('File URL'),
    990990            'input'      => 'html',
    991             'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attribute_escape($image_url) . "' /><br />",
     991            'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />",
    992992            'value'      => isset($edit_post->post_url) ? $edit_post->post_url : '',
    993993            'helps'      => __('Location of the uploaded file.'),
     
    10861086
    10871087    $filename = basename($post->guid);
    1088     $title = attribute_escape($post->post_title);
     1088    $title = attr($post->post_title);
    10891089
    10901090    if ( $_tags = get_the_tags($attachment_id) ) {
    10911091        foreach ( $_tags as $tag )
    10921092            $tags[] = $tag->name;
    1093         $tags = attribute_escape(join(', ', $tags));
     1093        $tags = attr(join(', ', $tags));
    10941094    }
    10951095
     
    10981098        $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
    10991099        $type = array_shift($keys);
    1100         $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />";
     1100        $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />";
    11011101    }
    11021102
     
    11571157    $delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
    11581158    if ( $send )
    1159         $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />";
     1159        $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attr( __( 'Insert into Post' ) ) . "' />";
    11601160    if ( $delete )
    11611161        $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
     
    11951195            $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
    11961196        } else {
    1197             $item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "'" . $aria_required . "/>";
     1197            $item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>";
    11981198        }
    11991199        if ( !empty($field['helps']) )
     
    12231223
    12241224    foreach ( $hidden_fields as $name => $value )
    1225         $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n";
     1225        $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n";
    12261226
    12271227    if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) {
     
    13041304            button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
    13051305            button_placeholder_id: "flash-browse-button",
    1306             upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
     1306            upload_url : "<?php echo attr( $flash_action_url ); ?>",
    13071307            flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>",
    13081308            file_post_name: "async-upload",
     
    13511351<?php do_action('pre-html-upload-ui'); ?>
    13521352    <p id="async-upload-wrap">
    1353     <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
     1353    <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attr(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
    13541354    </p>
    13551355    <div class="clear"></div>
     
    13811381?>
    13821382
    1383 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
     1383<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
    13841384<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    13851385<?php wp_nonce_field('media-form'); ?>
     
    14131413?>
    14141414</div>
    1415 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
     1415<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
    14161416<?php
    14171417}
     
    14371437?>
    14381438
    1439 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
     1439<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
    14401440<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    14411441<?php wp_nonce_field('media-form'); ?>
     
    15711571<a href="#" id="clear"><?php _e('Clear'); ?></a>
    15721572</div>
    1573 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
     1573<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
    15741574<?php wp_nonce_field('media-form'); ?>
    15751575<?php //media_upload_form( $errors ); ?>
     
    15861586
    15871587<p class="ml-submit">
    1588 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
     1588<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
    15891589<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    1590 <input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" />
    1591 <input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" />
     1590<input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" />
     1591<input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" />
    15921592</p>
    15931593
     
    16631663
    16641664<p class="ml-submit">
    1665 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery' ) ); ?>" />
    1666 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attribute_escape( __( 'Update gallery settings' ) ); ?>" />
     1665<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attr( __( 'Insert gallery' ) ); ?>" />
     1666<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attr( __( 'Update gallery settings' ) ); ?>" />
    16671667</p>
    16681668</div>
     
    17001700
    17011701<form id="filter" action="" method="get">
    1702 <input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" />
    1703 <input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" />
     1702<input type="hidden" name="type" value="<?php echo attr( $type ); ?>" />
     1703<input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" />
    17041704<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
    1705 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attribute_escape( $_GET['post_mime_type'] ) : ''; ?>" />
     1705<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" />
    17061706
    17071707<p id="media-search" class="search-box">
    17081708    <label class="hidden" for="media-search-input"><?php _e('Search Media');?>:</label>
    17091709    <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
    1710     <input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
     1710    <input type="submit" value="<?php echo attr( __( 'Search Media' ) ); ?>" class="button" />
    17111711</p>
    17121712
     
    17871787        $default = '';
    17881788
    1789     echo "<option$default value='" . attribute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";
     1789    echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
    17901790    echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
    17911791    echo "</option>\n";
     
    17951795<?php } ?>
    17961796
    1797 <input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
     1797<input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
    17981798
    17991799</div>
     
    18031803</form>
    18041804
    1805 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="library-form">
     1805<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
    18061806
    18071807<?php wp_nonce_field('media-form'); ?>
     
    18251825</div>
    18261826<p class="ml-submit">
    1827 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
     1827<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
    18281828<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    18291829</p>
     
    19071907            <td></td>
    19081908            <td>
    1909                 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attribute_escape(__('Insert into Post')) . '" />
     1909                <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attr(__('Insert into Post')) . '" />
    19101910            </td>
    19111911        </tr>
     
    19431943            <td></td>
    19441944            <td>
    1945                 <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
     1945                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
    19461946            </td>
    19471947        </tr>
     
    19781978            <td></td>
    19791979            <td>
    1980                 <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
     1980                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
    19811981            </td>
    19821982        </tr>
     
    20132013            <td></td>
    20142014            <td>
    2015                 <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
     2015                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
    20162016            </td>
    20172017        </tr>
Note: See TracChangeset for help on using the changeset viewer.