WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
04/28/2009 05:58:45 AM (17 years ago)
Author:
ryan
Message:

s/attribute_escape/attr/. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/includes/template.php

    r11073 r11109  
    119119    $edit_link = "categories.php?action=edit&cat_ID=$category->term_id";
    120120    if ( current_user_can( 'manage_categories' ) ) {
    121         $edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attribute_escape( $name ) . '</a><br />';
     121        $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attr( $name ) . '</a><br />';
    122122        $actions = array();
    123123        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     
    258258        <a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a>
    259259        <?php $update_text = ( $is_tag ) ? __( 'Update Tag' ) : __( 'Update Category' ); ?>
    260         <a accesskey="s" href="#inline-edit" title="<?php echo attribute_escape( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
     260        <a accesskey="s" href="#inline-edit" title="<?php echo attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
    261261        <img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
    262262        <span class="error" style="display:none;"></span>
     
    290290    $edit_link = "link-category.php?action=edit&amp;cat_ID=$category->term_id";
    291291    if ( current_user_can( 'manage_categories' ) ) {
    292         $edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
     292        $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
    293293        $actions = array();
    294294        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     
    650650                    break;
    651651                case 'name':
    652                     $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attribute_escape(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
     652                    $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
    653653                    $actions = array();
    654654                    $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     
    12481248            $update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' );
    12491249            ?>
    1250             <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attribute_escape( $update_text ); ?></a>
     1250            <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr( $update_text ); ?></a>
    12511251            <img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
    12521252        <?php } else {
    12531253            $update_text = ( $is_page ) ? __( 'Update Pages' ) : __( 'Update Posts' );
    12541254        ?>
    1255             <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attribute_escape( $update_text ); ?>" />
     1255            <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr( $update_text ); ?>" />
    12561256        <?php } ?>
    12571257        <input type="hidden" name="post_view" value="<?php echo $m; ?>" />
     
    12791279        return;
    12801280
    1281     $title = attribute_escape($post->post_title);
     1281    $title = attr($post->post_title);
    12821282
    12831283    echo '
     
    14281428            $attributes = 'class="post-title column-title"' . $style;
    14291429        ?>
    1430         <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
     1430        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
    14311431        <?php
    14321432            if ( 'excerpt' == $mode )
     
    14351435            $actions = array();
    14361436            if ( current_user_can('edit_post', $post->ID) ) {
    1437                 $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attribute_escape(__('Edit this post')) . '">' . __('Edit') . '</a>';
    1438                 $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attribute_escape(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
    1439                 $actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     1437                $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
     1438                $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
     1439                $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    14401440            }
    14411441            if ( in_array($post->post_status, array('pending', 'draft')) ) {
    14421442                if ( current_user_can('edit_post', $post->ID) )
    1443                     $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
     1443                    $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
    14441444            } else {
    1445                 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
     1445                $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    14461446            }
    14471447            $actions = apply_filters('post_row_actions', $actions, $post);
     
    16441644        $edit_link = get_edit_post_link( $page->ID );
    16451645        ?>
    1646         <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
     1646        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
    16471647        <?php
    16481648        $actions = array();
    16491649        if ( current_user_can('edit_page', $page->ID) ) {
    1650             $actions['edit'] = '<a href="' . $edit_link . '" title="' . attribute_escape(__('Edit this page')) . '">' . __('Edit') . '</a>';
     1650            $actions['edit'] = '<a href="' . $edit_link . '" title="' . attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
    16511651            $actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
    1652             $actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     1652            $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    16531653        }
    16541654        if ( in_array($post->post_status, array('pending', 'draft')) ) {
    16551655            if ( current_user_can('edit_page', $page->ID) )
    1656                 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
     1656                $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
    16571657        } else {
    1658             $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
     1658            $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    16591659        }
    16601660        $actions = apply_filters('page_row_actions', $actions, $page);
     
    21152115                <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
    21162116                <textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
    2117                 <div class="author-email"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author_email ); ?></div>
    2118                 <div class="author"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author ); ?></div>
    2119                 <div class="author-url"><?php echo attribute_escape( $comment->comment_author_url ); ?></div>
     2117                <div class="author-email"><?php if ( $user_can ) echo attr( $comment->comment_author_email ); ?></div>
     2118                <div class="author"><?php if ( $user_can ) echo attr( $comment->comment_author ); ?></div>
     2119                <div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
    21202120                <div class="comment_status"><?php echo $comment->comment_approved; ?></div>
    21212121                </div>
     
    24182418    }
    24192419
    2420     $entry['meta_key'] = attribute_escape($entry['meta_key']);
     2420    $entry['meta_key'] = attr($entry['meta_key']);
    24212421    $entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
    24222422    $entry['meta_id'] = (int) $entry['meta_id'];
     
    24282428
    24292429    $r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' ";
    2430     $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' />";
    2431     $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attribute_escape(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
     2430    $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attr(__( 'Delete' ))."' />";
     2431    $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attr(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
    24322432    $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
    24332433    $r .= "</td>";
     
    24732473
    24742474    foreach ( $keys as $key ) {
    2475         $key = attribute_escape( $key );
     2475        $key = attr( $key );
    24762476        echo "\n<option value='$key'>$key</option>";
    24772477    }
     
    27832783    else :
    27842784?>
    2785 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
     2785<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr($action) ?>">
    27862786<p>
    27872787<?php wp_nonce_field('import-upload'); ?>
     
    28062806function wp_remember_old_slug() {
    28072807    global $post;
    2808     $name = attribute_escape($post->post_name); // just in case
     2808    $name = attr($post->post_name); // just in case
    28092809    if ( strlen($name) )
    28102810        echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
     
    31723172 * Display the post password.
    31733173 *
    3174  * The password is passed through {@link attribute_escape()} to ensure that it
     3174 * The password is passed through {@link attr()} to ensure that it
    31753175 * is safe for placing in an html attribute.
    31763176 *
    3177  * @uses attribute_escape
     3177 * @uses attr
    31783178 * @since 2.7.0
    31793179 */
    31803180function the_post_password() {
    31813181    global $post;
    3182     if ( isset( $post->post_password ) ) echo attribute_escape( $post->post_password );
     3182    if ( isset( $post->post_password ) ) echo attr( $post->post_password );
    31833183}
    31843184
     
    32983298 * should only be used when {@link the_search_query()} cannot.
    32993299 *
    3300  * @uses attribute_escape
     3300 * @uses attr
    33013301 * @since 2.7.0
    33023302 *
    33033303 */
    33043304function _admin_search_query() {
    3305     echo isset($_GET['s']) ? attribute_escape( stripslashes( $_GET['s'] ) ) : '';
     3305    echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : '';
    33063306}
    33073307
Note: See TracChangeset for help on using the changeset viewer.