Make WordPress Core


Ignore:
Timestamp:
04/28/2009 06:37:51 AM (15 years ago)
Author:
ryan
Message:

attr escaping. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/theme-editor.php

    r11109 r11110  
    9595
    9696            $docs_select = '<select name="docs-list" id="docs-list">';
    97             $docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
     97            $docs_select .= '<option value="">' . _a( 'Function Name...' ) . '</option>';
    9898            foreach ( $functions as $function ) {
    9999                $docs_select .= '<option value="' . urlencode( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
     
    131131?>
    132132        </select>
    133         <input type="submit" name="Submit" value="<?php _e('Select') ?>" class="button" />
     133        <input type="submit" name="Submit" value="<?php _ea('Select') ?>" class="button" />
    134134    </form>
    135135</div>
     
    200200         <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
    201201         <input type="hidden" name="action" value="update" />
    202          <input type="hidden" name="file" value="<?php echo $file ?>" />
    203          <input type="hidden" name="theme" value="<?php echo $theme ?>" />
     202         <input type="hidden" name="file" value="<?php echo attr($file) ?>" />
     203         <input type="hidden" name="theme" value="<?php echo attr($theme) ?>" />
    204204         </div>
    205205    <?php if ( isset($functions ) && count($functions) ) { ?>
     
    207207        <label for="docs-list"><?php _e('Documentation:') ?></label>
    208208        <?php echo $docs_select; ?>
    209         <input type="button" class="button" value=" <?php _e( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" />
     209        <input type="button" class="button" value=" <?php _ea( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" />
    210210        </div>
    211211    <?php } ?>
     
    215215            <p class="submit">
    216216<?php
    217     echo "<input type='submit' name='submit' class='button-primary' value='" . __('Update File') . "' tabindex='2' />";
     217    echo "<input type='submit' name='submit' class='button-primary' value='" . _a('Update File') . "' tabindex='2' />";
    218218?>
    219219</p>
Note: See TracChangeset for help on using the changeset viewer.