Make WordPress Core


Ignore:
Timestamp:
04/28/2009 06:37:51 AM (16 years ago)
Author:
ryan
Message:

attr escaping. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/upload.php

    r11109 r11110  
    212212    <label class="hidden" for="media-search-input"><?php _e( 'Search Media' ); ?>:</label>
    213213    <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
    214     <input type="submit" value="<?php _e( 'Search Media' ); ?>" class="button" />
     214    <input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" />
    215215</p>
    216216</form>
     
    248248<?php } ?>
    249249</select>
    250 <input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
     250<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
    251251<?php wp_nonce_field('bulk-media'); ?>
    252252
     
    273273        $default = '';
    274274
    275     echo "<option$default value='$arc_row->yyear$arc_row->mmonth'>";
     275    echo "<option$default value='" . attr("$arc_row->yyear$arc_row->mmonth") . "'>";
    276276    echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
    277277    echo "</option>\n";
     
    281281<?php endif; // month_count ?>
    282282
    283 <input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
     283<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
    284284
    285285<?php } // ! is_singular ?>
    286286
    287287<?php if ( isset($_GET['detached']) ) { ?>
    288     <input type="submit" id="find_detached" name="find_detached" value="<?php _e('Scan for lost attachments'); ?>" class="button-secondary" />
     288    <input type="submit" id="find_detached" name="find_detached" value="<?php _ea('Scan for lost attachments'); ?>" class="button-secondary" />
    289289<?php } ?>
    290290
     
    326326?>
    327327    <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
    328         <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo $post->ID; ?>" /></th>
     328        <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo attr($post->ID); ?>" /></th>
    329329
    330330        <td class="media-icon"><?php
     
    404404<?php } ?>
    405405</select>
    406 <input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
     406<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
    407407</div>
    408408
Note: See TracChangeset for help on using the changeset viewer.