WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
04/28/2009 06:37:51 AM (17 years ago)
Author:
ryan
Message:

attr escaping. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/users.php

    r11109 r11110  
    150150            echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
    151151        } else {
    152             echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
     152            echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
    153153            $go_delete = true;
    154154        }
     
    158158    foreach ( (array) $all_logins as $login )
    159159        if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) )
    160             $user_dropdown .= "<option value=\"{$login->ID}\">{$login->user_login}</option>";
     160            $user_dropdown .= "<option value=\"" . attr($login->ID) . "\">{$login->user_login}</option>";
    161161    $user_dropdown .= '</select>';
    162162    ?>
     
    171171    </ul></fieldset>
    172172    <input type="hidden" name="action" value="dodelete" />
    173     <p class="submit"><input type="submit" name="submit" value="<?php _e('Confirm Deletion'); ?>" class="button-secondary" /></p>
     173    <p class="submit"><input type="submit" name="submit" value="<?php _ea('Confirm Deletion'); ?>" class="button-secondary" /></p>
    174174<?php else : ?>
    175175    <p><?php _e('There are no valid users selected for deletion.'); ?></p>
     
    293293    <label class="hidden" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label>
    294294    <input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" />
    295     <input type="submit" value="<?php _e( 'Search Users' ); ?>" class="button" />
     295    <input type="submit" value="<?php _ea( 'Search Users' ); ?>" class="button" />
    296296</p>
    297297</form>
     
    309309<option value="delete"><?php _e('Delete'); ?></option>
    310310</select>
    311 <input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
     311<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
    312312<label class="hidden" for="new_role"><?php _e('Change role to&hellip;') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to&hellip;') ?></option><?php wp_dropdown_roles(); ?></select>
    313 <input type="submit" value="<?php _e('Change'); ?>" name="changeit" class="button-secondary" />
     313<input type="submit" value="<?php _ea('Change'); ?>" name="changeit" class="button-secondary" />
    314314<?php wp_nonce_field('bulk-users'); ?>
    315315</div>
     
    375375<option value="delete"><?php _e('Delete'); ?></option>
    376376</select>
    377 <input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
     377<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
    378378</div>
    379379
Note: See TracChangeset for help on using the changeset viewer.