Make WordPress Core


Ignore:
Timestamp:
04/28/2009 06:37:51 AM (16 years ago)
Author:
ryan
Message:

attr escaping. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/widgets.php

    r11109 r11110  
    263263        <table class="widefat"><thead><tr><th><?php _e('Sidebar'); ?></th><th><?php _e('Position'); ?></th></tr></thead><tbody>
    264264<?php   foreach ( $wp_registered_sidebars as $sbname => $sbvalue ) {
    265             echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='$sbname'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>";
     265            echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='" . attr($sbname) . "'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>";
    266266            if ( 'wp_inactive_widgets' == $sbname ) {
    267267                echo '&nbsp;';
     
    293293        <a href="widgets.php" class="button alignleft"><?php _e('Cancel'); ?></a>
    294294<?php   } else { ?>
    295         <input type="submit" name="removewidget" class="button alignleft" value="<?php _e('Remove'); ?>" />
     295        <input type="submit" name="removewidget" class="button alignleft" value="<?php _ea('Remove'); ?>" />
    296296<?php   } ?>
    297         <input type="submit" name="savewidget" class="button-primary alignright" value="<?php _e('Save Widget'); ?>" />
    298         <input type="hidden" name="widget-id" class="widget-id" value="<?php echo $widget_id; ?>" />
    299         <input type="hidden" name="id_base" class="id_base" value="<?php echo $id_base; ?>" />
    300         <input type="hidden" name="multi_number" class="multi_number" value="<?php echo $multi_number; ?>" />
     297        <input type="submit" name="savewidget" class="button-primary alignright" value="<?php _ea('Save Widget'); ?>" />
     298        <input type="hidden" name="widget-id" class="widget-id" value="<?php echo attr($widget_id); ?>" />
     299        <input type="hidden" name="id_base" class="id_base" value="<?php echo attr($id_base); ?>" />
     300        <input type="hidden" name="multi_number" class="multi_number" value="<?php echo attr($multi_number); ?>" />
    301301<?php   wp_nonce_field("save-delete-widget-$widget_id"); ?>
    302302        </div>
Note: See TracChangeset for help on using the changeset viewer.