Changeset 11173 for trunk/wp-admin/includes/media.php

Timestamp:

05/04/2009 05:54:08 PM (17 years ago)

Author:

ryan

Message:

Attr escaping

File:

• trunk/wp-admin/includes/media.php (modified) (11 diffs)

trunk/wp-admin/includes/media.php

@@ -752 +752 @@
     $out = array();
     foreach ($alignments as $name => $label) {
-
+        $name = attr($name);
         $out[] = "<input type='radio' name='attachments[{$post->ID}][align]' id='image-align-{$name}-{$post->ID}' value='$name'".
             ( $checked == $name ? " checked='checked'" : "" ) .
@@ -1157 +1157 @@
     $delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
     if ( $send )
-        $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attr( __( 'Insert into Post' ) ) . "' />";
+        $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . _a( 'Insert into Post' ) . "' />";
     if ( $delete )
         $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
@@ -1414 +1414 @@
 ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
 <?php
 }
@@ -1587 +1587 @@
 
 <p class="ml-submit">
-<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php _ea( 'Save all changes' ); ?>" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" />
@@ -1664 +1664 @@
 
 <p class="ml-submit">
-<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attr( __( 'Insert gallery' ) ); ?>" />
-<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attr( __( 'Update gallery settings' ) ); ?>" />
+<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php _ea( 'Insert gallery' ); ?>" />
+<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php _ea( 'Update gallery settings' ); ?>" />
 </p>
 </div>
@@ -1709 +1709 @@
     <label class="hidden" for="media-search-input"><?php _e('Search Media');?>:</label>
     <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
-    <input type="submit" value="<?php echo attr( __( 'Search Media' ) ); ?>" class="button" />
+    <input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" />
 </p>
 
@@ -1826 +1826 @@
 </div>
 <p class="ml-submit">
-<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 </p>
@@ -1908 +1908 @@
             <td></td>
             <td>
-                <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attr(__('Insert into Post')) . '" />
+                <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . _a('Insert into Post') . '" />
             </td>
         </tr>
@@ -1944 +1944 @@
             <td></td>
             <td>
-                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
+                <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
             </td>
         </tr>
@@ -1979 +1979 @@
             <td></td>
             <td>
-                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
+                <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
             </td>
         </tr>
@@ -2014 +2014 @@
             <td></td>
             <td>
-                <input type="submit" class="button" name="insertonlybutton" value="' . attr(__('Insert into Post')) . '" />
+                <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
             </td>
         </tr>