WordPress.org

Make WordPress Core

Changeset 11204


Ignore:
Timestamp:
05/05/09 19:43:53 (6 years ago)
Author:
markjaquith
Message:

_a(), _ea(), _xa(), attr() are now esc_attr(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650

Location:
trunk
Files:
110 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r11158 r11204  
    427427            'what' => 'link-category', 
    428428            'id' => $cat_id, 
    429             'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 
     429            'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 
    430430            'position' => -1 
    431431        ) ); 
     
    475475        $level++; 
    476476    } 
    477     $cat_full_name = attr($cat_full_name); 
     477    $cat_full_name = esc_attr($cat_full_name); 
    478478 
    479479    $x = new WP_Ajax_Response( array( 
     
    553553 
    554554    $tag_full_name = $tag->name; 
    555     $tag_full_name = attr($tag_full_name); 
     555    $tag_full_name = esc_attr($tag_full_name); 
    556556 
    557557    $x = new WP_Ajax_Response( array( 
     
    12151215        } 
    12161216 
    1217         $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . attr($post->ID) . '"></td>'; 
     1217        $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 
    12181218        $html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n"; 
    12191219    } 
  • trunk/wp-admin/categories.php

    r11180 r11204  
    145145    <label class="invisible" for="category-search-input"><?php _e('Search Categories'); ?>:</label> 
    146146    <input type="text" id="category-search-input" name="s" value="<?php _admin_search_query(); ?>" /> 
    147     <input type="submit" value="<?php _ea( 'Search Categories' ); ?>" class="button" /> 
     147    <input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" /> 
    148148</p> 
    149149</form> 
     
    190190<option value="delete"><?php _e('Delete'); ?></option> 
    191191</select> 
    192 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     192<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    193193<?php wp_nonce_field('bulk-categories'); ?> 
    194194</div> 
     
    230230<option value="delete"><?php _e('Delete'); ?></option> 
    231231</select> 
    232 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     232<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    233233<?php wp_nonce_field('bulk-categories'); ?> 
    234234</div> 
     
    284284</div> 
    285285 
    286 <p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Category'); ?>" /></p> 
     286<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p> 
    287287<?php do_action('edit_category_form', $category); ?> 
    288288</form></div> 
  • trunk/wp-admin/comment.php

    r11104 r11204  
    9191<table width="100%"> 
    9292<tr> 
    93 <td><input type='button' class="button" value='<?php _ea('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td> 
    94 <td class="textright"><input type='submit' class="button" value='<?php echo attr($button); ?>' /></td> 
     93<td><input type='button' class="button" value='<?php esc_attr_e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td> 
     94<td class="textright"><input type='submit' class="button" value='<?php echo esc_attr($button); ?>' /></td> 
    9595</tr> 
    9696</table> 
    9797 
    9898<?php wp_nonce_field( $nonce_action ); ?> 
    99 <input type='hidden' name='action' value='<?php echo attr($formaction); ?>' /> 
     99<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> 
    100100<?php if ( 'spam' == $_GET['dt'] ) { ?> 
    101101<input type='hidden' name='dt' value='spam' /> 
    102102<?php } ?> 
    103 <input type='hidden' name='p' value='<?php echo attr($comment->comment_post_ID); ?>' /> 
    104 <input type='hidden' name='c' value='<?php echo attr($comment->comment_ID); ?>' /> 
     103<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' /> 
     104<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> 
    105105<input type='hidden' name='noredir' value='1' /> 
    106106</form> 
  • trunk/wp-admin/custom-header.php

    r11109 r11204  
    285285<?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?> 
    286286<form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>"> 
    287 <input type="button" class="button" value="<?php _ea('Hide Text'); ?>" onclick="hide_text()" id="hidetext" /> 
    288 <input type="button" class="button" value="<?php _ea('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php _ea('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" /> 
     287<input type="button" class="button" value="<?php esc_attr_e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" /> 
     288<input type="button" class="button" value="<?php esc_attr_e('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php esc_attr_e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" /> 
    289289<?php wp_nonce_field('custom-header') ?> 
    290 <input type="hidden" name="textcolor" id="textcolor" value="#<?php attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form> 
     290<input type="hidden" name="textcolor" id="textcolor" value="#<?php esc_attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php esc_attr_e('Save Changes'); ?>" /></form> 
    291291<?php } ?> 
    292292 
     
    297297<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p> 
    298298 
    299 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;"> 
     299<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo esc_attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;"> 
    300300<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" /> 
    301301<input type="hidden" name="action" value="save" /> 
    302302<?php wp_nonce_field('custom-header') ?> 
    303303<p class="submit"> 
    304 <input type="submit" value="<?php _ea('Upload'); ?>" /> 
     304<input type="submit" value="<?php esc_attr_e('Upload'); ?>" /> 
    305305</p> 
    306306</form> 
     
    312312<h2><?php _e('Reset Header Image and Color'); ?></h2> 
    313313<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p> 
    314 <form method="post" action="<?php echo attr(add_query_arg('step', 1)) ?>"> 
     314<form method="post" action="<?php echo esc_attr(add_query_arg('step', 1)) ?>"> 
    315315<?php wp_nonce_field('custom-header'); ?> 
    316 <input type="submit" class="button" name="resetheader" value="<?php _ea('Restore Original Header'); ?>" /> 
     316<input type="submit" class="button" name="resetheader" value="<?php esc_attr_e('Restore Original Header'); ?>" /> 
    317317</form> 
    318318</div> 
     
    373373<div class="wrap"> 
    374374 
    375 <form method="POST" action="<?php echo attr(add_query_arg('step', 3)) ?>"> 
     375<form method="POST" action="<?php echo esc_attr(add_query_arg('step', 3)) ?>"> 
    376376 
    377377<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p> 
     
    387387<input type="hidden" name="width" id="width" /> 
    388388<input type="hidden" name="height" id="height" /> 
    389 <input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo attr($id); ?>" /> 
    390 <input type="hidden" name="oitar" id="oitar" value="<?php echo attr($oitar); ?>" /> 
     389<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($id); ?>" /> 
     390<input type="hidden" name="oitar" id="oitar" value="<?php echo esc_attr($oitar); ?>" /> 
    391391<?php wp_nonce_field('custom-header') ?> 
    392 <input type="submit" value="<?php _ea('Crop Header'); ?>" /> 
     392<input type="submit" value="<?php esc_attr_e('Crop Header'); ?>" /> 
    393393</p> 
    394394 
  • trunk/wp-admin/edit-attachment-rows.php

    r11190 r11204  
    6363?> 
    6464 
    65                 <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"> 
     65                <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"> 
    6666                    <?php echo $thumb; ?> 
    6767                </a> 
     
    7575    case 'media': 
    7676        ?> 
    77         <td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br /> 
     77        <td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br /> 
    7878        <?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?> 
    7979        <p> 
     
    8484        if ( current_user_can('delete_post', $post->ID) ) 
    8585            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 
    86         $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
     86        $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
    8787        $action_count = count($actions); 
    8888        $i = 0; 
     
    183183        ?> 
    184184        <td <?php echo $attributes ?>> 
    185         <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php _e('Edit'); ?></a> | 
     185        <a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php _e('Edit'); ?></a> | 
    186186        <a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a> 
    187187        </td> 
  • trunk/wp-admin/edit-category-form.php

    r11109 r11204  
    4545<form name="editcat" id="editcat" method="post" action="categories.php" class="validate"> 
    4646<input type="hidden" name="action" value="editedcat" /> 
    47 <input type="hidden" name="cat_ID" value="<?php echo attr($category->term_id) ?>" /> 
     47<input type="hidden" name="cat_ID" value="<?php echo esc_attr($category->term_id) ?>" /> 
    4848<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-category_' . $cat_ID); ?> 
    4949    <table class="form-table"> 
    5050        <tr class="form-field form-required"> 
    5151            <th scope="row" valign="top"><label for="cat_name"><?php _e('Category Name') ?></label></th> 
    52             <td><input name="cat_name" id="cat_name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /><br /> 
     52            <td><input name="cat_name" id="cat_name" type="text" value="<?php echo esc_attr($category->name); ?>" size="40" aria-required="true" /><br /> 
    5353            <?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></td> 
    5454        </tr> 
    5555        <tr class="form-field"> 
    5656            <th scope="row" valign="top"><label for="category_nicename"><?php _e('Category Slug') ?></label></th> 
    57             <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br /> 
     57            <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo esc_attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br /> 
    5858            <?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td> 
    5959        </tr> 
     
    7171        </tr> 
    7272    </table> 
    73 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _ea('Update Category'); ?>" /></p> 
     73<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Category'); ?>" /></p> 
    7474<?php do_action('edit_category_form', $category); ?> 
    7575</form> 
  • trunk/wp-admin/edit-comments.php

    r11180 r11204  
    8484require_once('admin-header.php'); 
    8585 
    86 $mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']); 
     86$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : esc_attr($_GET['mode']); 
    8787 
    8888$default_status = get_user_option('edit_comments_last_view'); 
     
    9595    update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status); 
    9696 
    97 $comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : ''; 
     97$comment_type = !empty($_GET['comment_type']) ? esc_attr($_GET['comment_type']) : ''; 
    9898 
    9999$search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : ''; 
    100 $search = attr( $search_dirty ); ?> 
     100$search = esc_attr( $search_dirty ); ?> 
    101101 
    102102<div class="wrap"> 
     
    165165    // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark 
    166166    if ( !empty( $_GET['s'] ) ) 
    167         $link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link ); 
     167        $link = add_query_arg( 's', esc_attr( stripslashes( $_GET['s'] ) ), $link ); 
    168168    */ 
    169169    $status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf( 
     
    183183    <label class="invisible" for="comment-search-input"><?php _e( 'Search Comments' ); ?>:</label> 
    184184    <input type="text" id="comment-search-input" name="s" value="<?php _admin_search_query(); ?>" /> 
    185     <input type="submit" value="<?php _ea( 'Search Comments' ); ?>" class="button" /> 
     185    <input type="submit" value="<?php esc_attr_e( 'Search Comments' ); ?>" class="button" /> 
    186186</p> 
    187187 
     
    225225?> 
    226226 
    227 <input type="hidden" name="mode" value="<?php echo attr($mode); ?>" /> 
     227<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" /> 
    228228<?php if ( $post_id ) : ?> 
    229 <input type="hidden" name="p" value="<?php echo attr( intval( $post_id ) ); ?>" /> 
    230 <?php endif; ?> 
    231 <input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" /> 
    232 <input type="hidden" name="pagegen_timestamp" value="<?php echo attr(current_time('mysql', 1)); ?>" /> 
     229<input type="hidden" name="p" value="<?php echo esc_attr( intval( $post_id ) ); ?>" /> 
     230<?php endif; ?> 
     231<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" /> 
     232<input type="hidden" name="pagegen_timestamp" value="<?php echo esc_attr(current_time('mysql', 1)); ?>" /> 
    233233 
    234234<div class="tablenav"> 
     
    241241    $page_links 
    242242); echo $page_links_text; ?></div> 
    243 <input type="hidden" name="_total" value="<?php echo attr($total); ?>" /> 
    244 <input type="hidden" name="_per_page" value="<?php echo attr($comments_per_page); ?>" /> 
    245 <input type="hidden" name="_page" value="<?php echo attr($page); ?>" /> 
     243<input type="hidden" name="_total" value="<?php echo esc_attr($total); ?>" /> 
     244<input type="hidden" name="_per_page" value="<?php echo esc_attr($comments_per_page); ?>" /> 
     245<input type="hidden" name="_page" value="<?php echo esc_attr($page); ?>" /> 
    246246<?php endif; ?> 
    247247 
     
    260260<option value="delete"><?php _e('Delete'); ?></option> 
    261261</select> 
    262 <input type="submit" name="doaction" id="doaction" value="<?php _ea('Apply'); ?>" class="button-secondary apply" /> 
     262<input type="submit" name="doaction" id="doaction" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" /> 
    263263<?php wp_nonce_field('bulk-comments'); ?> 
    264264 
     
    272272 
    273273    foreach ( $comment_types as $type => $label ) { 
    274         echo "  <option value='" . attr($type) . "'"; 
     274        echo "  <option value='" . esc_attr($type) . "'"; 
    275275        selected( $comment_type, $type ); 
    276276        echo ">$label</option>\n"; 
     
    278278?> 
    279279</select> 
    280 <input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" /> 
     280<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" /> 
    281281 
    282282<?php if ( isset($_GET['apage']) ) { ?> 
    283     <input type="hidden" name="apage" value="<?php echo attr( absint( $_GET['apage'] ) ); ?>" /> 
     283    <input type="hidden" name="apage" value="<?php echo esc_attr( absint( $_GET['apage'] ) ); ?>" /> 
    284284<?php } 
    285285 
     
    287287    wp_nonce_field('bulk-spam-delete', '_spam_nonce'); 
    288288        if ( current_user_can ('moderate_comments')) { ?> 
    289         <input type="submit" name="delete_all_spam" value="<?php _ea('Delete All Spam'); ?>" class="button-secondary apply" /> 
     289        <input type="submit" name="delete_all_spam" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" /> 
    290290<?php   } 
    291291} ?> 
     
    347347<option value="delete"><?php _e('Delete'); ?></option> 
    348348</select> 
    349 <input type="submit" name="doaction2" id="doaction2" value="<?php _ea('Apply'); ?>" class="button-secondary apply" /> 
     349<input type="submit" name="doaction2" id="doaction2" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" /> 
    350350 
    351351<?php if ( 'spam' == $comment_status ) { ?> 
    352 <input type="submit" name="delete_all_spam2" value="<?php _ea('Delete All Spam'); ?>" class="button-secondary apply" /> 
     352<input type="submit" name="delete_all_spam2" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" /> 
    353353<?php } ?> 
    354354<?php do_action('manage_comments_nav', $comment_status); ?> 
     
    361361 
    362362<form id="get-extra-comments" method="post" action="" class="add:the-extra-comment-list:" style="display: none;"> 
    363     <input type="hidden" name="s" value="<?php echo attr($search); ?>" /> 
    364     <input type="hidden" name="mode" value="<?php echo attr($mode); ?>" /> 
    365     <input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" /> 
     363    <input type="hidden" name="s" value="<?php echo esc_attr($search); ?>" /> 
     364    <input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" /> 
     365    <input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" /> 
    366366    <input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" /> 
    367     <input type="hidden" name="p" value="<?php echo attr( $post_id ); ?>" /> 
    368     <input type="hidden" name="comment_type" value="<?php echo attr( $comment_type ); ?>" /> 
     367    <input type="hidden" name="p" value="<?php echo esc_attr( $post_id ); ?>" /> 
     368    <input type="hidden" name="comment_type" value="<?php echo esc_attr( $comment_type ); ?>" /> 
    369369    <?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?> 
    370370</form> 
  • trunk/wp-admin/edit-form-advanced.php

    r11203 r11204  
    3434    $form_action = 'post'; 
    3535    $temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post() 
    36     $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . attr($temp_ID) . "' />"; 
     36    $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . esc_attr($temp_ID) . "' />"; 
    3737    $autosave = false; 
    3838} else { 
    3939    $form_action = 'editpost'; 
    40     $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . attr($post_ID) . "' />"; 
     40    $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />"; 
    4141    $autosave = wp_get_post_autosave( $post_ID ); 
    4242 
     
    7373<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?> 
    7474<div style="display:none;"> 
    75 <input type="submit" name="save" value="<?php _ea('Save'); ?>" /> 
     75<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" /> 
    7676</div> 
    7777 
     
    7979<div id="save-action"> 
    8080<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?> 
    81 <input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" /> 
     81<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" /> 
    8282<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?> 
    83 <input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" /> 
     83<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" /> 
    8484<?php } ?> 
    8585</div> 
     
    130130 
    131131<div id="post-status-select" class="hide-if-js"> 
    132 <input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" /> 
     132<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" /> 
    133133<select name='post_status' id='post_status' tabindex='4'> 
    134134<?php if ( 'publish' == $post->post_status ) : ?> 
     
    170170 
    171171<div id="post-visibility-select" class="hide-if-js"> 
    172 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" /> 
     172<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" /> 
    173173<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> /> 
    174 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" /> 
     174<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" /> 
    175175 
    176176 
     
    178178<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span> 
    179179<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br /> 
    180 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span> 
     180<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span> 
    181181<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br /> 
    182182 
     
    239239    if ( current_user_can('publish_posts') ) : 
    240240        if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?> 
    241         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" /> 
    242         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" /> 
     241        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" /> 
     242        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" /> 
    243243<?php   else : ?> 
    244         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" /> 
    245         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" /> 
     244        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" /> 
     245        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" /> 
    246246<?php   endif; 
    247247    else : ?> 
    248         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" /> 
    249         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" /> 
     248        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" /> 
     249        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" /> 
    250250<?php 
    251251    endif; 
    252252} else { ?> 
    253         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Post') ?>" /> 
    254         <input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Post') ?>" /> 
     253        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Post') ?>" /> 
     254        <input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Post') ?>" /> 
    255255<?php 
    256256} ?> 
     
    272272 */ 
    273273function post_tags_meta_box($post, $box) { 
    274     $tax_name = attr(substr($box['id'], 8)); 
     274    $tax_name = esc_attr(substr($box['id'], 8)); 
    275275    $taxonomy = get_taxonomy($tax_name); 
    276     $helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.'); 
     276    $helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.'); 
    277277?> 
    278278<div class="tagsdiv" id="<?php echo $tax_name; ?>"> 
     
    280280    <div class="nojs-tags hide-if-js"> 
    281281    <p><?php _e('Add or remove tags'); ?></p> 
    282     <textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div> 
     282    <textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div> 
    283283 
    284284    <span class="ajaxtag hide-if-no-js"> 
    285285        <label class="invisible" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label> 
    286         <input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _ea('Add new tag'); ?>" /> 
    287         <input type="button" class="button tagadd" value="<?php _ea('Add'); ?>" tabindex="3" /> 
     286        <input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" /> 
     287        <input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" /> 
    288288    </span></div> 
    289289    <p class="howto"><?php echo $helps; ?></p> 
     
    298298    if ( !is_taxonomy_hierarchical($tax_name) ) { 
    299299        $taxonomy = get_taxonomy($tax_name); 
    300         $label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name; 
     300        $label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name; 
    301301 
    302302        add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core'); 
     
    334334    <h4><a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a></h4> 
    335335    <p id="category-add" class="wp-hidden-child"> 
    336     <label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" tabindex="3" aria-required="true"/> 
     336    <label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/> 
    337337    <label class="invisible" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?> 
    338     <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _ea( 'Add' ); ?>" tabindex="3" /> 
     338    <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" /> 
    339339<?php   wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?> 
    340340    <span id="category-ajax-response"></span></p> 
     
    386386 */ 
    387387function post_trackback_meta_box($post) { 
    388     $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr( str_replace("\n", ' ', $post->to_ping) ) .'" />'; 
     388    $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. esc_attr( str_replace("\n", ' ', $post->to_ping) ) .'" />'; 
    389389    if ('' != $post->pinged) { 
    390390        $pings = '<p>'. __('Already pinged:') . '</p><ul>'; 
     
    493493function post_slug_meta_box($post) { 
    494494?> 
    495 <label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" /> 
     495<label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" /> 
    496496<?php 
    497497} 
     
    568568 
    569569<input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 
    570 <input type="hidden" id="hiddenaction" name="action" value="<?php echo attr($form_action) ?>" /> 
    571 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" /> 
    572 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" /> 
    573 <input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" /> 
    574 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" /> 
     570<input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr($form_action) ?>" /> 
     571<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" /> 
     572<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" /> 
     573<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" /> 
     574<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" /> 
    575575<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 
    576576<?php 
     
    593593<div id="titlewrap"> 
    594594    <label class="invisible" for="title"><?php _e('Title') ?></label> 
    595     <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 
     595    <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 
    596596</div> 
    597597<div class="inside"> 
  • trunk/wp-admin/edit-form-comment.php

    r11127 r11204  
    1313$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID); 
    1414$form_action = 'editedcomment'; 
    15 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . attr($comment->comment_post_ID); 
     15$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . esc_attr($comment->comment_post_ID); 
    1616?> 
    1717 
     
    2727<?php 
    2828 
    29 $email = attr( $comment->comment_author_email ); 
    30 $url = attr( $comment->comment_author_url ); 
     29$email = esc_attr( $comment->comment_author_email ); 
     30$url = esc_attr( $comment->comment_author_url ); 
    3131// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core'); 
    3232?> 
     
    7373</div> 
    7474<div id="publishing-action"> 
    75 <input type="submit" name="save" value="<?php _ea('Update Comment'); ?>" tabindex="4" class="button-primary" /> 
     75<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" /> 
    7676</div> 
    7777<div class="clear"></div> 
     
    9191<tr valign="top"> 
    9292    <td class="first"><?php _e( 'Name:' ); ?></td> 
    93     <td><input type="text" name="newcomment_author" size="30" value="<?php echo attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td> 
     93    <td><input type="text" name="newcomment_author" size="30" value="<?php echo esc_attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td> 
    9494</tr> 
    9595<tr valign="top"> 
     
    102102        } 
    103103?></td> 
    104     <td><input type="text" name="newcomment_author_email" size="30" value="<?php echo attr($email); ?>" tabindex="2" id="email" /></td> 
     104    <td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td> 
    105105</tr> 
    106106<tr valign="top"> 
     
    114114            _e( 'URL:' ); 
    115115        } ?></td> 
    116     <td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo attr($url); ?>" tabindex="3" /></td> 
     116    <td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($url); ?>" tabindex="3" /></td> 
    117117</tr> 
    118118</tbody> 
     
    129129<?php do_meta_boxes('comment', 'normal', $comment); ?> 
    130130 
    131 <input type="hidden" name="c" value="<?php echo attr($comment->comment_ID) ?>" /> 
    132 <input type="hidden" name="p" value="<?php echo attr($comment->comment_post_ID) ?>" /> 
     131<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" /> 
     132<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" /> 
    133133<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 
    134134<?php wp_original_referer_field(true, 'previous'); ?> 
  • trunk/wp-admin/edit-link-categories.php

    r11180 r11204  
    7676    <label class="invisible" for="link-category-search-input"><?php _e( 'Search Categories' ); ?>:</label> 
    7777    <input type="text" id="link-category-search-input" name="s" value="<?php _admin_search_query(); ?>" /> 
    78     <input type="submit" value="<?php _ea( 'Search Categories' ); ?>" class="button" /> 
     78    <input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" /> 
    7979</p> 
    8080</form> 
     
    113113<option value="delete"><?php _e('Delete'); ?></option> 
    114114</select> 
    115 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     115<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    116116<?php wp_nonce_field('bulk-link-categories'); ?> 
    117117</div> 
     
    167167<option value="delete"><?php _e('Delete'); ?></option> 
    168168</select> 
    169 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     169<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    170170</div> 
    171171 
     
    212212</div> 
    213213 
    214 <p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Category'); ?>" /></p> 
     214<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p> 
    215215<?php do_action('edit_link_category_form', $category); ?> 
    216216</form> 
  • trunk/wp-admin/edit-link-category-form.php

    r11109 r11204  
    5858<div id="ajax-response"></div> 
    5959<?php echo $form ?> 
    60 <input type="hidden" name="action" value="<?php echo attr($action) ?>" /> 
    61 <input type="hidden" name="cat_ID" value="<?php echo attr($category->term_id) ?>" /> 
     60<input type="hidden" name="action" value="<?php echo esc_attr($action) ?>" /> 
     61<input type="hidden" name="cat_ID" value="<?php echo esc_attr($category->term_id) ?>" /> 
    6262<?php wp_original_referer_field(true, 'previous'); wp_nonce_field($nonce_action); ?> 
    6363    <table class="form-table"> 
    6464        <tr class="form-field form-required"> 
    6565            <th scope="row" valign="top"><label for="name"><?php _e('Link Category name') ?></label></th> 
    66             <td><input name="name" id="name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /></td> 
     66            <td><input name="name" id="name" type="text" value="<?php echo esc_attr($category->name); ?>" size="40" aria-required="true" /></td> 
    6767        </tr> 
    6868        <tr class="form-field"> 
    6969            <th scope="row" valign="top"><label for="slug"><?php _e('Link Category slug') ?></label></th> 
    70             <td><input name="slug" id="slug" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br /> 
     70            <td><input name="slug" id="slug" type="text" value="<?php echo esc_attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br /> 
    7171            <?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td> 
    7272        </tr> 
     
    7676        </tr> 
    7777    </table> 
    78 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo attr($submit_text) ?>" /></p> 
     78<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo esc_attr($submit_text) ?>" /></p> 
    7979<?php do_action('edit_link_category_form', $category); ?> 
    8080</form> 
  • trunk/wp-admin/edit-link-form.php

    r11180 r11204  
    6161<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?> 
    6262<div style="display:none;"> 
    63 <input type="submit" name="save" value="<?php _ea('Save'); ?>" /> 
     63<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" /> 
    6464</div> 
    6565 
     
    9292<div id="publishing-action"> 
    9393<?php if ( !empty($link->link_id) ) { ?> 
    94     <input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php _ea('Update Link') ?>" /> 
     94    <input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Update Link') ?>" /> 
    9595<?php } else { ?> 
    96     <input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php _ea('Add Link') ?>" /> 
     96    <input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Add Link') ?>" /> 
    9797<?php } ?> 
    9898</div> 
     
    140140    <p id="link-category-add" class="wp-hidden-child"> 
    141141        <label class="invisible" for="newcat"><?php _e( '+ Add New Category' ); ?></label> 
    142         <input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" aria-required="true" /> 
    143         <input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php _ea( 'Add' ); ?>" /> 
     142        <input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" aria-required="true" /> 
     143        <input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php esc_attr_e( 'Add' ); ?>" /> 
    144144        <?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?> 
    145145        <span id="category-ajax-response"></span> 
     
    186186    <tr> 
    187187        <th style="width: 20%;" scope="row"><label for="link_rel"><?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('rel:') ?></label></th> 
    188         <td style="width: 80%;"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo ( isset( $link->link_rel ) ? attr($link->link_rel) : ''); ?>" /></td> 
     188        <td style="width: 80%;"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo ( isset( $link->link_rel ) ? esc_attr($link->link_rel) : ''); ?>" /></td> 
    189189    </tr> 
    190190    <tr> 
     
    306306    <tr class="form-field"> 
    307307        <th valign="top"  scope="row"><label for="link_image"><?php _e('Image Address') ?></label></th> 
    308         <td><input type="text" name="link_image" class="code" id="link_image" size="50" value="<?php echo ( isset( $link->link_image ) ? attr($link->link_image) : ''); ?>" style="width: 95%" /></td> 
     308        <td><input type="text" name="link_image" class="code" id="link_image" size="50" value="<?php echo ( isset( $link->link_image ) ? esc_attr($link->link_image) : ''); ?>" style="width: 95%" /></td> 
    309309    </tr> 
    310310    <tr class="form-field"> 
    311311        <th valign="top"  scope="row"><label for="rss_uri"><?php _e('RSS Address') ?></label></th> 
    312         <td><input name="link_rss" class="code" type="text" id="rss_uri" value="<?php echo  ( isset( $link->link_rss ) ? attr($link->link_rss) : ''); ?>" size="50" style="width: 95%" /></td> 
     312        <td><input name="link_rss" class="code" type="text" id="rss_uri" value="<?php echo  ( isset( $link->link_rss ) ? esc_attr($link->link_rss) : ''); ?>" size="50" style="width: 95%" /></td> 
    313313    </tr> 
    314314    <tr class="form-field"> 
     
    321321        <?php 
    322322            for ($r = 0; $r < 10; $r++) { 
    323                 echo('            <option value="'. attr($r) .'" '); 
     323                echo('            <option value="'. esc_attr($r) .'" '); 
    324324                if ( isset($link->link_rating) && $link->link_rating == $r) 
    325325                    echo 'selected="selected"'; 
     
    375375<h3><label for="link_name"><?php _e('Name') ?></label></h3> 
    376376<div class="inside"> 
    377     <input type="text" name="link_name" size="30" tabindex="1" value="<?php echo attr($link->link_name); ?>" id="link_name" /> 
     377    <input type="text" name="link_name" size="30" tabindex="1" value="<?php echo esc_attr($link->link_name); ?>" id="link_name" /> 
    378378    <p><?php _e('Example: Nifty blogging software'); ?></p> 
    379379</div> 
     
    383383<h3><label for="link_url"><?php _e('Web Address') ?></label></h3> 
    384384<div class="inside"> 
    385     <input type="text" name="link_url" size="30" class="code" tabindex="1" value="<?php echo attr($link->link_url); ?>" id="link_url" /> 
     385    <input type="text" name="link_url" size="30" class="code" tabindex="1" value="<?php echo esc_attr($link->link_url); ?>" id="link_url" /> 
    386386    <p><?php _e('Example: <code>http://wordpress.org/</code> &#8212; don&#8217;t forget the <code>http://</code>'); ?></p> 
    387387</div> 
     
    391391<h3><label for="link_description"><?php _e('Description') ?></label></h3> 
    392392<div class="inside"> 
    393     <input type="text" name="link_description" size="30" tabindex="1" value="<?php echo isset($link->link_description) ? attr($link->link_description) : ''; ?>" id="link_description" /> 
     393    <input type="text" name="link_description" size="30" tabindex="1" value="<?php echo isset($link->link_description) ? esc_attr($link->link_description) : ''; ?>" id="link_description" /> 
    394394    <p><?php _e('This will be shown when someone hovers over the link in the blogroll, or optionally below the link.'); ?></p> 
    395395</div> 
     
    405405<input type="hidden" name="action" value="save" /> 
    406406<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" /> 
    407 <input type="hidden" name="order_by" value="<?php echo attr($order_by); ?>" /> 
     407<input type="hidden" name="order_by" value="<?php echo esc_attr($order_by); ?>" /> 
    408408<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> 
    409409<?php else: ?> 
  • trunk/wp-admin/edit-page-form.php

    r11183 r11204  
    6767<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?> 
    6868<div style="display:none;"> 
    69 <input type="submit" name="save" value="<?php _ea('Save'); ?>" /> 
     69<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" /> 
    7070</div> 
    7171 
     
    7373<div id="save-action"> 
    7474<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?> 
    75 <input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" /> 
     75<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" /> 
    7676<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?> 
    77 <input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" /> 
     77<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" /> 
    7878<?php } ?> 
    7979</div> 
     
    124124 
    125125<div id="post-status-select" class="hide-if-js"> 
    126 <input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" /> 
     126<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" /> 
    127127<select name='post_status' id='post_status' tabindex='4'> 
    128128<?php if ( 'publish' == $post->post_status ) : ?> 
     
    164164 
    165165<div id="post-visibility-select" class="hide-if-js"> 
    166 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" /> 
    167 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" /> 
     166<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" /> 
     167<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" /> 
    168168 
    169169<input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br /> 
    170170<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br /> 
    171 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span> 
     171<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span> 
    172172<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br /> 
    173173 
     
    227227    if ( $can_publish ) : 
    228228        if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?> 
    229         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" /> 
    230         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" /> 
     229        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" /> 
     230        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" /> 
    231231<?php   else : ?> 
    232         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" /> 
    233         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" /> 
     232        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" /> 
     233        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" /> 
    234234<?php   endif; 
    235235    else : ?> 
    236     <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" /> 
    237     <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" /> 
     236    <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" /> 
     237    <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" /> 
    238238<?php 
    239239    endif; 
    240240} else { ?> 
    241     <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Page') ?>" /> 
    242     <input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Page') ?>" /> 
     241    <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Page') ?>" /> 
     242    <input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Page') ?>" /> 
    243243<?php 
    244244} ?> 
     
    292292    } ?> 
    293293<h5><?php _e('Order') ?></h5> 
    294 <p><label class="invisible" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo attr($post->menu_order) ?>" /></p> 
     294<p><label class="invisible" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo esc_attr($post->menu_order) ?>" /></p> 
    295295<p><?php _e('Pages are usually ordered alphabetically, but you can put a number above to change the order pages appear in. (We know this is a little janky, it&#8217;ll be better in future releases.)'); ?></p> 
    296296<?php 
     
    347347function page_slug_meta_box($post){ 
    348348?> 
    349 <label class="invisible" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" /> 
     349<label class="invisible" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" /> 
    350350<?php 
    351351} 
     
    415415?> 
    416416<input type="hidden" id="user-id" name="user_ID" value="<?php echo $user_ID ?>" /> 
    417 <input type="hidden" id="hiddenaction" name="action" value='<?php echo attr($form_action) ?>' /> 
    418 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" /> 
    419 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" /> 
     417<input type="hidden" id="hiddenaction" name="action" value='<?php echo esc_attr($form_action) ?>' /> 
     418<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" /> 
     419<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" /> 
    420420<?php echo $form_extra ?> 
    421 <input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" /> 
    422 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" /> 
     421<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" /> 
     422<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" /> 
    423423<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 
    424424<?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?> 
     
    437437<div id="titlewrap"> 
    438438    <label class="invisible" for="title"><?php _e('Title') ?></label> 
    439     <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 
     439    <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 
    440440</div> 
    441441<div class="inside"> 
  • trunk/wp-admin/edit-pages.php

    r11180 r11204  
    172172    <label class="invisible" for="page-search-input"><?php _e( 'Search Pages' ); ?>:</label> 
    173173    <input type="text" id="page-search-input" name="s" value="<?php _admin_search_query(); ?>" /> 
    174     <input type="submit" value="<?php _ea( 'Search Pages' ); ?>" class="button" /> 
     174    <input type="submit" value="<?php esc_attr_e( 'Search Pages' ); ?>" class="button" /> 
    175175</p> 
    176176 
    177177<?php if ( isset($_GET['post_status'] ) ) : ?> 
    178 <input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" /> 
     178<input type="hidden" name="post_status" value="<?php echo esc_attr($_GET['post_status']) ?>" /> 
    179179<?php endif; ?> 
    180180 
     
    216216<option value="delete"><?php _e('Delete'); ?></option> 
    217217</select> 
    218 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     218<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    219219<?php wp_nonce_field('bulk-pages'); ?> 
    220220</div> 
     
    255255<option value="delete"><?php _e('Delete'); ?></option> 
    256256</select> 
    257 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     257<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    258258</div> 
    259259 
  • trunk/wp-admin/edit-tag-form.php

    r11110 r11204  
    2121<form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate"> 
    2222<input type="hidden" name="action" value="editedtag" /> 
    23 <input type="hidden" name="tag_ID" value="<?php echo attr($tag->term_id) ?>" /> 
    24 <input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy) ?>" /> 
     23<input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" /> 
     24<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" /> 
    2525<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?> 
    2626    <table class="form-table"> 
    2727        <tr class="form-field form-required"> 
    2828            <th scope="row" valign="top"><label for="name"><?php _e('Tag name') ?></label></th> 
    29             <td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attr($tag->name); ?>" size="40" aria-required="true" /> 
     29            <td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo esc_attr($tag->name); ?>" size="40" aria-required="true" /> 
    3030            <p><?php _e('The name is how the tag appears on your site.'); ?></p></td> 
    3131        </tr> 
    3232        <tr class="form-field"> 
    3333            <th scope="row" valign="top"><label for="slug"><?php _e('Tag slug') ?></label></th> 
    34             <td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" /> 
     34            <td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo esc_attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" /> 
    3535            <p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td> 
    3636        </tr> 
     
    4141        </tr> 
    4242    </table> 
    43 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _ea('Update Tag'); ?>" /></p> 
     43<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Tag'); ?>" /></p> 
    4444<?php do_action('edit_tag_form', $tag); ?> 
    4545</form> 
  • trunk/wp-admin/edit-tags.php

    r11180 r11204  
    161161    <label class="invisible" for="tag-search-input"><?php _e( 'Search Tags' ); ?>:</label> 
    162162    <input type="text" id="tag-search-input" name="s" value="<?php _admin_search_query(); ?>" /> 
    163     <input type="submit" value="<?php _ea( 'Search Tags' ); ?>" class="button" /> 
     163    <input type="submit" value="<?php esc_attr_e( 'Search Tags' ); ?>" class="button" /> 
    164164</p> 
    165165</form> 
     
    171171<div class="col-wrap"> 
    172172<form id="posts-filter" action="" method="get"> 
    173 <input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" /> 
     173<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" /> 
    174174<div class="tablenav"> 
    175175<?php 
     
    202202<option value="delete"><?php _e('Delete'); ?></option> 
    203203</select> 
    204 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     204<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    205205<?php wp_nonce_field('bulk-tags'); ?> 
    206206</div> 
     
    245245<option value="delete"><?php _e('Delete'); ?></option> 
    246246</select> 
    247 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     247<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    248248</div> 
    249249 
     
    277277<form name="addtag" id="addtag" method="post" action="edit-tags.php" class="add:the-list: validate"> 
    278278<input type="hidden" name="action" value="addtag" /> 
    279 <input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" /> 
     279<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" /> 
    280280<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('add-tag'); ?> 
    281281 
     
    298298</div> 
    299299 
    300 <p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Tag'); ?>" /></p> 
     300<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Tag'); ?>" /></p> 
    301301<?php do_action('add_tag_form'); ?> 
    302302</form></div> 
  • trunk/wp-admin/edit.php

    r11180 r11204  
    9393    $mode = 'list'; 
    9494else 
    95     $mode = attr($_GET['mode']); ?> 
     95    $mode = esc_attr($_GET['mode']); ?> 
    9696 
    9797<div class="wrap"> 
     
    167167    <label class="invisible" for="post-search-input"><?php _e( 'Search Posts' ); ?>:</label> 
    168168    <input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" /> 
    169     <input type="submit" value="<?php _ea( 'Search Posts' ); ?>" class="button" /> 
     169    <input type="submit" value="<?php esc_attr_e( 'Search Posts' ); ?>" class="button" /> 
    170170</p> 
    171171 
    172172<?php if ( isset($_GET['post_status'] ) ) : ?> 
    173 <input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" /> 
     173<input type="hidden" name="post_status" value="<?php echo esc_attr($_GET['post_status']) ?>" /> 
    174174<?php endif; ?> 
    175 <input type="hidden" name="mode" value="<?php echo attr($mode); ?>" /> 
     175<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" /> 
    176176 
    177177<?php if ( have_posts() ) { ?> 
     
    196196<option value="delete"><?php _e('Delete'); ?></option> 
    197197</select> 
    198 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     198<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    199199<?php wp_nonce_field('bulk-posts'); ?> 
    200200 
     
    223223        $default = ''; 
    224224 
    225     echo "<option$default value='" . attr("$arc_row->yyear$arc_row->mmonth") . "'>"; 
     225    echo "<option$default value='" . esc_attr("$arc_row->yyear$arc_row->mmonth") . "'>"; 
    226226    echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear"; 
    227227    echo "</option>\n"; 
     
    237237do_action('restrict_manage_posts'); 
    238238?> 
    239 <input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" /> 
     239<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" /> 
    240240 
    241241<?php } ?> 
     
    276276<option value="delete"><?php _e('Delete'); ?></option> 
    277277</select> 
    278 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     278<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    279279<br class="clear" /> 
    280280</div> 
  • trunk/wp-admin/export.php

    r11110 r11204  
    4343foreach ( $authors as $id ) { 
    4444    $o = get_userdata( $id ); 
    45     echo "<option value='" . attr($o->ID) . "'>$o->display_name</option>"; 
     45    echo "<option value='" . esc_attr($o->ID) . "'>$o->display_name</option>"; 
    4646} 
    4747?> 
     
    5050</tr> 
    5151</table> 
    52 <p class="submit"><input type="submit" name="submit" class="button" value="<?php _ea('Download Export File'); ?>" /> 
     52<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Download Export File'); ?>" /> 
    5353<input type="hidden" name="download" value="true" /> 
    5454</p> 
  • trunk/wp-admin/import/blogger.php

    r11190 r11204  
    5252        $prereqs = __('To use this importer, you must have a Google account and an upgraded (New, was Beta) blog hosted on blogspot.com or a custom domain (not FTP).'); 
    5353        $stepone = __('The first thing you need to do is tell Blogger to let WordPress access your account. You will be sent back here after providing authorization.'); 
    54         $auth = _a('Authorize'); 
     54        $auth = esc_attr__('Authorize'); 
    5555 
    5656        echo " 
     
    215215            else 
    216216                $value = $authors; 
    217             $value = attr($value); 
     217            $value = esc_attr($value); 
    218218            $blogtitle = js_escape( $blog['title'] ); 
    219219            $pdone = isset($blog['posts_done']) ? (int) $blog['posts_done'] : 0; 
     
    664664            $rows .= "<tr><td><label for='authors[$i]'>{$author[0]}</label></td><td><select name='authors[$i]' id='authors[$i]'>" . $this->get_user_options($author[1]) . "</select></td></tr>"; 
    665665 
    666         return "<div class='wrap'><h2>$heading</h2><h3>$blogtitle</h3><p>$directions</p><form action='index.php?import=blogger&amp;noheader=true&saveauthors=1' method='post'><input type='hidden' name='blog' value='" . attr($importing_blog) . "' /><table cellpadding='5'><thead><td>$mapthis</td><td>$tothis</td></thead>$rows<tr><td></td><td class='submit'><input type='submit' class='button authorsubmit' value='$submit' /></td></tr></table></form></div>"; 
     666        return "<div class='wrap'><h2>$heading</h2><h3>$blogtitle</h3><p>$directions</p><form action='index.php?import=blogger&amp;noheader=true&saveauthors=1' method='post'><input type='hidden' name='blog' value='" . esc_attr($importing_blog) . "' /><table cellpadding='5'><thead><td>$mapthis</td><td>$tothis</td></thead>$rows<tr><td></td><td class='submit'><input type='submit' class='button authorsubmit' value='$submit' /></td></tr></table></form></div>"; 
    667667    } 
    668668 
     
    833833            $restart = __('Restart'); 
    834834            $message = __('We have saved some information about your Blogger account in your WordPress database. Clearing this information will allow you to start over. Restarting will not affect any posts you have already imported. If you attempt to re-import a blog, duplicate posts and comments will be skipped.'); 
    835             $submit = _a('Clear account information'); 
     835            $submit = esc_attr__('Clear account information'); 
    836836            echo "<div class='wrap'><h2>$restart</h2><p>$message</p><form method='post' action='?import=blogger&amp;noheader=true'><p class='submit' style='text-align:left;'><input type='submit' class='button' value='$submit' name='restart' /></p></form></div>"; 
    837837        } 
  • trunk/wp-admin/import/btt.php

    r11173 r11204  
    3636        echo '<form action="admin.php?import=btt&amp;step=1" method="post">'; 
    3737        wp_nonce_field('import-btt'); 
    38         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Tags').'" /></p>'; 
     38        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Tags').'" /></p>'; 
    3939        echo '</form>'; 
    4040        echo '</div>'; 
     
    106106        echo '<form action="admin.php?import=btt&amp;step='.($precheck? 2:3).'" method="post">'; 
    107107        wp_nonce_field('import-btt'); 
    108         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Next').'" /></p>'; 
     108        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>'; 
    109109        echo '</form>'; 
    110110        echo '</div>'; 
  • trunk/wp-admin/import/dotclear.php

    r11190 r11204  
    216216        wp_nonce_field('import-dotclear'); 
    217217        $this->db_form(); 
    218         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Categories').'" /></p>'; 
     218        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Categories').'" /></p>'; 
    219219        echo '</form></div>'; 
    220220    } 
     
    633633        echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">'; 
    634634        wp_nonce_field('import-dotclear'); 
    635         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Users')); 
     635        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Users')); 
    636636        echo '</form>'; 
    637637 
     
    646646        echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">'; 
    647647        wp_nonce_field('import-dotclear'); 
    648         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Posts')); 
     648        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Posts')); 
    649649        echo '</form>'; 
    650650    } 
     
    660660        echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">'; 
    661661        wp_nonce_field('import-dotclear'); 
    662         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Comments')); 
     662        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Comments')); 
    663663        echo '</form>'; 
    664664    } 
     
    672672        echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">'; 
    673673        wp_nonce_field('import-dotclear'); 
    674         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Links')); 
     674        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Links')); 
    675675        echo '</form>'; 
    676676    } 
     
    685685        echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">'; 
    686686        wp_nonce_field('import-dotclear'); 
    687         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Finish')); 
     687        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Finish')); 
    688688        echo '</form>'; 
    689689    } 
  • trunk/wp-admin/import/greymatter.php

    r11190 r11204  
    6767</tr> 
    6868</table> 
    69 <p class="submit"><input type="submit" name="submit" class="button" value="<?php _ea('Start Importing') ?>" /></p> 
     69<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Start Importing') ?>" /></p> 
    7070</form> 
    7171<?php 
  • trunk/wp-admin/import/jkw.php

    r11173 r11204  
    3535        echo '<form action="admin.php?import=jkw&amp;step=1" method="post">'; 
    3636        wp_nonce_field('import-jkw'); 
    37         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Version 1.x').'" /></p>'; 
     37        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 1.x').'" /></p>'; 
    3838        echo '</form>'; 
    3939        echo '<form action="admin.php?import=jkw&amp;step=3" method="post">'; 
    4040        wp_nonce_field('import-jkw'); 
    41         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Version 2.0a').'" /></p>'; 
     41        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 2.0a').'" /></p>'; 
    4242        echo '</form>'; 
    4343        echo '</div>'; 
     
    121121        echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 2:6).'" method="post">'; 
    122122        wp_nonce_field('import-jkw'); 
    123         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Next').'" /></p>'; 
     123        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>'; 
    124124        echo '</form>'; 
    125125        echo '</div>'; 
     
    154154        echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 4:5).'" method="post">'; 
    155155        wp_nonce_field('import-jkw'); 
    156         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Next').'" /></p>'; 
     156        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>'; 
    157157        echo '</form>'; 
    158158        echo '</div>'; 
  • trunk/wp-admin/import/livejournal.php

    r11203 r11204  
    182182        <?php wp_nonce_field( 'lj-api-import' ) ?> 
    183183        <?php if ( get_option( 'ljapi_username' ) && get_option( 'ljapi_password' ) ) : ?> 
    184             <input type="hidden" name="step" value="<?php echo attr( get_option( 'ljapi_step' ) ) ?>" /> 
     184            <input type="hidden" name="step" value="<?php echo esc_attr( get_option( 'ljapi_step' ) ) ?>" /> 
    185185            <p><?php _e( 'It looks like you attempted to import your LiveJournal posts previously and got interrupted.' ) ?></p> 
    186186            <p class="submit"> 
    187                 <input type="submit" class="button-primary" value="<?php _ea( 'Continue previous import' ) ?>" /> 
     187                <input type="submit" class="button-primary" value="<?php esc_attr_e( 'Continue previous import' ) ?>" /> 
    188188            </p> 
    189             <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p> 
     189            <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p> 
    190190            <p> 
    191191        <?php else : ?> 
     
    224224 
    225225            <p class="submit"> 
    226                 <input type="submit" class="button-primary" value="<?php _ea( 'Connect to LiveJournal and Import' ) ?>" /> 
     226                <input type="submit" class="button-primary" value="<?php esc_attr_e( 'Connect to LiveJournal and Import' ) ?>" /> 
    227227            </p> 
    228228 
     
    725725            ?> 
    726726            <p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p> 
    727             <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
     727            <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
    728728            <?php 
    729729            return false; 
     
    737737                ?> 
    738738                <p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p> 
    739                 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
     739                <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
    740740                <?php 
    741741                return false; 
     
    817817            <?php wp_nonce_field( 'lj-api-import' ) ?> 
    818818            <input type="hidden" name="step" id="step" value="1" /> 
    819             <p><input type="submit" class="button-primary" value="<?php _ea( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p> 
     819            <p><input type="submit" class="button-primary" value="<?php esc_attr_e( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p> 
    820820            </form> 
    821821            <?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?> 
     
    867867            <?php wp_nonce_field( 'lj-api-import' ) ?> 
    868868            <input type="hidden" name="step" id="step" value="2" /> 
    869             <p><input type="submit" class="button-primary" value="<?php _ea( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p> 
     869            <p><input type="submit" class="button-primary" value="<?php esc_attr_e( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p> 
    870870            </form> 
    871871            <?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?> 
     
    942942        $str .= wp_nonce_field( 'lj-api-import', '_wpnonce', true, false ); 
    943943        $str .= wp_referer_field( false ); 
    944         $str .= '<input type="hidden" name="step" id="step" value="' . attr($next_step) . '" />'; 
    945         $str .= '<p><input type="submit" class="button-primary" value="' . attr( $label ) . '" /> <span id="auto-message"></span></p>'; 
     944        $str .= '<input type="hidden" name="step" id="step" value="' . esc_attr($next_step) . '" />'; 
     945        $str .= '<p><input type="submit" class="button-primary" value="' . esc_attr( $label ) . '" /> <span id="auto-message"></span></p>'; 
    946946        $str .= '</form>'; 
    947947 
  • trunk/wp-admin/import/mt.php

    r11190 r11204  
    4040 
    4141<?php wp_import_upload_form( add_query_arg('step', 1) ); ?> 
    42 <form method="post" action="<?php echo attr(add_query_arg('step', 1)); ?>" class="import-upload-form"> 
     42<form method="post" action="<?php echo esc_attr(add_query_arg('step', 1)); ?>" class="import-upload-form"> 
    4343 
    4444<?php wp_nonce_field('import-upload'); ?> 
     
    4747<?php _e('Or use <code>mt-export.txt</code> in your <code>/wp-content/</code> directory'); ?></p> 
    4848<p class="submit"> 
    49 <input type="submit" class="button" value="<?php _ea('Import mt-export.txt'); ?>" /> 
     49<input type="submit" class="button" value="<?php esc_attr_e('Import mt-export.txt'); ?>" /> 
    5050</p> 
    5151</form> 
     
    208208        foreach ($authors as $author) { 
    209209            ++ $j; 
    210             echo '<li><label>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'. attr($author) .'" name="'.'user[]'.'" maxlength="30"> <br />'); 
     210            echo '<li><label>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'. esc_attr($author) .'" name="'.'user[]'.'" maxlength="30"> <br />'); 
    211211            $this->users_form($j); 
    212212            echo '</label></li>'; 
    213213        } 
    214214 
    215         echo '<p class="submit"><input type="submit" class="button" value="'._a('Submit').'"></p>'.'<br />'; 
     215        echo '<p class="submit"><input type="submit" class="button" value="'.esc_attr__('Submit').'"></p>'.'<br />'; 
    216216        echo '</form>'; 
    217217        echo '</ol></div>'; 
  • trunk/wp-admin/import/opml.php

    r11173 r11204  
    6565</select></p> 
    6666 
    67 <p class="submit"><input type="submit" name="submit" value="<?php _ea('Import OPML File') ?>" /></p> 
     67<p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Import OPML File') ?>" /></p> 
    6868</form> 
    6969 
  • trunk/wp-admin/import/stp.php

    r11173 r11204  
    3434        echo '<form action="admin.php?import=stp&amp;step=1" method="post">'; 
    3535        wp_nonce_field('import-stp'); 
    36         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 1').'" /></p>'; 
     36        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 1').'" /></p>'; 
    3737        echo '</form>'; 
    3838        echo '</div>'; 
     
    9494        echo '<form action="admin.php?import=stp&amp;step=2" method="post">'; 
    9595        wp_nonce_field('import-stp'); 
    96         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 2').'" /></p>'; 
     96        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 2').'" /></p>'; 
    9797        echo '</form>'; 
    9898        echo '</div>'; 
     
    110110        echo '<form action="admin.php?import=stp&amp;step=3" method="post">'; 
    111111        wp_nonce_field('import-stp'); 
    112         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 3').'" /></p>'; 
     112        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 3').'" /></p>'; 
    113113        echo '</form>'; 
    114114        echo '</div>'; 
  • trunk/wp-admin/import/textpattern.php

    r11173 r11204  
    7171        wp_nonce_field('import-textpattern'); 
    7272        $this->db_form(); 
    73         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import').'" /></p>'; 
     73        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import').'" /></p>'; 
    7474        echo '</form>'; 
    7575        echo '</div>'; 
     
    506506        echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">'; 
    507507        wp_nonce_field('import-textpattern'); 
    508         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Users')); 
     508        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Users')); 
    509509        echo '</form>'; 
    510510 
     
    519519        echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">'; 
    520520        wp_nonce_field('import-textpattern'); 
    521         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Posts')); 
     521        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Posts')); 
    522522        echo '</form>'; 
    523523    } 
     
    533533        echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">'; 
    534534        wp_nonce_field('import-textpattern'); 
    535         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Comments')); 
     535        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Comments')); 
    536536        echo '</form>'; 
    537537    } 
     
    545545        echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">'; 
    546546        wp_nonce_field('import-textpattern'); 
    547         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Links')); 
     547        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Links')); 
    548548        echo '</form>'; 
    549549    } 
     
    558558        echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">'; 
    559559        wp_nonce_field('import-textpattern'); 
    560         printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Finish')); 
     560        printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Finish')); 
    561561        echo '</form>'; 
    562562    } 
  • trunk/wp-admin/import/utw.php

    r11173 r11204  
    3434        echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>'; 
    3535        echo '<form action="admin.php?import=utw&amp;step=1" method="post">'; 
    36         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 1').'" /></p>'; 
     36        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 1').'" /></p>'; 
    3737        echo '</form>'; 
    3838        echo '</div>'; 
     
    121121        echo '<form action="admin.php?import=utw&amp;step=2" method="post">'; 
    122122        wp_nonce_field('import-utw'); 
    123         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 2').'" /></p>'; 
     123        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 2').'" /></p>'; 
    124124        echo '</form>'; 
    125125        echo '</div>'; 
     
    157157        echo '<form action="admin.php?import=utw&amp;step=3" method="post">'; 
    158158        wp_nonce_field('import-utw'); 
    159         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 3').'" /></p>'; 
     159        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 3').'" /></p>'; 
    160160        echo '</form>'; 
    161161        echo '</div>'; 
     
    176176        echo '<form action="admin.php?import=utw&amp;step=4" method="post">'; 
    177177        wp_nonce_field('import-utw'); 
    178         echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 4').'" /></p>'; 
     178        echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 4').'" /></p>'; 
    179179        echo '</form>'; 
    180180        echo '</div>'; 
  • trunk/wp-admin/import/wordpress.php

    r11190 r11204  
    234234 
    235235        echo '<p class="submit">'; 
    236         echo '<input type="submit" class="button" value="'. _a('Submit') .'" />'.'<br />'; 
     236        echo '<input type="submit" class="button" value="'. esc_attr__('Submit') .'" />'.'<br />'; 
    237237        echo '</p>'; 
    238238        echo '</form>'; 
     
    243243 
    244244        if ( $this->allow_create_users() ) { 
    245             printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'. attr($author) .'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />'); 
     245            printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'. esc_attr($author) .'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />'); 
    246246        } 
    247247        else { 
     
    250250 
    251251        // keep track of $n => $author name 
    252         echo '<input type="hidden" name="author_in['.intval($n).']" value="'.attr($author).'" />'; 
     252        echo '<input type="hidden" name="author_in['.intval($n).']" value="' . esc_attr($author).'" />'; 
    253253 
    254254        $users = get_users_of_blog(); 
  • trunk/wp-admin/import/wp-cat2tag.php

    r11190 r11204  
    104104 
    105105<form name="catlist" id="catlist" action="admin.php?import=wp-cat2tag&amp;step=2" method="post"> 
    106 <p><input type="button" class="button-secondary" value="<?php _ea('Check All'); ?>" onclick="this.value=check_all_rows()" /> 
     106<p><input type="button" class="button-secondary" value="<?php esc_attr_e('Check All'); ?>" onclick="this.value=check_all_rows()" /> 
    107107<?php wp_nonce_field('import-cat2tag'); ?></p> 
    108108<ul style="list-style:none"> 
     
    129129            echo '<p><a name="note"></a>' . __('* This category is also a tag. Converting it will add that tag to all posts that are currently in the category.') . '</p>'; ?> 
    130130 
    131 <p class="submit"><input type="submit" name="submit" class="button" value="<?php _ea('Convert Categories to Tags'); ?>" /></p> 
     131<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Convert Categories to Tags'); ?>" /></p> 
    132132</form> 
    133133 
     
    180180 
    181181<form name="taglist" id="taglist" action="admin.php?import=wp-cat2tag&amp;step=4" method="post"> 
    182 <p><input type="button" class="button-secondary" value="<?php _ea('Check All'); ?>" onclick="this.value=check_all_tagrows()" /> 
     182<p><input type="button" class="button-secondary" value="<?php esc_attr_e('Check All'); ?>" onclick="this.value=check_all_tagrows()" /> 
    183183<?php wp_nonce_field('import-cat2tag'); ?></p> 
    184184<ul style="list-style:none"> 
    185185 
    186186<?php   foreach ( $this->all_tags as $tag ) { ?> 
    187     <li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id),  $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li> 
     187    <li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo esc_attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id),  $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li> 
    188188 
    189189<?php   } ?> 
     
    193193            echo '<p><a name="note"></a>' . __('* This tag is also a category. When converted, all posts associated with the tag will also be in the category.') . '</p>'; ?> 
    194194 
    195 <p class="submit"><input type="submit" name="submit_tags" class="button" value="<?php _ea('Convert Tags to Categories'); ?>" /></p> 
     195<p class="submit"><input type="submit" name="submit_tags" class="button" value="<?php esc_attr_e('Convert Tags to Categories'); ?>" /></p> 
    196196</form> 
    197197 
  • trunk/wp-admin/includes/bookmark.php

    r11109 r11204  
    6060 
    6161    if ( isset( $_GET['name'] ) ) 
    62         $link->link_name = attr( $_GET['name']); 
     62        $link->link_name = esc_attr( $_GET['name']); 
    6363    else 
    6464        $link->link_name = ''; 
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r11192 r11204  
    821821        } 
    822822        $update_actions =  array( 
    823             'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>', 
    824             'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>' 
     823            'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>', 
     824            'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . esc_attr__('Goto plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>' 
    825825        ); 
    826826        if ( $this->plugin_active ) 
     
    872872 
    873873        $install_actions = array( 
    874             'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>', 
     874            'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>', 
    875875                            ); 
    876876 
    877877        if ( $this->type == 'web' ) 
    878             $install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attr(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>'; 
     878            $install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . esc_attr__('Return to Plugin Installer') . '" target="_parent">' . __('Return to Plugin Installer') . '</a>'; 
    879879        else 
    880             $install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'; 
     880            $install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . esc_attr__('Return to Plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>'; 
    881881 
    882882 
     
    937937 
    938938        $install_actions = array( 
    939             'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>', 
    940             'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>' 
     939            'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>', 
     940            'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>' 
    941941                            ); 
    942942 
    943943        if ( $this->type == 'web' ) 
    944             $install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attr(__('Return to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>'; 
     944            $install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer.') . '</a>'; 
    945945        else 
    946             $install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>'; 
     946            $install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . esc_attr__('Themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>'; 
    947947 
    948948        if ( ! $this->result || is_wp_error($this->result) ) 
     
    996996 
    997997        $update_actions =  array( 
    998             'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>', 
    999             'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>', 
    1000             'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>', 
     998            'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>', 
     999            'activate' => '<a href="' . $activate_link .  '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>', 
     1000            'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . esc_attr__('Return to Themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>', 
    10011001        ); 
    10021002        if ( ( ! $this->result || is_wp_error($this->result) ) || $stylesheet == get_stylesheet() ) 
  • trunk/wp-admin/includes/dashboard.php

    r11190 r11204  
    133133    echo '<form action="" method="post" class="dashboard-widget-control-form">'; 
    134134    wp_dashboard_trigger_widget_control( $meta_box['id'] ); 
    135     echo "<p class='submit'><input type='hidden' name='widget_id' value='" . attr($meta_box['id']) . "' /><input type='submit' value='" . _a( 'Submit' ) . "' /></p>"; 
     135    echo "<p class='submit'><input type='hidden' name='widget_id' value='" . esc_attr($meta_box['id']) . "' /><input type='submit' value='" . esc_attr__( 'Submit' ) . "' /></p>"; 
    136136 
    137137    echo '</form>'; 
     
    389389        <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4> 
    390390        <div class="input-text-wrap"> 
    391             <input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attr( $post->post_title ); ?>" /> 
     391            <input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo esc_attr( $post->post_title ); ?>" /> 
    392392        </div> 
    393393 
     
    414414            <input type="hidden" name="quickpress_post_ID" value="<?php echo (int) $post->ID; ?>" /> 
    415415            <?php wp_nonce_field('add-post'); ?> 
    416             <input type="submit" name="save" id="save-post" class="button" tabindex="4" value="<?php _ea('Save Draft'); ?>" /> 
    417             <input type="reset" value="<?php _ea( 'Reset' ); ?>" class="button" /> 
     416            <input type="submit" name="save" id="save-post" class="button" tabindex="4" value="<?php esc_attr_e('Save Draft'); ?>" /> 
     417            <input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" /> 
    418418            <?php if ( current_user_can('publish_posts') ) { ?> 
    419             <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php _ea('Publish'); ?>" /> 
     419            <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php esc_attr_e('Publish'); ?>" /> 
    420420            <?php } else { ?> 
    421             <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php _ea('Submit for Review'); ?>" /> 
     421            <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php esc_attr_e('Submit for Review'); ?>" /> 
    422422            <?php } ?> 
    423423            <br class="clear" /> 
     
    450450            $url = get_edit_post_link( $draft->ID ); 
    451451            $title = _draft_or_post_title( $draft->ID ); 
    452             $item = "<h4><a href='$url' title='" . sprintf( __( 'Edit &#8220;%s&#8221;' ), attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>'; 
     452            $item = "<h4><a href='$url' title='" . sprintf( __( 'Edit &#8220;%s&#8221;' ), esc_attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>'; 
    453453            if ( $the_content = preg_split( '#\s#', strip_tags( $draft->post_content ), 11, PREG_SPLIT_NO_EMPTY ) ) 
    454454                $item .= '<p>' . join( ' ', array_slice( $the_content, 0, 10 ) ) . ( 10 < count( $the_content ) ? '&hellip;' : '' ) . '</p>'; 
     
    597597            <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden"> 
    598598                <textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea> 
    599                 <div class="author-email"><?php echo attr( $comment->comment_author_email ); ?></div> 
    600                 <div class="author"><?php echo attr( $comment->comment_author ); ?></div> 
    601                 <div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div> 
     599                <div class="author-email"><?php echo esc_attr( $comment->comment_author_email ); ?></div> 
     600                <div class="author"><?php echo esc_attr( $comment->comment_author ); ?></div> 
     601                <div class="author-url"><?php echo esc_attr( $comment->comment_author_url ); ?></div> 
    602602                <div class="comment_status"><?php echo $comment->comment_approved; ?></div> 
    603603            </div> 
  • trunk/wp-admin/includes/file.php

    r11190 r11204  
    733733<tr valign="top"> 
    734734<th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th> 
    735 <td><input name="hostname" type="text" id="hostname" value="<?php echo attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td> 
     735<td><input name="hostname" type="text" id="hostname" value="<?php echo esc_attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td> 
    736736</tr> 
    737737 
    738738<tr valign="top"> 
    739739<th scope="row"><label for="username"><?php _e('Username') ?></label></th> 
    740 <td><input name="username" type="text" id="username" value="<?php echo attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td> 
     740<td><input name="username" type="text" id="username" value="<?php echo esc_attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td> 
    741741</tr> 
    742742 
     
    752752<label for="private_key"><?php _e('Private Key:') ?></label> 
    753753</div></th> 
    754 <td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" /> 
     754<td><br /><input name="public_key" type="text" id="public_key" value="<?php echo esc_attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo esc_attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" /> 
    755755<div><?php _e('Enter the location on the server where the keys are located. If a passphrase is needed, enter that in the password field above.') ?></div></td> 
    756756</tr> 
     
    769769 
    770770<?php if ( isset( $_POST['version'] ) ) : ?> 
    771 <input type="hidden" name="version" value="<?php echo attr($_POST['version']) ?>" /> 
     771<input type="hidden" name="version" value="<?php echo esc_attr($_POST['version']) ?>" /> 
    772772<?php endif; ?> 
    773773<?php if ( isset( $_POST['locale'] ) ) : ?> 
    774 <input type="hidden" name="locale" value="<?php echo attr($_POST['locale']) ?>" /> 
     774<input type="hidden" name="locale" value="<?php echo esc_attr($_POST['locale']) ?>" /> 
    775775<?php endif; ?> 
    776776<p class="submit"> 
    777 <input id="upgrade" name="upgrade" type="submit" class="button" value="<?php _ea('Proceed'); ?>" /> 
     777<input id="upgrade" name="upgrade" type="submit" class="button" value="<?php esc_attr_e('Proceed'); ?>" /> 
    778778</p> 
    779779</div> 
  • trunk/wp-admin/includes/manifest.php

    r11203 r11204  
    2727 * @ignore 
    2828 */ 
    29 function attr() {} 
     29function esc_attr() {} 
    3030 
    3131/** 
  • trunk/wp-admin/includes/media.php

    r11203 r11204  
    7979            $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false)); 
    8080            $link = "<a href='" . clean_url($href) . "'$class>$text</a>"; 
    81             echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n"; 
     81            echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n"; 
    8282        } 
    8383        echo "</ul>\n"; 
     
    105105    $html = get_image_tag($id, $htmlalt, $title, $align, $size); 
    106106 
    107     $rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : ''; 
     107    $rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : ''; 
    108108 
    109109    if ( $url ) 
     
    429429        if ( !empty($attachment['url']) ) { 
    430430            if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) ) 
    431                 $rel = " rel='attachment wp-att-".attr($send_id)."'"; 
     431                $rel = " rel='attachment wp-att-" . esc_attr($send_id)."'"; 
    432432            $html = "<a href='{$attachment['url']}'$rel>$html</a>"; 
    433433        } 
     
    464464        if ( !empty($src) && !strpos($src, '://') ) 
    465465            $src = "http://$src"; 
    466         $alt = attr($_POST['insertonly']['alt']); 
     466        $alt = esc_attr($_POST['insertonly']['alt']); 
    467467        if ( isset($_POST['insertonly']['align']) ) { 
    468             $align = attr($_POST['insertonly']['align']); 
     468            $align = esc_attr($_POST['insertonly']['align']); 
    469469            $class = " class='align$align'"; 
    470470        } 
     
    558558        if ( !empty($href) && !strpos($href, '://') ) 
    559559            $href = "http://$href"; 
    560         $title = attr($_POST['insertonly']['title']); 
     560        $title = esc_attr($_POST['insertonly']['title']); 
    561561        if ( empty($title) ) 
    562562            $title = basename($href); 
     
    612612        if ( !empty($href) && !strpos($href, '://') ) 
    613613            $href = "http://$href"; 
    614         $title = attr($_POST['insertonly']['title']); 
     614        $title = esc_attr($_POST['insertonly']['title']); 
    615615        if ( empty($title) ) 
    616616            $title = basename($href); 
     
    666666        if ( !empty($href) && !strpos($href, '://') ) 
    667667            $href = "http://$href"; 
    668         $title = attr($_POST['insertonly']['title']); 
     668        $title = esc_attr($_POST['insertonly']['title']); 
    669669        if ( empty($title) ) 
    670670            $title = basename($href); 
     
    756756    $out = array(); 
    757757    foreach ($alignments as $name => $label) { 
    758         $name = attr($name); 
     758        $name = esc_attr($name); 
    759759        $out[] = "<input type='radio' name='attachments[{$post->ID}][align]' id='image-align-{$name}-{$post->ID}' value='$name'". 
    760760            ( $checked == $name ? " checked='checked'" : "" ) . 
     
    830830        $url = $link; 
    831831 
    832     return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br /> 
     832    return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . esc_attr($url) . "' /><br /> 
    833833                <button type='button' class='button urlnone' title=''>" . __('None') . "</button> 
    834                 <button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button> 
    835                 <button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button> 
     834                <button type='button' class='button urlfile' title='" . esc_attr($file) . "'>" . __('File URL') . "</button> 
     835                <button type='button' class='button urlpost' title='" . esc_attr($link) . "'>" . __('Post URL') . "</button> 
    836836"; 
    837837} 
     
    993993            'label'      => __('File URL'), 
    994994            'input'      => 'html', 
    995             'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />", 
     995            'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . esc_attr($image_url) . "' /><br />", 
    996996            'value'      => isset($edit_post->post_url) ? $edit_post->post_url : '', 
    997997            'helps'      => __('Location of the uploaded file.'), 
     
    10901090 
    10911091    $filename = basename($post->guid); 
    1092     $title = attr($post->post_title); 
     1092    $title = esc_attr($post->post_title); 
    10931093 
    10941094    if ( $_tags = get_the_tags($attachment_id) ) { 
    10951095        foreach ( $_tags as $tag ) 
    10961096            $tags[] = $tag->name; 
    1097         $tags = attr(join(', ', $tags)); 
     1097        $tags = esc_attr(join(', ', $tags)); 
    10981098    } 
    10991099 
     
    11021102        $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type)); 
    11031103        $type = array_shift($keys); 
    1104         $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />"; 
     1104        $type = "<input type='hidden' id='type-of-$attachment_id' value='" . esc_attr( $type ) . "' />"; 
    11051105    } 
    11061106 
     
    11611161    $delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id); 
    11621162    if ( $send ) 
    1163         $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . _a( 'Insert into Post' ) . "' />"; 
     1163        $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />"; 
    11641164    if ( $delete ) 
    11651165        $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>"; 
     
    11991199            $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>"; 
    12001200        } else { 
    1201             $item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>"; 
     1201            $item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>"; 
    12021202        } 
    12031203        if ( !empty($field['helps']) ) 
     
    12271227 
    12281228    foreach ( $hidden_fields as $name => $value ) 
    1229         $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n"; 
     1229        $item .= "\t<input type='hidden' name='$name' id='$name' value='" . esc_attr( $value ) . "' />\n"; 
    12301230 
    12311231    if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) { 
     
    13081308            button_image_url: '<?php echo includes_url('images/upload.png'); ?>', 
    13091309            button_placeholder_id: "flash-browse-button", 
    1310             upload_url : "<?php echo attr( $flash_action_url ); ?>", 
     1310            upload_url : "<?php echo esc_attr( $flash_action_url ); ?>", 
    13111311            flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>", 
    13121312            file_post_name: "async-upload", 
     
    13561356    <p id="async-upload-wrap"> 
    13571357    <label class="invisible" for="async-upload"><?php _e('Upload'); ?></label> 
    1358     <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php _ea('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a> 
     1358    <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php esc_attr_e('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a> 
    13591359    </p> 
    13601360    <div class="clear"></div> 
     
    13861386?> 
    13871387 
    1388 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 
     1388<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 
    13891389<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    13901390<?php wp_nonce_field('media-form'); ?> 
     
    14181418?> 
    14191419</div> 
    1420 <input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" /> 
     1420<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" /> 
    14211421<?php 
    14221422} 
     
    14421442?> 
    14431443 
    1444 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 
     1444<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 
    14451445<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    14461446<?php wp_nonce_field('media-form'); ?> 
     
    15761576<a href="#" id="clear"><?php _e('Clear'); ?></a> 
    15771577</div> 
    1578 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form"> 
     1578<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form"> 
    15791579<?php wp_nonce_field('media-form'); ?> 
    15801580<?php //media_upload_form( $errors ); ?> 
     
    15911591 
    15921592<p class="ml-submit"> 
    1593 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php _ea( 'Save all changes' ); ?>" /> 
     1593<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php esc_attr_e( 'Save all changes' ); ?>" /> 
    15941594<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    1595 <input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" /> 
    1596 <input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" /> 
     1595<input type="hidden" name="type" value="<?php echo esc_attr( $GLOBALS['type'] ); ?>" /> 
     1596<input type="hidden" name="tab" value="<?php echo esc_attr( $GLOBALS['tab'] ); ?>" /> 
    15971597</p> 
    15981598 
     
    16681668 
    16691669<p class="ml-submit"> 
    1670 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php _ea( 'Insert gallery' ); ?>" /> 
    1671 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php _ea( 'Update gallery settings' ); ?>" /> 
     1670<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php esc_attr_e( 'Insert gallery' ); ?>" /> 
     1671<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php esc_attr_e( 'Update gallery settings' ); ?>" /> 
    16721672</p> 
    16731673</div> 
     
    17051705 
    17061706<form id="filter" action="" method="get"> 
    1707 <input type="hidden" name="type" value="<?php echo attr( $type ); ?>" /> 
    1708 <input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" /> 
     1707<input type="hidden" name="type" value="<?php echo esc_attr( $type ); ?>" /> 
     1708<input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" /> 
    17091709<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" /> 
    1710 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" /> 
     1710<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? esc_attr( $_GET['post_mime_type'] ) : ''; ?>" /> 
    17111711 
    17121712<p id="media-search" class="search-box"> 
    17131713    <label class="invisible" for="media-search-input"><?php _e('Search Media');?>:</label> 
    17141714    <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" /> 
    1715     <input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" /> 
     1715    <input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" /> 
    17161716</p> 
    17171717 
     
    17921792        $default = ''; 
    17931793 
    1794     echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>"; 
     1794    echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>"; 
    17951795    echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" ); 
    17961796    echo "</option>\n"; 
     
    18001800<?php } ?> 
    18011801 
    1802 <input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" /> 
     1802<input type="submit" id="post-query-submit" value="<?php echo esc_attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" /> 
    18031803 
    18041804</div> 
     
    18081808</form> 
    18091809 
    1810 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form"> 
     1810<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="library-form"> 
    18111811 
    18121812<?php wp_nonce_field('media-form'); ?> 
     
    18301830</div> 
    18311831<p class="ml-submit"> 
    1832 <input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" /> 
     1832<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" /> 
    18331833<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    18341834</p> 
     
    19121912            <td></td> 
    19131913            <td> 
    1914                 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . _a('Insert into Post') . '" /> 
     1914                <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . esc_attr__('Insert into Post') . '" /> 
    19151915            </td> 
    19161916        </tr> 
     
    19481948            <td></td> 
    19491949            <td> 
    1950                 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" /> 
     1950                <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" /> 
    19511951            </td> 
    19521952        </tr> 
     
    19831983            <td></td> 
    19841984            <td> 
    1985                 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" /> 
     1985                <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" /> 
    19861986            </td> 
    19871987        </tr> 
     
    20182018            <td></td> 
    20192019            <td> 
    2020                 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" /> 
     2020                <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" /> 
    20212021            </td> 
    20222022        </tr> 
  • trunk/wp-admin/includes/plugin-install.php

    r11180 r11204  
    163163            <option value="tag"<?php selected('tag', $type) ?>><?php _x('Tag', 'Plugin Installer') ?></option> 
    164164        </select> 
    165         <input type="text" name="s" value="<?php echo attr($term) ?>" /> 
     165        <input type="text" name="s" value="<?php echo esc_attr($term) ?>" /> 
    166166        <label class="invisible" for="plugin-search-input"><?php _e('Search Plugins'); ?></label> 
    167         <input type="submit" id="plugin-search-input" name="search" value="<?php _ea('Search Plugins') ?>" class="button" /> 
     167        <input type="submit" id="plugin-search-input" name="search" value="<?php esc_attr_e('Search Plugins') ?>" class="button" /> 
    168168    </form><?php 
    169169} 
     
    214214        <label class="invisible" for="pluginzip"><?php _e('Plugin zip file'); ?></label> 
    215215        <input type="file" id="pluginzip" name="pluginzip" /> 
    216         <input type="submit" class="button" value="<?php _ea('Install Now') ?>" /> 
     216        <input type="submit" class="button" value="<?php esc_attr_e('Install Now') ?>" /> 
    217217    </form> 
    218218<?php 
     
    337337 
    338338                if( isset($plugin['homepage']) ) 
    339                     $title = '<a target="_blank" href="' . attr($plugin['homepage']) . '">' . $title . '</a>'; 
     339                    $title = '<a target="_blank" href="' . esc_attr($plugin['homepage']) . '">' . $title . '</a>'; 
    340340 
    341341                $action_links = array(); 
    342342                $action_links[] = '<a href="' . admin_url('plugin-install.php?tab=plugin-information&amp;plugin=' . $plugin['slug'] . 
    343343                                    '&amp;TB_iframe=true&amp;width=600&amp;height=800') . '" class="thickbox onclick" title="' . 
    344                                     attr($name) . '">' . __('Install') . '</a>'; 
     344                                    esc_attr($name) . '">' . __('Install') . '</a>'; 
    345345 
    346346                $action_links = apply_filters('plugin_install_action_links', $action_links, $plugin); 
     
    351351                <td class="vers"> 
    352352                    <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $plugin['num_ratings']), number_format_i18n($plugin['num_ratings'])) ?>"> 
    353                         <div class="star star-rating" style="width: <?php echo attr($plugin['rating']) ?>px"></div> 
     353                        <div class="star star-rating" style="width: <?php echo esc_attr($plugin['rating']) ?>px"></div> 
    354354                        <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> 
    355355                        <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> 
     
    419419        $href = add_query_arg( array('tab' => $tab, 'section' => $section_name) ); 
    420420        $href = clean_url($href); 
    421         $san_title = attr(sanitize_title_with_dashes($title)); 
     421        $san_title = esc_attr(sanitize_title_with_dashes($title)); 
    422422        echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n"; 
    423423    } 
     
    508508        <h2><?php _e('Average Rating') ?></h2> 
    509509        <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>"> 
    510             <div class="star star-rating" style="width: <?php echo attr($api->rating) ?>px"></div> 
     510            <div class="star star-rating" style="width: <?php echo esc_attr($api->rating) ?>px"></div> 
    511511            <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> 
    512512            <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> 
     
    533533            $content = links_add_target($content, '_blank'); 
    534534 
    535             $san_title = attr(sanitize_title_with_dashes($title)); 
     535            $san_title = esc_attr(sanitize_title_with_dashes($title)); 
    536536 
    537537            $display = ( $section_name == $section ) ? 'block' : 'none'; 
  • trunk/wp-admin/includes/plugin.php

    r11186 r11204  
    11171117 */ 
    11181118function settings_fields($option_group) { 
    1119     echo "<input type='hidden' name='option_page' value='" . attr($option_group) . "' />"; 
     1119    echo "<input type='hidden' name='option_page' value='" . esc_attr($option_group) . "' />"; 
    11201120    echo '<input type="hidden" name="action" value="update" />'; 
    11211121    wp_nonce_field("$option_group-options"); 
  • trunk/wp-admin/includes/taxonomy.php

    r11109 r11204  
    223223        $tag_names[] = $tag->name; 
    224224    $tags_to_edit = join( ',', $tag_names ); 
    225     $tags_to_edit = attr( $tags_to_edit ); 
     225    $tags_to_edit = esc_attr( $tags_to_edit ); 
    226226    $tags_to_edit = apply_filters( 'terms_to_edit', $tags_to_edit, $taxonomy ); 
    227227 
  • trunk/wp-admin/includes/template.php

    r11203 r11204  
    126126    $edit_link = "categories.php?action=edit&amp;cat_ID=$category->term_id"; 
    127127    if ( current_user_can( 'manage_categories' ) ) { 
    128         $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>" . attr( $name ) . '</a><br />'; 
     128        $edit = "<a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>" . esc_attr( $name ) . '</a><br />'; 
    129129        $actions = array(); 
    130130        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
     
    265265        <a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a> 
    266266        <?php $update_text = ( $is_tag ) ? __( 'Update Tag' ) : __( 'Update Category' ); ?> 
    267         <a accesskey="s" href="#inline-edit" title="<?php echo attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a> 
     267        <a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a> 
    268268        <img class="waiting" style="display:none;" src="images/wpspin_light.gif" alt="" /> 
    269269        <span class="error" style="display:none;"></span> 
     
    297297    $edit_link = "link-category.php?action=edit&amp;cat_ID=$category->term_id"; 
    298298    if ( current_user_can( 'manage_categories' ) ) { 
    299         $edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>$name</a><br />"; 
     299        $edit = "<a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>$name</a><br />"; 
    300300        $actions = array(); 
    301301        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
     
    659659                    break; 
    660660                case 'name': 
    661                     $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr(sprintf(__('Edit &#8220;%s&#8221;'), $name)) . '">' . $name . '</a></strong><br />'; 
     661                    $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $name)) . '">' . $name . '</a></strong><br />'; 
    662662                    $actions = array(); 
    663663                    $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
     
    12581258            $update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' ); 
    12591259            ?> 
    1260             <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr( $update_text ); ?></a> 
     1260            <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a> 
    12611261            <img class="waiting" style="display:none;" src="images/wpspin_light.gif" alt="" /> 
    12621262        <?php } else { 
    12631263            $update_text = ( $is_page ) ? __( 'Update Pages' ) : __( 'Update Posts' ); 
    12641264        ?> 
    1265             <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr( $update_text ); ?>" /> 
     1265            <input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo esc_attr( $update_text ); ?>" /> 
    12661266        <?php } ?> 
    12671267        <input type="hidden" name="post_view" value="<?php echo $m; ?>" /> 
     
    12891289        return; 
    12901290 
    1291     $title = attr($post->post_title); 
     1291    $title = esc_attr($post->post_title); 
    12921292 
    12931293    echo ' 
     
    14381438            $attributes = 'class="post-title column-title"' . $style; 
    14391439        ?> 
    1440         <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong> 
     1440        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong> 
    14411441        <?php 
    14421442            if ( 'excerpt' == $mode ) 
     
    14451445            $actions = array(); 
    14461446            if ( current_user_can('edit_post', $post->ID) ) { 
    1447                 $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr(__('Edit this post')) . '">' . __('Edit') . '</a>'; 
    1448                 $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>'; 
    1449                 $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 
     1447                $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>'; 
     1448                $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>'; 
     1449                $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 
    14501450            } 
    14511451            if ( in_array($post->post_status, array('pending', 'draft')) ) { 
    14521452                if ( current_user_can('edit_post', $post->ID) ) 
    1453                     $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 
     1453                    $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 
    14541454            } else { 
    1455                 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
     1455                $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
    14561456            } 
    14571457            $actions = apply_filters('post_row_actions', $actions, $post); 
     
    16541654        $edit_link = get_edit_post_link( $page->ID ); 
    16551655        ?> 
    1656         <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong> 
     1656        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong> 
    16571657        <?php 
    16581658        $actions = array(); 
    16591659        if ( current_user_can('edit_page', $page->ID) ) { 
    1660             $actions['edit'] = '<a href="' . $edit_link . '" title="' . attr(__('Edit this page')) . '">' . __('Edit') . '</a>'; 
     1660            $actions['edit'] = '<a href="' . $edit_link . '" title="' . esc_attr(__('Edit this page')) . '">' . __('Edit') . '</a>'; 
    16611661            $actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>'; 
    1662             $actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 
     1662            $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 
    16631663        } 
    16641664        if ( in_array($post->post_status, array('pending', 'draft')) ) { 
    16651665            if ( current_user_can('edit_page', $page->ID) ) 
    1666                 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 
     1666                $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 
    16671667        } else { 
    1668             $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
     1668            $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
    16691669        } 
    16701670        $actions = apply_filters('page_row_actions', $actions, $page); 
     
    21252125                <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden"> 
    21262126                <textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea> 
    2127                 <div class="author-email"><?php if ( $user_can ) echo attr( $comment->comment_author_email ); ?></div> 
    2128                 <div class="author"><?php if ( $user_can ) echo attr( $comment->comment_author ); ?></div> 
    2129                 <div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div> 
     2127                <div class="author-email"><?php if ( $user_can ) echo esc_attr( $comment->comment_author_email ); ?></div> 
     2128                <div class="author"><?php if ( $user_can ) echo esc_attr( $comment->comment_author ); ?></div> 
     2129                <div class="author-url"><?php echo esc_attr( $comment->comment_author_url ); ?></div> 
    21302130                <div class="comment_status"><?php echo $comment->comment_approved; ?></div> 
    21312131                </div> 
     
    23062306    <input type="hidden" name="position" id="position" value="<?php echo $position; ?>" /> 
    23072307    <input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" /> 
    2308     <input type="hidden" name="mode" id="mode" value="<?php echo attr($mode); ?>" /> 
     2308    <input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" /> 
    23092309    <?php wp_nonce_field( 'replyto-comment', '_ajax_nonce', false ); ?> 
    23102310    <?php wp_comment_form_unfiltered_html_nonce(); ?> 
     
    24282428    } 
    24292429 
    2430     $entry['meta_key'] = attr($entry['meta_key']); 
     2430    $entry['meta_key'] = esc_attr($entry['meta_key']); 
    24312431    $entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea /> 
    24322432    $entry['meta_id'] = (int) $entry['meta_id']; 
     
    24382438 
    24392439    $r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' "; 
    2440     $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='". _a( 'Delete' ) ."' />"; 
    2441     $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='". _a( 'Update' ) ."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>"; 
     2440    $r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='". esc_attr__( 'Delete' ) ."' />"; 
     2441    $r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='". esc_attr__( 'Update' ) ."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>"; 
    24422442    $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false ); 
    24432443    $r .= "</td>"; 
     
    24832483 
    24842484    foreach ( $keys as $key ) { 
    2485         $key = attr( $key ); 
    2486         echo "\n<option value='" . attr($key) . "'>$key</option>"; 
     2485        $key = esc_attr( $key ); 
     2486        echo "\n<option value='" . esc_attr($key) . "'>$key</option>"; 
    24872487    } 
    24882488?> 
     
    25002500 
    25012501<tr><td colspan="2" class="submit"> 
    2502 <input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php _ea( 'Add Custom Field' ) ?>" /> 
     2502<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php esc_attr_e( 'Add Custom Field' ) ?>" /> 
    25032503<?php wp_nonce_field( 'add-meta', '_ajax_nonce', false ); ?> 
    25042504</td></tr> 
     
    27202720        $name = translate_user_role($details['name'] ); 
    27212721        if ( $selected == $role ) // Make default first in list 
    2722             $p = "\n\t<option selected='selected' value='" . attr($role) . "'>$name</option>"; 
     2722            $p = "\n\t<option selected='selected' value='" . esc_attr($role) . "'>$name</option>"; 
    27232723        else 
    2724             $r .= "\n\t<option value='" . attr($role) . "'>$name</option>"; 
     2724            $r .= "\n\t<option value='" . esc_attr($role) . "'>$name</option>"; 
    27252725    } 
    27262726    echo $p . $r; 
     
    27932793    else : 
    27942794?> 
    2795 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr($action) ?>"> 
     2795<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr($action) ?>"> 
    27962796<p> 
    27972797<?php wp_nonce_field('import-upload'); ?> 
     
    28022802</p> 
    28032803<p class="submit"> 
    2804 <input type="submit" class="button" value="<?php _ea( 'Upload file and import' ); ?>" /> 
     2804<input type="submit" class="button" value="<?php esc_attr_e( 'Upload file and import' ); ?>" /> 
    28052805</p> 
    28062806</form> 
     
    28162816function wp_remember_old_slug() { 
    28172817    global $post; 
    2818     $name = attr($post->post_name); // just in case 
     2818    $name = esc_attr($post->post_name); // just in case 
    28192819    if ( strlen($name) ) 
    28202820        echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />'; 
     
    31553155            <div class="find-box-search"> 
    31563156                <?php if ( $found_action ) { ?> 
    3157                     <input type="hidden" name="found_action" value="<?php echo attr($found_action); ?>" /> 
     3157                    <input type="hidden" name="found_action" value="<?php echo esc_attr($found_action); ?>" /> 
    31583158                <?php } ?> 
    31593159 
     
    31623162                <label class="invisible" for="find-posts-input"><?php _e( 'Search' ); ?></label> 
    31633163                <input type="text" id="find-posts-input" name="ps" value="" /> 
    3164                 <input type="button" onclick="findPosts.send();" value="<?php _ea( 'Search' ); ?>" class="button" /><br /> 
     3164                <input type="button" onclick="findPosts.send();" value="<?php esc_attr_e( 'Search' ); ?>" class="button" /><br /> 
    31653165 
    31663166                <input type="radio" name="find-posts-what" id="find-posts-posts" checked="checked" value="posts" /> 
     
    31723172        </div> 
    31733173        <div class="find-box-buttons"> 
    3174             <input type="button" class="button alignleft" onclick="findPosts.close();" value="<?php _ea('Close'); ?>" /> 
    3175             <input id="find-posts-submit" type="submit" class="button-primary alignright" value="<?php _ea('Select'); ?>" /> 
     3174            <input type="button" class="button alignleft" onclick="findPosts.close();" value="<?php esc_attr_e('Close'); ?>" /> 
     3175            <input id="find-posts-submit" type="submit" class="button-primary alignright" value="<?php esc_attr_e('Select'); ?>" /> 
    31763176        </div> 
    31773177    </div> 
     
    31823182 * Display the post password. 
    31833183 * 
    3184  * The password is passed through {@link attr()} to ensure that it 
     3184 * The password is passed through {@link esc_attr()} to ensure that it 
    31853185 * is safe for placing in an html attribute. 
    31863186 * 
     
    31903190function the_post_password() { 
    31913191    global $post; 
    3192     if ( isset( $post->post_password ) ) echo attr( $post->post_password ); 
     3192    if ( isset( $post->post_password ) ) echo esc_attr( $post->post_password ); 
    31933193} 
    31943194 
     
    33133313 */ 
    33143314function _admin_search_query() { 
    3315     echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : ''; 
     3315    echo isset($_GET['s']) ? esc_attr( stripslashes( $_GET['s'] ) ) : ''; 
    33163316} 
    33173317 
     
    36443644    if ( !empty($per_page_label) ) 
    36453645        $return .= "<label for='$option'>$per_page_label</label> <input type='text' class='screen-per-page' name='wp_screen_options[value]' id='$option' maxlength='3' value='$per_page' />\n"; 
    3646     $return .= "<input type='submit' class='button' value='" . _a('Apply') . "' />"; 
    3647     $return .= "<input type='hidden' name='wp_screen_options[option]' value='" . attr($option) . "' />"; 
     3646    $return .= "<input type='submit' class='button' value='" . esc_attr__('Apply') . "' />"; 
     3647    $return .= "<input type='hidden' name='wp_screen_options[option]' value='" . esc_attr($option) . "' />"; 
    36483648    $return .= "</div>\n"; 
    36493649    return $return; 
  • trunk/wp-admin/includes/theme-install.php

    r11190 r11204  
    159159    <option value="tag" <?php selected('tag', $type) ?>><?php _e('Tag'); ?></option> 
    160160    </select> 
    161     <input type="text" name="s" size="30" value="<?php echo attr($term) ?>" /> 
    162     <input type="submit" name="search" value="<?php _ea('Search'); ?>" class="button" /> 
     161    <input type="text" name="s" size="30" value="<?php echo esc_attr($term) ?>" /> 
     162    <input type="submit" name="search" value="<?php esc_attr_e('Search'); ?>" class="button" /> 
    163163</form> 
    164164<?php 
     
    203203                $feature_name = $trans[$feature]; 
    204204            $feature_name = wp_specialchars( $feature_name ); 
    205             $feature = attr($feature); 
     205            $feature = esc_attr($feature); 
    206206?> 
    207207 
     
    219219</div> 
    220220<br class="clear" /> 
    221 <input type="submit" name="search" value="<?php _ea('Find Themes'); ?>" class="button" /> 
     221<input type="submit" name="search" value="<?php esc_attr_e('Find Themes'); ?>" class="button" /> 
    222222</form> 
    223223<?php 
     
    282282    <input type="file" name="themezip" /> 
    283283    <input type="submit" 
    284     class="button" value="<?php _ea('Install Now') ?>" /> 
     284    class="button" value="<?php esc_attr_e('Install Now') ?>" /> 
    285285</form> 
    286286    <?php 
     
    302302        $actions = array(); 
    303303        $actions[] = '<a href="' . admin_url('theme-install.php?tab=theme-information&amp;theme=' . $theme->slug . 
    304                                         '&amp;TB_iframe=true&amp;tbWidth=500&amp;tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attr(sprintf(__('Install &#8220;%s&#8221;'), $name)) . '">' . __('Install') . '</a>'; 
    305         $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>'; 
     304                                        '&amp;TB_iframe=true&amp;tbWidth=500&amp;tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . esc_attr(sprintf(__('Install &#8220;%s&#8221;'), $name)) . '">' . __('Install') . '</a>'; 
     305        $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>'; 
    306306        $actions = apply_filters('theme_install_action_links', $actions, $theme); 
    307307    } 
     
    311311<a class='thickbox thickbox-preview screenshot' 
    312312    href='<? echo clean_url($preview_link); ?>' 
    313     title='<?php echo attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)); ?>'> 
     313    title='<?php echo esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)); ?>'> 
    314314<img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' /> 
    315315</a> 
     
    332332<?php endif; ?> 
    333333<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $theme->num_ratings), number_format_i18n($theme->num_ratings)) ?>"> 
    334     <div class="star star-rating" style="width: <?php echo attr($theme->rating) ?>px"></div> 
     334    <div class="star star-rating" style="width: <?php echo esc_attr($theme->rating) ?>px"></div> 
    335335    <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> 
    336336    <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> 
  • trunk/wp-admin/includes/user.php

    r11190 r11204  
    367367function get_user_to_edit( $user_id ) { 
    368368    $user = new WP_User( $user_id ); 
    369     $user->user_login   = attr($user->user_login); 
    370     $user->user_email   = attr($user->user_email); 
     369    $user->user_login   = esc_attr($user->user_login); 
     370    $user->user_email   = esc_attr($user->user_email); 
    371371    $user->user_url     = clean_url($user->user_url); 
    372     $user->first_name   = attr($user->first_name); 
    373     $user->last_name    = attr($user->last_name); 
    374     $user->display_name = attr($user->display_name); 
    375     $user->nickname     = attr($user->nickname); 
    376     $user->aim          = isset( $user->aim ) && !empty( $user->aim ) ? attr($user->aim) : ''; 
    377     $user->yim          = isset( $user->yim ) && !empty( $user->yim ) ? attr($user->yim) : ''; 
    378     $user->jabber       = isset( $user->jabber ) && !empty( $user->jabber ) ? attr($user->jabber) : ''; 
     372    $user->first_name   = esc_attr($user->first_name); 
     373    $user->last_name    = esc_attr($user->last_name); 
     374    $user->display_name = esc_attr($user->display_name); 
     375    $user->nickname     = esc_attr($user->nickname); 
     376    $user->aim          = isset( $user->aim ) && !empty( $user->aim ) ? esc_attr($user->aim) : ''; 
     377    $user->yim          = isset( $user->yim ) && !empty( $user->yim ) ? esc_attr($user->yim) : ''; 
     378    $user->jabber       = isset( $user->jabber ) && !empty( $user->jabber ) ? esc_attr($user->jabber) : ''; 
    379379    $user->description  = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : ''; 
    380380 
  • trunk/wp-admin/includes/widgets.php

    r11177 r11204  
    184184        echo "\t\t<p>" . __('There are no options for this widget.') . "</p>\n"; ?> 
    185185 
    186     <input type="hidden" name="widget-id" class="widget-id" value="<?php echo attr($id_format); ?>" /> 
    187     <input type="hidden" name="id_base" class="id_base" value="<?php echo attr($id_base); ?>" /> 
    188     <input type="hidden" name="widget-width" class="widget-width" value="<?php echo attr($control['width']); ?>" /> 
    189     <input type="hidden" name="widget-height" class="widget-height" value="<?php echo attr($control['height']); ?>" /> 
    190     <input type="hidden" name="widget_number" class="widget_number" value="<?php echo attr($widget_number); ?>" /> 
    191     <input type="hidden" name="multi_number" class="multi_number" value="<?php echo attr($multi_number); ?>" /> 
    192     <input type="hidden" name="add_new" class="add_new" value="<?php echo attr($add_new); ?>" /> 
     186    <input type="hidden" name="widget-id" class="widget-id" value="<?php echo esc_attr($id_format); ?>" /> 
     187    <input type="hidden" name="id_base" class="id_base" value="<?php echo esc_attr($id_base); ?>" /> 
     188    <input type="hidden" name="widget-width" class="widget-width" value="<?php echo esc_attr($control['width']); ?>" /> 
     189    <input type="hidden" name="widget-height" class="widget-height" value="<?php echo esc_attr($control['height']); ?>" /> 
     190    <input type="hidden" name="widget_number" class="widget_number" value="<?php echo esc_attr($widget_number); ?>" /> 
     191    <input type="hidden" name="multi_number" class="multi_number" value="<?php echo esc_attr($multi_number); ?>" /> 
     192    <input type="hidden" name="add_new" class="add_new" value="<?php echo esc_attr($add_new); ?>" /> 
    193193 
    194194    <div class="widget-control-actions"> 
    195195        <a class="button widget-control-remove alignleft" href="<?php echo $edit ? clean_url( add_query_arg( array( 'remove' => $id_format, 'key' => $key, '_wpnonce' => $nonce ) ) ) : '#remove'; ?>"><?php _e('Remove'); ?></a> 
    196196<?php       if ( 'noform' !== $has_form ) { ?> 
    197         <input type="submit" name="savewidget" class="button-primary widget-control-save alignright" value="<?php _ea('Save'); ?>" /> 
     197        <input type="submit" name="savewidget" class="button-primary widget-control-save alignright" value="<?php esc_attr_e('Save'); ?>" /> 
    198198<?php       } ?> 
    199199        <br class="clear" /> 
  • trunk/wp-admin/install.php

    r11190 r11204  
    5858        <tr> 
    5959            <th scope="row"><label for="weblog_title"><?php _e('Blog Title'); ?></label></th> 
    60             <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? attr($_POST['weblog_title']) : '' ); ?>" /></td> 
     60            <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? esc_attr($_POST['weblog_title']) : '' ); ?>" /></td> 
    6161        </tr> 
    6262        <tr> 
    6363            <th scope="row"><label for="admin_email"><?php _e('Your E-mail'); ?></label></th> 
    64             <td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? attr($_POST['admin_email']) : '' ); ?>" /><br /> 
     64            <td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? esc_attr($_POST['admin_email']) : '' ); ?>" /><br /> 
    6565            <?php _e('Double-check your email address before continuing.'); ?> 
    6666        </tr> 
     
    6969        </tr> 
    7070    </table> 
    71     <p class="step"><input type="submit" name="Submit" value="<?php _ea('Install WordPress'); ?>" class="button" /></p> 
     71    <p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e('Install WordPress'); ?>" class="button" /></p> 
    7272</form> 
    7373<?php 
  • trunk/wp-admin/link-manager.php

    r11191 r11204  
    9191    <label class="invisible" for="link-search-input"><?php _e( 'Search Links' ); ?>:</label> 
    9292    <input type="text" id="link-search-input" name="s" value="<?php _admin_search_query(); ?>" /> 
    93     <input type="submit" value="<?php _ea( 'Search Links' ); ?>" class="button" /> 
     93    <input type="submit" value="<?php esc_attr_e( 'Search Links' ); ?>" class="button" /> 
    9494</p> 
    9595</form> 
     
    104104<option value="delete"><?php _e('Delete'); ?></option> 
    105105</select> 
    106 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     106<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    107107 
    108108<?php 
     
    111111$select_cat .= '<option value="all"'  . (($cat_id == 'all') ? " selected='selected'" : '') . '>' . __('View all Categories') . "</option>\n"; 
    112112foreach ((array) $categories as $cat) 
    113     $select_cat .= '<option value="' . attr($cat->term_id) . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n"; 
     113    $select_cat .= '<option value="' . esc_attr($cat->term_id) . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n"; 
    114114$select_cat .= "</select>\n"; 
    115115 
     
    125125 
    126126?> 
    127 <input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" /> 
     127<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" /> 
    128128 
    129129</div> 
     
    166166    foreach ($links as $link) { 
    167167        $link = sanitize_bookmark($link); 
    168         $link->link_name = attr($link->link_name); 
     168        $link->link_name = esc_attr($link->link_name); 
    169169        $link->link_category = wp_get_link_cats($link->link_id); 
    170170        $short_url = str_replace('http://', '', $link->link_url); 
     
    191191            switch($column_name) { 
    192192                case 'cb': 
    193                     echo '<th scope="row" class="check-column"><input type="checkbox" name="linkcheck[]" value="'. attr($link->link_id) .'" /></th>'; 
     193                    echo '<th scope="row" class="check-column"><input type="checkbox" name="linkcheck[]" value="'. esc_attr($link->link_id) .'" /></th>'; 
    194194                    break; 
    195195                case 'name': 
    196196 
    197                     echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit &#8220;%s&#8221;'), $link->link_name)) . "'>$link->link_name</a></strong><br />"; 
     197                    echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $link->link_name)) . "'>$link->link_name</a></strong><br />"; 
    198198                    $actions = array(); 
    199199                    $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
     
    262262<option value="delete"><?php _e('Delete'); ?></option> 
    263263</select> 
    264 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     264<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    265265</div> 
    266266 
  • trunk/wp-admin/load-scripts.php

    r11109 r11204  
    3636 * @ignore 
    3737 */ 
    38 function attr() {} 
     38function esc_attr() {} 
    3939 
    4040/** 
  • trunk/wp-admin/load-styles.php

    r11109 r11204  
    3636 * @ignore 
    3737 */ 
    38 function attr() {} 
     38function esc_attr() {} 
    3939 
    4040/** 
  • trunk/wp-admin/media-upload.php

    r11110 r11204  
    7979    <div id="media-items"> </div> 
    8080    <p> 
    81     <input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" /> 
     81    <input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" /> 
    8282    </p> 
    8383    </form> 
  • trunk/wp-admin/media.php

    r11110 r11204  
    9494 
    9595<p class="submit"> 
    96 <input type="submit" class="button-primary" name="save" value="<?php _ea('Update Media'); ?>" /> 
    97 <input type="hidden" name="post_id" id="post_id" value="<?php echo isset($post_id) ? attr($post_id) : ''; ?>" /> 
    98 <input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo attr($att_id); ?>" /> 
     96<input type="submit" class="button-primary" name="save" value="<?php esc_attr_e('Update Media'); ?>" /> 
     97<input type="hidden" name="post_id" id="post_id" value="<?php echo isset($post_id) ? esc_attr($post_id) : ''; ?>" /> 
     98<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($att_id); ?>" /> 
    9999<input type="hidden" name="action" value="editattachment" /> 
    100100<?php wp_original_referer_field(true, 'previous'); ?> 
  • trunk/wp-admin/menu.php

    r11113 r11204  
    4040            continue; 
    4141 
    42         $submenu['edit.php'][$i] = array( attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name ); 
     42        $submenu['edit.php'][$i] = array( esc_attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name ); 
    4343        ++$i; 
    4444    } 
  • trunk/wp-admin/options-discussion.php

    r11190 r11204  
    5555<label for="close_comments_for_old_posts"> 
    5656<input name="close_comments_for_old_posts" type="checkbox" id="close_comments_for_old_posts" value="1" <?php checked('1', get_option('close_comments_for_old_posts')); ?> /> 
    57 <?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attr(get_option('close_comments_days_old')) . '" class="small-text" />') ?> 
     57<?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . esc_attr(get_option('close_comments_days_old')) . '" class="small-text" />') ?> 
    5858<br /> 
    5959<label for="thread_comments"> 
     
    6565$thread_comments_depth = '</label><select name="thread_comments_depth" id="thread_comments_depth">'; 
    6666for ( $i = 1; $i <= $maxdeep; $i++ ) { 
    67     $thread_comments_depth .= "<option value='" . attr($i) . "'"; 
     67    $thread_comments_depth .= "<option value='" . esc_attr($i) . "'"; 
    6868    if ( get_option('thread_comments_depth') == $i ) $thread_comments_depth .= " selected='selected'"; 
    6969    $thread_comments_depth .= ">$i</option>"; 
     
    8484$default_comments_page .= '>' . __('first') . '</option></select>'; 
    8585 
    86 printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attr(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page ); 
     86printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . esc_attr(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page ); 
    8787 
    8888?></label> 
     
    126126<th scope="row"><?php _e('Comment Moderation') ?></th> 
    127127<td><fieldset><legend class="invisible"><?php _e('Comment Moderation') ?></legend> 
    128 <p><label for="comment_max_links"><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" value="' . attr(get_option('comment_max_links')) . '" class="small-text" />' ) ?></label></p> 
     128<p><label for="comment_max_links"><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" value="' . esc_attr(get_option('comment_max_links')) . '" class="small-text" />' ) ?></label></p> 
    129129 
    130130<p><label for="moderation_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the <a href="edit-comments.php?comment_status=moderated">moderation queue</a>. One word or IP per line. It will match inside words, so &#8220;press&#8221; will match &#8220;WordPress&#8221;.') ?></label></p> 
     
    160160    foreach ( $yesorno as $key => $value) { 
    161161        $selected = (get_option('show_avatars') == $key) ? 'checked="checked"' : ''; 
    162         echo "\n\t<label><input type='radio' name='show_avatars' value='" . attr($key) . "' $selected/> $value</label><br />"; 
     162        echo "\n\t<label><input type='radio' name='show_avatars' value='" . esc_attr($key) . "' $selected/> $value</label><br />"; 
    163163    } 
    164164?> 
     
    173173foreach ($ratings as $key => $rating) : 
    174174    $selected = (get_option('avatar_rating') == $key) ? 'checked="checked"' : ''; 
    175     echo "\n\t<label><input type='radio' name='avatar_rating' value='" . attr($key) . "' $selected/> $rating</label><br />"; 
     175    echo "\n\t<label><input type='radio' name='avatar_rating' value='" . esc_attr($key) . "' $selected/> $rating</label><br />"; 
    176176endforeach; 
    177177?> 
     
    202202foreach ( $avatar_defaults as $default_key => $default_name ) { 
    203203    $selected = ($default == $default_key) ? 'checked="checked" ' : ''; 
    204     $avatar_list .= "\n\t<label><input type='radio' name='avatar_default' id='avatar_{$default_key}' value='" . attr($default_key)  . "' {$selected}/> "; 
     204    $avatar_list .= "\n\t<label><input type='radio' name='avatar_default' id='avatar_{$default_key}' value='" . esc_attr($default_key)  . "' {$selected}/> "; 
    205205 
    206206    $avatar = get_avatar( $user_email, $size, $default_key ); 
     
    221221 
    222222<p class="submit"> 
    223 <input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     223<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    224224</p> 
    225225</form> 
  • trunk/wp-admin/options-general.php

    r11190 r11204  
    121121        $current_offset_name = $offset_name; 
    122122    } 
    123     echo "<option value=\"" . attr($offset) . "\"$selected>" . sprintf(__('UTC %s'), $offset_name) . '</option>'; 
     123    echo "<option value=\"" . esc_attr($offset) . "\"$selected>" . sprintf(__('UTC %s'), $offset_name) . '</option>'; 
    124124} 
    125125?> 
     
    211211 
    212212    foreach ( $date_formats as $format ) { 
    213         echo "\t<label title='" . attr($format) . "'><input type='radio' name='date_format' value='" . attr($format) . "'"; 
     213        echo "\t<label title='" . esc_attr($format) . "'><input type='radio' name='date_format' value='" . esc_attr($format) . "'"; 
    214214        if ( get_option('date_format') === $format ) { // checked() uses "==" rather than "===" 
    215215            echo " checked='checked'"; 
     
    221221    echo '  <label><input type="radio" name="date_format" id="date_format_custom_radio" value="\c\u\s\t\o\m"'; 
    222222    checked( $custom ); 
    223     echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attr( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n"; 
     223    echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . esc_attr( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n"; 
    224224 
    225225    echo "\t<p>" . __('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click &#8220;Save Changes&#8221; to update sample output.') . "</p>\n"; 
     
    243243 
    244244    foreach ( $time_formats as $format ) { 
    245         echo "\t<label title='" . attr($format) . "'><input type='radio' name='time_format' value='" . attr($format) . "'"; 
     245        echo "\t<label title='" . esc_attr($format) . "'><input type='radio' name='time_format' value='" . esc_attr($format) . "'"; 
    246246        if ( get_option('time_format') === $format ) { // checked() uses "==" rather than "===" 
    247247            echo " checked='checked'"; 
     
    253253    echo '  <label><input type="radio" name="time_format" id="time_format_custom_radio" value="\c\u\s\t\o\m"'; 
    254254    checked( $custom ); 
    255     echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attr( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n"; 
     255    echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . esc_attr( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n"; 
    256256?> 
    257257    </fieldset> 
     
    264264for ($day_index = 0; $day_index <= 6; $day_index++) : 
    265265    $selected = (get_option('start_of_week') == $day_index) ? 'selected="selected"' : ''; 
    266     echo "\n\t<option value='" . attr($day_index) . "' $selected>" . $wp_locale->get_weekday($day_index) . '</option>'; 
     266    echo "\n\t<option value='" . esc_attr($day_index) . "' $selected>" . $wp_locale->get_weekday($day_index) . '</option>'; 
    267267endfor; 
    268268?> 
     
    275275 
    276276<p class="submit"> 
    277 <input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     277<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    278278</p> 
    279279</form> 
  • trunk/wp-admin/options-media.php

    r11180 r11204  
    6666 
    6767<p class="submit"> 
    68     <input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     68    <input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    6969</p> 
    7070 
  • trunk/wp-admin/options-misc.php

    r11133 r11204  
    2828<tr valign="top"> 
    2929<th scope="row"><label for="upload_path"><?php _e('Store uploads in this folder'); ?></label></th> 
    30 <td><input name="upload_path" type="text" id="upload_path" value="<?php echo attr(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" /> 
     30<td><input name="upload_path" type="text" id="upload_path" value="<?php echo esc_attr(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" /> 
    3131<span class="description"><?php _e('Default is <code>wp-content/uploads</code>'); ?></span> 
    3232</td> 
     
    3535<tr valign="top"> 
    3636<th scope="row"><label for="upload_url_path"><?php _e('Full URL path to files'); ?></label></th> 
    37 <td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attr( get_option('upload_url_path')); ?>" class="regular-text code" /> 
     37<td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo esc_attr( get_option('upload_url_path')); ?>" class="regular-text code" /> 
    3838<span class="description"><?php _e('Configuring this is optional. By default, it should be blank.'); ?></span> 
    3939</td> 
     
    6868 
    6969<p class="submit"> 
    70     <input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     70    <input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    7171</p> 
    7272 
  • trunk/wp-admin/options-permalink.php

    r11110 r11204  
    152152    </tr> 
    153153    <tr> 
    154         <th><label><input name="selection" type="radio" value="<?php echo attr($structures[1]); ?>" class="tog" <?php checked($structures[1], $permalink_structure); ?> /> <?php _e('Day and name'); ?></label></th> 
     154        <th><label><input name="selection" type="radio" value="<?php echo esc_attr($structures[1]); ?>" class="tog" <?php checked($structures[1], $permalink_structure); ?> /> <?php _e('Day and name'); ?></label></th> 
    155155        <td><code><?php echo get_option('home') . $prefix . '/' . date('Y') . '/' . date('m') . '/' . date('d') . '/sample-post/'; ?></code></td> 
    156156    </tr> 
    157157    <tr> 
    158         <th><label><input name="selection" type="radio" value="<?php echo attr($structures[2]); ?>" class="tog" <?php checked($structures[2], $permalink_structure); ?> /> <?php _e('Month and name'); ?></label></th> 
     158        <th><label><input name="selection" type="radio" value="<?php echo esc_attr($structures[2]); ?>" class="tog" <?php checked($structures[2], $permalink_structure); ?> /> <?php _e('Month and name'); ?></label></th> 
    159159        <td><code><?php echo get_option('home') . $prefix . '/' . date('Y') . '/' . date('m') . '/sample-post/'; ?></code></td> 
    160160    </tr> 
    161161    <tr> 
    162         <th><label><input name="selection" type="radio" value="<?php echo attr($structures[3]); ?>" class="tog" <?php checked($structures[3], $permalink_structure); ?> /> <?php _e('Numeric'); ?></label></th> 
     162        <th><label><input name="selection" type="radio" value="<?php echo esc_attr($structures[3]); ?>" class="tog" <?php checked($structures[3], $permalink_structure); ?> /> <?php _e('Numeric'); ?></label></th> 
    163163        <td><code><?php echo get_option('home') . $prefix  ; ?>/archives/123</code></td> 
    164164    </tr> 
     
    174174        </th> 
    175175        <td> 
    176             <input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attr($permalink_structure); ?>" class="regular-text code" /> 
     176            <input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo esc_attr($permalink_structure); ?>" class="regular-text code" /> 
    177177        </td> 
    178178    </tr> 
     
    189189    <tr> 
    190190        <th><label for="category_base"><?php _e('Category base'); ?></label></th> 
    191         <td><input name="category_base" id="category_base" type="text" value="<?php echo attr($category_base); ?>" class="regular-text code" /></td> 
     191        <td><input name="category_base" id="category_base" type="text" value="<?php echo esc_attr($category_base); ?>" class="regular-text code" /></td> 
    192192    </tr> 
    193193    <tr> 
    194194        <th><label for="tag_base"><?php _e('Tag base'); ?></label></th> 
    195         <td><input name="tag_base" id="tag_base" type="text" value="<?php echo attr($tag_base); ?>" class="regular-text code" /></td> 
     195        <td><input name="tag_base" id="tag_base" type="text" value="<?php echo esc_attr($tag_base); ?>" class="regular-text code" /></td> 
    196196    </tr> 
    197197    <?php do_settings_fields('permalink', 'optional'); ?> 
     
    201201 
    202202<p class="submit"> 
    203     <input type="submit" name="submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     203    <input type="submit" name="submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    204204</p> 
    205205  </form> 
  • trunk/wp-admin/options-privacy.php

    r11180 r11204  
    4040 
    4141<p class="submit"> 
    42     <input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     42    <input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    4343</p> 
    4444</form> 
  • trunk/wp-admin/options-reading.php

    r11180 r11204  
    8181 
    8282<p class="submit"> 
    83     <input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     83    <input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    8484</p> 
    8585</form> 
  • trunk/wp-admin/options-writing.php

    r11190 r11204  
    128128 
    129129<p class="submit"> 
    130     <input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" /> 
     130    <input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" /> 
    131131</p> 
    132132</form> 
  • trunk/wp-admin/options.php

    r11110 r11204  
    100100foreach ( (array) $options as $option) : 
    101101    $disabled = ''; 
    102     $option->option_name = attr($option->option_name); 
     102    $option->option_name = esc_attr($option->option_name); 
    103103    if ( is_serialized($option->option_value) ) { 
    104104        if ( is_serialized_string($option->option_value) ) { 
     
    123123 
    124124    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>"; 
    125     else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attr($value) . "'$disabled />"; 
     125    else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . esc_attr($value) . "'$disabled />"; 
    126126 
    127127    echo "</td> 
     
    131131  </table> 
    132132<?php $options_to_update = implode(',', $options_to_update); ?> 
    133 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attr($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p> 
     133<p class="submit"><input type="hidden" name="page_options" value="<?php echo esc_attr($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p> 
    134134  </form> 
    135135</div> 
  • trunk/wp-admin/plugin-editor.php

    r11110 r11204  
    117117            $docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>'; 
    118118            foreach ( $functions as $function) { 
    119                 $docs_select .= '<option value="' . attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>'; 
     119                $docs_select .= '<option value="' . esc_attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>'; 
    120120            } 
    121121            $docs_select .= '</select>'; 
     
    133133    <?php 
    134134        if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $file) ) { ?> 
    135     <iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&amp;plugin=<?php echo attr($file); ?>&amp;_wpnonce=<?php echo attr($_GET['_error_nonce']); ?>"></iframe> 
     135    <iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&amp;plugin=<?php echo esc_attr($file); ?>&amp;_wpnonce=<?php echo esc_attr($_GET['_error_nonce']); ?>"></iframe> 
    136136    <?php } ?> 
    137137</div> 
     
    151151        else 
    152152            $selected = ''; 
    153         $plugin_name = attr($plugin_name); 
    154         $plugin_key = attr($plugin_key); 
     153        $plugin_name = esc_attr($plugin_name); 
     154        $plugin_key = esc_attr($plugin_key); 
    155155        echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>"; 
    156156    } 
    157157?> 
    158158        </select> 
    159         <input type="submit" name="Submit" value="<?php _ea('Select') ?>" class="button" /> 
     159        <input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" /> 
    160160    </form> 
    161161</div> 
     
    205205        <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea> 
    206206        <input type="hidden" name="action" value="update" /> 
    207         <input type="hidden" name="file" value="<?php echo attr($file) ?>" /> 
    208         <input type="hidden" name="plugin" value="<?php echo attr($plugin) ?>" /> 
     207        <input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" /> 
     208        <input type="hidden" name="plugin" value="<?php echo esc_attr($plugin) ?>" /> 
    209209        </div> 
    210210        <?php if ( count( $functions ) ) : ?> 
    211         <div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value="<?php _ea( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div> 
     211        <div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value="<?php esc_attr_e( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div> 
    212212        <?php endif; ?> 
    213213<?php if ( is_writeable($real_file) ) : ?> 
     
    218218    <?php 
    219219        if ( isset($_GET['phperror']) ) 
    220             echo "<input type='hidden' name='phperror' value='1' /><input type='submit' name='submit' class='button-primary' value='" . _a('Update File and Attempt to Reactivate') . "' tabindex='2' />"; 
    221         else 
    222             echo "<input type='submit' name='submit' class='button-primary' value='" . _a('Update File') . "' tabindex='2' />"; 
     220            echo "<input type='hidden' name='phperror' value='1' /><input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File and Attempt to Reactivate') . "' tabindex='2' />"; 
     221        else 
     222            echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />"; 
    223223    ?> 
    224224    </p> 
  • trunk/wp-admin/plugins.php

    r11180 r11204  
    140140                    <?php 
    141141                        foreach ( (array)$plugins as $plugin ) 
    142                             echo '<input type="hidden" name="checked[]" value="' . attr($plugin) . '" />'; 
     142                            echo '<input type="hidden" name="checked[]" value="' . esc_attr($plugin) . '" />'; 
    143143                    ?> 
    144144                    <?php wp_nonce_field('bulk-manage-plugins') ?> 
    145                     <input type="submit" name="submit" value="<?php _ea('Yes, Delete these files') ?>" class="button" /> 
     145                    <input type="submit" name="submit" value="<?php esc_attr_e('Yes, Delete these files') ?>" class="button" /> 
    146146                </form> 
    147147                <form method="post" action="<?php echo clean_url(wp_get_referer()); ?>" style="display:inline;"> 
    148                     <input type="submit" name="submit" value="<?php _ea('No, Return me to the plugin list') ?>" class="button" /> 
     148                    <input type="submit" name="submit" value="<?php esc_attr_e('No, Return me to the plugin list') ?>" class="button" /> 
    149149                </form> 
    150150 
     
    195195    <?php 
    196196        if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin) ) { ?> 
    197     <iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&amp;plugin=' . attr($plugin) . '&amp;_wpnonce=' . attr($_GET['_error_nonce'])); ?>"></iframe> 
     197    <iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&amp;plugin=' . esc_attr($plugin) . '&amp;_wpnonce=' . esc_attr($_GET['_error_nonce'])); ?>"></iframe> 
    198198    <?php 
    199199        } 
     
    370370        echo " 
    371371    <tr class='$class'> 
    372         <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attr($plugin_file) . "' /></th> 
     372        <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . esc_attr($plugin_file) . "' /></th> 
    373373        <td class='plugin-title'><strong>{$plugin_data['Title']}</strong>"; 
    374374        $i = 0; 
     
    414414    <?php endif; ?> 
    415415        </select> 
    416         <input type="submit" name="doaction_active" value="<?php _ea('Apply'); ?>" class="button-secondary action" /> 
     416        <input type="submit" name="doaction_active" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary action" /> 
    417417    <?php if( 'recent' == $context ) : ?> 
    418         <input type="submit" name="clear-recent-list" value="<?php _ea('Clear List') ?>" class="button-secondary" /> 
     418        <input type="submit" name="clear-recent-list" value="<?php esc_attr_e('Clear List') ?>" class="button-secondary" /> 
    419419    <?php endif; ?> 
    420420    </div> 
     
    427427    <label class="invisible" for="plugin-search-input"><?php _e( 'Search Plugins' ); ?>:</label> 
    428428    <input type="text" id="plugin-search-input" name="s" value="<?php _admin_search_query(); ?>" /> 
    429     <input type="submit" value="<?php _ea( 'Search Plugins' ); ?>" class="button" /> 
     429    <input type="submit" value="<?php esc_attr_e( 'Search Plugins' ); ?>" class="button" /> 
    430430</p> 
    431431</form> 
     
    433433<form method="post" action="<?php echo admin_url('plugins.php') ?>"> 
    434434<?php wp_nonce_field('bulk-manage-plugins') ?> 
    435 <input type="hidden" name="plugin_status" value="<?php echo attr($status) ?>" /> 
    436 <input type="hidden" name="paged" value="<?php echo attr($page) ?>" /> 
     435<input type="hidden" name="plugin_status" value="<?php echo esc_attr($status) ?>" /> 
     436<input type="hidden" name="paged" value="<?php echo esc_attr($page) ?>" /> 
    437437 
    438438<ul class="subsubsub"> 
  • trunk/wp-admin/press-this.php

    r11203 r11204  
    136136        <div class="titlediv"> 
    137137        <div class="titlewrap"> 
    138             <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/> 
    139         </div> 
    140         </div> 
    141  
    142         <p class="centered"><input type="hidden" name="this_photo" value="<?php echo attr($image); ?>" id="this_photo" /> 
    143             <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attr(__('Click to insert.')); ?>" title="<?php echo attr(__('Click to insert.')); ?>" /></a></p> 
     138            <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo esc_attr($title);?>"/> 
     139        </div> 
     140        </div> 
     141 
     142        <p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" /> 
     143            <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p> 
    144144 
    145145        <p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p> 
     
    169169        <div id="titlediv"> 
    170170            <div class="titlewrap"> 
    171             <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/> 
     171            <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo esc_attr($title);?>"/> 
    172172            </div> 
    173173        </div> 
     
    378378        switch(tab_name) { 
    379379            case 'video' : 
    380                 jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attr($selection); ?>'}, function() { 
     380                jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() { 
    381381                    <?php 
    382382                    $content = ''; 
    383383                    if ( preg_match("/youtube\.com\/watch/i", $url) ) { 
    384384                        list($domain, $video_id) = split("v=", $url); 
    385                         $video_id = attr($video_id); 
     385                        $video_id = esc_attr($video_id); 
    386386                        $content = '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/' . $video_id . '"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/' . $video_id . '" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>'; 
    387387 
    388388                    } elseif ( preg_match("/vimeo\.com\/[0-9]+/i", $url) ) { 
    389389                        list($domain, $video_id) = split(".com/", $url); 
    390                         $video_id = attr($video_id); 
     390                        $video_id = esc_attr($video_id); 
    391391                        $content = '<object width="400" height="225"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&amp;server=www.vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1" />  <embed src="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&amp;server=www.vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="225"></embed></object>'; 
    392392 
     
    458458                <div class="inside"> 
    459459                    <p> 
    460                         <input class="button" type="submit" name="draft" value="<?php _ea('Save Draft') ?>" id="save" /> 
     460                        <input class="button" type="submit" name="draft" value="<?php esc_attr_e('Save Draft') ?>" id="save" /> 
    461461                        <?php if ( current_user_can('publish_posts') ) { ?> 
    462                             <input class="button-primary" type="submit" name="publish" value="<?php _ea('Publish') ?>" id="publish" /> 
     462                            <input class="button-primary" type="submit" name="publish" value="<?php esc_attr_e('Publish') ?>" id="publish" /> 
    463463                        <?php } else { ?> 
    464                             <br /><br /><input class="button-primary" type="submit" name="review" value="<?php _ea('Submit for Review') ?>" id="review" /> 
     464                            <br /><br /><input class="button-primary" type="submit" name="review" value="<?php esc_attr_e('Submit for Review') ?>" id="review" /> 
    465465                        <?php } ?> 
    466466                        <img src="images/wpspin_light.gif" alt="" id="saving" style="display:none;" /> 
     
    482482                        <a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a> 
    483483                        <p id="category-add" class="wp-hidden-child"> 
    484                             <label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" tabindex="3" aria-required="true"/> 
     484                            <label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/> 
    485485                            <label class="invisible" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?> 
    486                             <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _ea( 'Add' ); ?>" tabindex="3" /> 
     486                            <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" /> 
    487487                            <?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?> 
    488488                            <span id="category-ajax-response"></span> 
     
    500500                            <input type="hidden" name="tax_input[post_tag]" class="the-tags" id="tax-input[post_tag]" value="" /> 
    501501                            <span class="ajaxtag" style="display:none;"> 
    502                                 <input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _ea('Add new tag'); ?>" /> 
    503                                 <input type="button" class="button tagadd" value="<?php _ea('Add'); ?>" tabindex="3" /> 
     502                                <input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" /> 
     503                                <input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" /> 
    504504                            </span> 
    505505                        </p> 
     
    519519        <div id="titlediv"> 
    520520            <div class="titlewrap"> 
    521                 <input name="title" id="title" class="text" value="<?php echo attr($title);?>"/> 
     521                <input name="title" id="title" class="text" value="<?php echo esc_attr($title);?>"/> 
    522522            </div> 
    523523        </div> 
  • trunk/wp-admin/sidebar.php

    r11110 r11204  
    8989<div> 
    9090<input type="hidden" name="action" value="post" /> 
    91 <input type="hidden" name="user_ID" value="<?php echo attr($user_ID) ?>" /> 
     91<input type="hidden" name="user_ID" value="<?php echo esc_attr($user_ID) ?>" /> 
    9292<input type="hidden" name="mode" value="sidebar" /> 
    93 <input type="hidden" name="ping_status" value="<?php echo attr($post->ping_status); ?>" /> 
    94 <input type="hidden" name="comment_status" value="<?php echo attr($post->comment_status); ?>" /> 
     93<input type="hidden" name="ping_status" value="<?php echo esc_attr($post->ping_status); ?>" /> 
     94<input type="hidden" name="comment_status" value="<?php echo esc_attr($post->comment_status); ?>" /> 
    9595<?php wp_nonce_field('add-post'); 
    9696 
     
    117117 
    118118<p> 
    119 <input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" accesskey="s" class="button" value="<?php _ea('Save as Draft'); ?>" /> 
     119<input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" accesskey="s" class="button" value="<?php esc_attr_e('Save as Draft'); ?>" /> 
    120120<?php if ( current_user_can('publish_posts') ) : ?> 
    121 <input name="publish" type="submit" id="publish" tabindex="6" accesskey="p" value="<?php _ea('Publish') ?>" class="button button-highlighted" /> 
     121<input name="publish" type="submit" id="publish" tabindex="6" accesskey="p" value="<?php esc_attr_e('Publish') ?>" class="button button-highlighted" /> 
    122122<?php endif; ?> 
    123123</p> 
  • trunk/wp-admin/theme-editor.php

    r11173 r11204  
    9595 
    9696            $docs_select = '<select name="docs-list" id="docs-list">'; 
    97             $docs_select .= '<option value="">' . _a( 'Function Name...' ) . '</option>'; 
     97            $docs_select .= '<option value="">' . esc_attr__( 'Function Name...' ) . '</option>'; 
    9898            foreach ( $functions as $function ) { 
    99                 $docs_select .= '<option value="' . attr( urlencode( $function ) ) . '">' . htmlspecialchars( $function ) . '()</option>'; 
     99                $docs_select .= '<option value="' . esc_attr( urlencode( $function ) ) . '">' . htmlspecialchars( $function ) . '()</option>'; 
    100100            } 
    101101            $docs_select .= '</select>'; 
     
    126126    if ($theme_name == $theme) $selected = " selected='selected'"; 
    127127    else $selected = ''; 
    128     $theme_name = attr($theme_name); 
     128    $theme_name = esc_attr($theme_name); 
    129129    echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>"; 
    130130} 
    131131?> 
    132132        </select> 
    133         <input type="submit" name="Submit" value="<?php _ea('Select') ?>" class="button" /> 
     133        <input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" /> 
    134134    </form> 
    135135</div> 
     
    200200         <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea> 
    201201         <input type="hidden" name="action" value="update" /> 
    202          <input type="hidden" name="file" value="<?php echo attr($file) ?>" /> 
    203          <input type="hidden" name="theme" value="<?php echo attr($theme) ?>" /> 
     202         <input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" /> 
     203         <input type="hidden" name="theme" value="<?php echo esc_attr($theme) ?>" /> 
    204204         </div> 
    205205    <?php if ( isset($functions ) && count($functions) ) { ?> 
     
    207207        <label for="docs-list"><?php _e('Documentation:') ?></label> 
    208208        <?php echo $docs_select; ?> 
    209         <input type="button" class="button" value=" <?php _ea( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /> 
     209        <input type="button" class="button" value=" <?php esc_attr_e( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /> 
    210210        </div> 
    211211    <?php } ?> 
     
    215215            <p class="submit"> 
    216216<?php 
    217     echo "<input type='submit' name='submit' class='button-primary' value='" . _a('Update File') . "' tabindex='2' />"; 
     217    echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />"; 
    218218?> 
    219219</p> 
  • trunk/wp-admin/themes.php

    r11190 r11204  
    189189    $preview_link = clean_url( get_option('home') . '/'); 
    190190    $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) ); 
    191     $preview_text = attr( sprintf( __('Preview of &#8220;%s&#8221;'), $title ) ); 
     191    $preview_text = esc_attr( sprintf( __('Preview of &#8220;%s&#8221;'), $title ) ); 
    192192    $tags = $themes[$theme_name]['Tags']; 
    193193    $thickbox_class = 'thickbox thickbox-preview'; 
    194194    $activate_link = wp_nonce_url("themes.php?action=activate&amp;template=".urlencode($template)."&amp;stylesheet=".urlencode($stylesheet), 'switch-theme_' . $template); 
    195     $activate_text = attr( sprintf( __('Activate &#8220;%s&#8221;'), $title ) ); 
     195    $activate_text = esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $title ) ); 
    196196    $actions = array(); 
    197197    $actions[] = '<a href="' . $activate_link .  '" class="activatelink" title="' . $activate_text . '">' . __('Activate') . '</a>'; 
    198     $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $theme_name)) . '">' . __('Preview') . '</a>'; 
     198    $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $theme_name)) . '">' . __('Preview') . '</a>'; 
    199199    if ( current_user_can('update_themes') ) 
    200200        $actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . js_escape(sprintf( __("You are about to delete this theme '%s'\n  'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>'; 
  • trunk/wp-admin/tools.php

    r11109 r11204  
    8585    <p><?php _e('Use Press This to clip text, images and videos from any web page. Then edit and add more straight from Press This before you save or publish it in a post on your blog.'); ?></p> 
    8686    <p><?php _e('Drag-and-drop the following link to your bookmarks bar or right click it and add it to your favorites for a posting shortcut.') ?></p> 
    87     <p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attr(__('Press This')) ?>"><?php _e('Press This') ?></a></p> 
     87    <p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo esc_attr(__('Press This')) ?>"><?php _e('Press This') ?></a></p> 
    8888</div> 
    8989<?php endif; ?> 
  • trunk/wp-admin/update-core.php

    r11110 r11204  
    4141    wp_nonce_field('upgrade-core'); 
    4242    echo '<p>'; 
    43     echo '<input id="upgrade" class="button" type="submit" value="' . attr($submit) . '" name="upgrade" />&nbsp;'; 
    44     echo '<input name="version" value="'. attr($update->current) .'" type="hidden"/>'; 
    45     echo '<input name="locale" value="'. attr($update->locale) .'" type="hidden"/>'; 
     43    echo '<input id="upgrade" class="button" type="submit" value="' . esc_attr($submit) . '" name="upgrade" />&nbsp;'; 
     44    echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>'; 
     45    echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>'; 
    4646    echo '<a href="' . clean_url($update->package) . '" class="button">' . $download . '</a>&nbsp;'; 
    4747    if ( 'en_US' != $update->locale ) 
    4848        if ( !isset( $update->dismissed ) || !$update->dismissed ) 
    49             echo '<input id="dismiss" class="button" type="submit" value="' . _a('Hide this update') . '" name="dismiss" />'; 
     49            echo '<input id="dismiss" class="button" type="submit" value="' . esc_attr__('Hide this update') . '" name="dismiss" />'; 
    5050        else 
    51             echo '<input id="undismiss" class="button" type="submit" value="' . _a('Bring back this update') . '" name="undismiss" />'; 
     51            echo '<input id="undismiss" class="button" type="submit" value="' . esc_attr__('Bring back this update') . '" name="undismiss" />'; 
    5252    echo '</p>'; 
    5353    echo '</form>'; 
  • trunk/wp-admin/upload.php

    r11190 r11204  
    212212    <label class="invisible" for="media-search-input"><?php _e( 'Search Media' ); ?>:</label> 
    213213    <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" /> 
    214     <input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" /> 
     214    <input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" /> 
    215215</p> 
    216216</form> 
     
    248248<?php } ?> 
    249249</select> 
    250 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     250<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    251251<?php wp_nonce_field('bulk-media'); ?> 
    252252 
     
    273273        $default = ''; 
    274274 
    275     echo "<option$default value='" . attr("$arc_row->yyear$arc_row->mmonth") . "'>"; 
     275    echo "<option$default value='" . esc_attr("$arc_row->yyear$arc_row->mmonth") . "'>"; 
    276276    echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear"; 
    277277    echo "</option>\n"; 
     
    281281<?php endif; // month_count ?> 
    282282 
    283 <input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" /> 
     283<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" /> 
    284284 
    285285<?php } // ! is_singular ?> 
    286286 
    287287<?php if ( isset($_GET['detached']) ) { ?> 
    288     <input type="submit" id="find_detached" name="find_detached" value="<?php _ea('Scan for lost attachments'); ?>" class="button-secondary" /> 
     288    <input type="submit" id="find_detached" name="find_detached" value="<?php esc_attr_e('Scan for lost attachments'); ?>" class="button-secondary" /> 
    289289<?php } ?> 
    290290 
     
    326326?> 
    327327    <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top"> 
    328         <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo attr($post->ID); ?>" /></th> 
     328        <th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /></th> 
    329329 
    330330        <td class="media-icon"><?php 
    331331        if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?> 
    332             <a href="media.php?action=edit&amp;attachment_id=<?php echo $post->ID; ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $thumb; ?></a> 
     332            <a href="media.php?action=edit&amp;attachment_id=<?php echo $post->ID; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $thumb; ?></a> 
    333333<?php   } ?></td> 
    334334 
    335         <td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br /> 
     335        <td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br /> 
    336336        <?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?> 
    337337 
     
    343343        if ( current_user_can('delete_post', $post->ID) ) 
    344344            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; 
    345         $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
     345        $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 
    346346        if ( current_user_can('edit_post', $post->ID) ) 
    347347            $actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>'; 
     
    404404<?php } ?> 
    405405</select> 
    406 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     406<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    407407</div> 
    408408 
  • trunk/wp-admin/user-edit.php

    r11180 r11204  
    216216    $current_color = 'fresh'; 
    217217foreach ( $_wp_admin_css_colors as $color => $color_info ): ?> 
    218 <div class="color-option"><input name="admin_color" id="admin_color_<?php echo $color; ?>" type="radio" value="<?php echo attr($color) ?>" class="tog" <?php checked($color, $current_color); ?> /> 
     218<div class="color-option"><input name="admin_color" id="admin_color_<?php echo $color; ?>" type="radio" value="<?php echo esc_attr($color) ?>" class="tog" <?php checked($color, $current_color); ?> /> 
    219219    <table class="color-palette"> 
    220220    <tr> 
     
    249249    <tr> 
    250250        <th><label for="user_login"><?php _e('Username'); ?></label></th> 
    251         <td><input type="text" name="user_login" id="user_login" value="<?php echo attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <?php _e('Your username cannot be changed.'); ?></td> 
     251        <td><input type="text" name="user_login" id="user_login" value="<?php echo esc_attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <?php _e('Your username cannot be changed.'); ?></td> 
    252252    </tr> 
    253253 
     
    275275<tr> 
    276276    <th><label for="first_name"><?php _e('First name') ?></label></th> 
    277     <td><input type="text" name="first_name" id="first_name" value="<?php echo attr($profileuser->first_name) ?>" class="regular-text" /></td> 
     277    <td><input type="text" name="first_name" id="first_name" value="<?php echo esc_attr($profileuser->first_name) ?>" class="regular-text" /></td> 
    278278</tr> 
    279279 
    280280<tr> 
    281281    <th><label for="last_name"><?php _e('Last name') ?></label></th> 
    282     <td><input type="text" name="last_name" id="last_name" value="<?php echo attr($profileuser->last_name) ?>" class="regular-text" /></td> 
     282    <td><input type="text" name="last_name" id="last_name" value="<?php echo esc_attr($profileuser->last_name) ?>" class="regular-text" /></td> 
    283283</tr> 
    284284 
    285285<tr> 
    286286    <th><label for="nickname"><?php _e('Nickname') ?></label></th> 
    287     <td><input type="text" name="nickname" id="nickname" value="<?php echo attr($profileuser->nickname) ?>" class="regular-text" /></td> 
     287    <td><input type="text" name="nickname" id="nickname" value="<?php echo esc_attr($profileuser->nickname) ?>" class="regular-text" /></td> 
    288288</tr> 
    289289 
     
    304304            foreach ( $public_display as $id => $item ) { 
    305305        ?> 
    306             <option id="<?php echo $id; ?>" value="<?php echo attr($item); ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option> 
     306            <option id="<?php echo $id; ?>" value="<?php echo esc_attr($item); ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option> 
    307307        <?php 
    308308            } 
     
    318318<tr> 
    319319    <th><label for="email"><?php _e('E-mail') ?></label></th> 
    320     <td><input type="text" name="email" id="email" value="<?php echo attr($profileuser->user_email) ?>" class="regular-text" /> <?php _e('Required.');?></td> 
     320    <td><input type="text" name="email" id="email" value="<?php echo esc_attr($profileuser->user_email) ?>" class="regular-text" /> <?php _e('Required.');?></td> 
    321321</tr> 
    322322 
    323323<tr> 
    324324    <th><label for="url"><?php _e('Website') ?></label></th> 
    325     <td><input type="text" name="url" id="url" value="<?php echo attr($profileuser->user_url) ?>" class="regular-text code" /></td> 
     325    <td><input type="text" name="url" id="url" value="<?php echo esc_attr($profileuser->user_url) ?>" class="regular-text code" /></td> 
    326326</tr> 
    327327 
    328328<tr> 
    329329    <th><label for="aim"><?php echo apply_filters('user_aim_label', __('AIM')); ?></label></th> 
    330     <td><input type="text" name="aim" id="aim" value="<?php echo attr($profileuser->aim) ?>" class="regular-text" /></td> 
     330    <td><input type="text" name="aim" id="aim" value="<?php echo esc_attr($profileuser->aim) ?>" class="regular-text" /></td> 
    331331</tr> 
    332332 
    333333<tr> 
    334334    <th><label for="yim"><?php echo apply_filters('user_yim_label', __('Yahoo IM')); ?></label></th> 
    335     <td><input type="text" name="yim" id="yim" value="<?php echo attr($profileuser->yim) ?>" class="regular-text" /></td> 
     335    <td><input type="text" name="yim" id="yim" value="<?php echo esc_attr($profileuser->yim) ?>" class="regular-text" /></td> 
    336336</tr> 
    337337 
    338338<tr> 
    339339    <th><label for="jabber"><?php echo apply_filters('user_jabber_label', __('Jabber / Google Talk')); ?></label></th> 
    340     <td><input type="text" name="jabber" id="jabber" value="<?php echo attr($profileuser->jabber) ?>" class="regular-text" /></td> 
     340    <td><input type="text" name="jabber" id="jabber" value="<?php echo esc_attr($profileuser->jabber) ?>" class="regular-text" /></td> 
    341341</tr> 
    342342</table> 
     
    396396<p class="submit"> 
    397397    <input type="hidden" name="action" value="update" /> 
    398     <input type="hidden" name="user_id" id="user_id" value="<?php echo attr($user_id); ?>" /> 
    399     <input type="submit" class="button-primary" value="<?php $is_profile_page? _ea('Update Profile') : _ea('Update User') ?>" name="submit" /> 
     398    <input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr($user_id); ?>" /> 
     399    <input type="submit" class="button-primary" value="<?php $is_profile_page? esc_attr_e('Update Profile') : esc_attr_e('Update User') ?>" name="submit" /> 
    400400</p> 
    401401</form> 
  • trunk/wp-admin/user-new.php

    r11110 r11204  
    9292    <tr class="form-field form-required"> 
    9393        <th scope="row"><label for="user_login"><?php _e('Username (required)') ?></label><input name="action" type="hidden" id="action" value="adduser" /></th> 
    94         <td ><input name="user_login" type="text" id="user_login" value="<?php echo attr($new_user_login); ?>" aria-required="true" /></td> 
     94        <td ><input name="user_login" type="text" id="user_login" value="<?php echo esc_attr($new_user_login); ?>" aria-required="true" /></td> 
    9595    </tr> 
    9696    <tr class="form-field"> 
    9797        <th scope="row"><label for="first_name"><?php _e('First Name') ?> </label></th> 
    98         <td><input name="first_name" type="text" id="first_name" value="<?php echo attr($new_user_firstname); ?>" /></td> 
     98        <td><input name="first_name" type="text" id="first_name" value="<?php echo esc_attr($new_user_firstname); ?>" /></td> 
    9999    </tr> 
    100100    <tr class="form-field"> 
    101101        <th scope="row"><label for="last_name"><?php _e('Last Name') ?> </label></th> 
    102         <td><input name="last_name" type="text" id="last_name" value="<?php echo attr($new_user_lastname); ?>" /></td> 
     102        <td><input name="last_name" type="text" id="last_name" value="<?php echo esc_attr($new_user_lastname); ?>" /></td> 
    103103    </tr> 
    104104    <tr class="form-field form-required"> 
    105105        <th scope="row"><label for="email"><?php _e('E-mail (required)') ?></label></th> 
    106         <td><input name="email" type="text" id="email" value="<?php echo attr($new_user_email); ?>" /></td> 
     106        <td><input name="email" type="text" id="email" value="<?php echo esc_attr($new_user_email); ?>" /></td> 
    107107    </tr> 
    108108    <tr class="form-field"> 
    109109        <th scope="row"><label for="url"><?php _e('Website') ?></label></th> 
    110         <td><input name="url" type="text" id="url" class="code" value="<?php echo attr($new_user_uri); ?>" /></td> 
     110        <td><input name="url" type="text" id="url" class="code" value="<?php echo esc_attr($new_user_uri); ?>" /></td> 
    111111    </tr> 
    112112 
     
    133133</table> 
    134134<p class="submit"> 
    135     <input name="adduser" type="submit" id="addusersub" class="button-primary" value="<?php _ea('Add User') ?>" /> 
     135    <input name="adduser" type="submit" id="addusersub" class="button-primary" value="<?php esc_attr_e('Add User') ?>" /> 
    136136</p> 
    137137</form> 
  • trunk/wp-admin/users.php

    r11190 r11204  
    2929 
    3030if ( empty($_REQUEST) ) { 
    31     $referer = '<input type="hidden" name="wp_http_referer" value="'. attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 
     31    $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 
    3232} elseif ( isset($_REQUEST['wp_http_referer']) ) { 
    3333    $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); 
    34     $referer = '<input type="hidden" name="wp_http_referer" value="' . attr($redirect) . '" />'; 
     34    $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />'; 
    3535} else { 
    3636    $redirect = 'users.php'; 
     
    150150            echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; 
    151151        } else { 
    152             echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 
     152            echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 
    153153            $go_delete = true; 
    154154        } 
     
    158158    foreach ( (array) $all_logins as $login ) 
    159159        if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) ) 
    160             $user_dropdown .= "<option value=\"" . attr($login->ID) . "\">{$login->user_login}</option>"; 
     160            $user_dropdown .= "<option value=\"" . esc_attr($login->ID) . "\">{$login->user_login}</option>"; 
    161161    $user_dropdown .= '</select>'; 
    162162    ?> 
     
    171171    </ul></fieldset> 
    172172    <input type="hidden" name="action" value="dodelete" /> 
    173     <p class="submit"><input type="submit" name="submit" value="<?php _ea('Confirm Deletion'); ?>" class="button-secondary" /></p> 
     173    <p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Deletion'); ?>" class="button-secondary" /></p> 
    174174<?php else : ?> 
    175175    <p><?php _e('There are no valid users selected for deletion.'); ?></p> 
     
    292292<p class="search-box"> 
    293293    <label class="invisible" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label> 
    294     <input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" /> 
    295     <input type="submit" value="<?php _ea( 'Search Users' ); ?>" class="button" /> 
     294    <input type="text" id="user-search-input" name="usersearch" value="<?php echo esc_attr($wp_user_search->search_term); ?>" /> 
     295    <input type="submit" value="<?php esc_attr_e( 'Search Users' ); ?>" class="button" /> 
    296296</p> 
    297297</form> 
     
    309309<option value="delete"><?php _e('Delete'); ?></option> 
    310310</select> 
    311 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     311<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
    312312<label class="invisible" for="new_role"><?php _e('Change role to&hellip;') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to&hellip;') ?></option><?php wp_dropdown_roles(); ?></select> 
    313 <input type="submit" value="<?php _ea('Change'); ?>" name="changeit" class="button-secondary" /> 
     313<input type="submit" value="<?php esc_attr_e('Change'); ?>" name="changeit" class="button-secondary" /> 
    314314<?php wp_nonce_field('bulk-users'); ?> 
    315315</div> 
     
    375375<option value="delete"><?php _e('Delete'); ?></option> 
    376376</select> 
    377 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
     377<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    378378</div> 
    379379 
     
    389389    foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { 
    390390        $var = 'new_' . $var; 
    391         $$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : ''; 
     391        $$var = isset($_REQUEST[$formpost]) ? esc_attr(stripslashes($_REQUEST[$formpost])) : ''; 
    392392    } 
    393393    unset($name); 
  • trunk/wp-admin/widgets.php

    r11203 r11204  
    272272        <table class="widefat"><thead><tr><th><?php _e('Sidebar'); ?></th><th><?php _e('Position'); ?></th></tr></thead><tbody> 
    273273<?php   foreach ( $wp_registered_sidebars as $sbname => $sbvalue ) { 
    274             echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='" . attr($sbname) . "'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>"; 
     274            echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='" . esc_attr($sbname) . "'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>"; 
    275275            if ( 'wp_inactive_widgets' == $sbname ) { 
    276276                echo '&nbsp;'; 
     
    302302        <a href="widgets.php" class="button alignleft"><?php _e('Cancel'); ?></a> 
    303303<?php   } else { ?> 
    304         <input type="submit" name="removewidget" class="button alignleft" value="<?php _ea('Remove'); ?>" /> 
     304        <input type="submit" name="removewidget" class="button alignleft" value="<?php esc_attr_e('Remove'); ?>" /> 
    305305<?php   } ?> 
    306         <input type="submit" name="savewidget" class="button-primary alignright" value="<?php _ea('Save Widget'); ?>" /> 
    307         <input type="hidden" name="widget-id" class="widget-id" value="<?php echo attr($widget_id); ?>" /> 
    308         <input type="hidden" name="id_base" class="id_base" value="<?php echo attr($id_base); ?>" /> 
    309         <input type="hidden" name="multi_number" class="multi_number" value="<?php echo attr($multi_number); ?>" /> 
     306        <input type="submit" name="savewidget" class="button-primary alignright" value="<?php esc_attr_e('Save Widget'); ?>" /> 
     307        <input type="hidden" name="widget-id" class="widget-id" value="<?php echo esc_attr($widget_id); ?>" /> 
     308        <input type="hidden" name="id_base" class="id_base" value="<?php echo esc_attr($id_base); ?>" /> 
     309        <input type="hidden" name="multi_number" class="multi_number" value="<?php echo esc_attr($multi_number); ?>" /> 
    310310<?php   wp_nonce_field("save-delete-widget-$widget_id"); ?> 
    311311        <br class="clear" /> 
  • trunk/wp-app.php

    r11109 r11204  
    353353            $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 
    354354 
    355         $entries_url = attr($this->get_entries_url()); 
    356         $categories_url = attr($this->get_categories_url()); 
    357         $media_url = attr($this->get_attachments_url()); 
     355        $entries_url = esc_attr($this->get_entries_url()); 
     356        $categories_url = esc_attr($this->get_categories_url()); 
     357        $media_url = esc_attr($this->get_attachments_url()); 
    358358        foreach ($this->media_content_types as $med) { 
    359359            $accepted_media_types = $accepted_media_types . "<accept>" . $med . "</accept>"; 
     
    393393            $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 
    394394 
    395         $home = attr(get_bloginfo_rss('home')); 
     395        $home = esc_attr(get_bloginfo_rss('home')); 
    396396 
    397397        $categories = ""; 
    398398        $cats = get_categories("hierarchical=0&hide_empty=0"); 
    399399        foreach ((array) $cats as $cat) { 
    400             $categories .= "    <category term=\"" . attr($cat->name) .  "\" />\n"; 
     400            $categories .= "    <category term=\"" . esc_attr($cat->name) .  "\" />\n"; 
    401401} 
    402402        $output = <<<EOD 
     
    13331333 
    13341334        log_app('Status','302: Redirect'); 
    1335         $escaped_url = attr($url); 
     1335        $escaped_url = esc_attr($url); 
    13361336        $content = <<<EOD 
    13371337<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
  • trunk/wp-content/themes/classic/comments-popup.php

    r11173 r11204  
    6565<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform"> 
    6666<?php if ( is_user_logged_in() ) : ?> 
    67 <p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attr(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p> 
     67<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo esc_attr(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p> 
    6868<?php else : ?> 
    6969    <p> 
    70       <input type="text" name="author" id="author" class="textarea" value="<?php echo attr($comment_author); ?>" size="28" tabindex="1" /> 
     70      <input type="text" name="author" id="author" class="textarea" value="<?php echo esc_attr($comment_author); ?>" size="28" tabindex="1" /> 
    7171       <label for="author"><?php _e("Name"); ?></label> 
    7272    </p> 
    7373 
    7474    <p> 
    75       <input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="28" tabindex="2" /> 
     75      <input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="28" tabindex="2" /> 
    7676       <label for="email"><?php _e("E-mail"); ?></label> 
    7777    </p> 
    7878 
    7979    <p> 
    80       <input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="28" tabindex="3" /> 
     80      <input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="28" tabindex="3" /> 
    8181       <label for="url"><?php _e("<abbr title=\"Universal Resource Locator\">URL</abbr>"); ?></label> 
    8282    </p> 
     
    9191    <p> 
    9292      <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 
    93       <input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" /> 
    94       <input name="submit" type="submit" tabindex="5" value="<?php _ea("Say It!"); ?>" /> 
     93      <input type="hidden" name="redirect_to" value="<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?>" /> 
     94      <input name="submit" type="submit" tabindex="5" value="<?php esc_attr_e("Say It!"); ?>" /> 
    9595    </p> 
    9696    <?php do_action('comment_form', $post->ID); ?> 
  • trunk/wp-content/themes/classic/comments.php

    r11173 r11204  
    5454<?php else : ?> 
    5555 
    56 <p><input type="text" name="author" id="author" value="<?php echo attr($comment_author); ?>" size="22" tabindex="1" /> 
     56<p><input type="text" name="author" id="author" value="<?php echo esc_attr($comment_author); ?>" size="22" tabindex="1" /> 
    5757<label for="author"><small><?php _e('Name'); ?> <?php if ($req) _e('(required)'); ?></small></label></p> 
    5858 
    59 <p><input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="22" tabindex="2" /> 
     59<p><input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="22" tabindex="2" /> 
    6060<label for="email"><small><?php _e('Mail (will not be published)');?> <?php if ($req) _e('(required)'); ?></small></label></p> 
    6161 
    62 <p><input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="22" tabindex="3" /> 
     62<p><input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="22" tabindex="3" /> 
    6363<label for="url"><small><?php _e('Website'); ?></small></label></p> 
    6464 
     
    6969<p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p> 
    7070 
    71 <p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php _ea('Submit Comment'); ?>" /> 
     71<p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php esc_attr_e('Submit Comment'); ?>" /> 
    7272<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 
    7373</p> 
  • trunk/wp-content/themes/classic/sidebar.php

    r11173 r11204  
    1919    <div> 
    2020        <input type="text" name="s" id="s" size="15" /><br /> 
    21         <input type="submit" value="<?php _ea('Search'); ?>" /> 
     21        <input type="submit" value="<?php esc_attr_e('Search'); ?>" /> 
    2222    </div> 
    2323    </form> 
  • trunk/wp-content/themes/default/comments-popup.php

    r11173 r11204  
    6767<?php else : ?> 
    6868    <p> 
    69       <input type="text" name="author" id="author" class="textarea" value="<?php echo attr($comment_author); ?>" size="28" tabindex="1" /> 
     69      <input type="text" name="author" id="author" class="textarea" value="<?php echo esc_attr($comment_author); ?>" size="28" tabindex="1" /> 
    7070       <label for="author">Name</label> 
    7171    </p> 
    7272 
    7373    <p> 
    74       <input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="28" tabindex="2" /> 
     74      <input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="28" tabindex="2" /> 
    7575       <label for="email">E-mail</label> 
    7676    </p> 
    7777 
    7878    <p> 
    79       <input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="28" tabindex="3" /> 
     79      <input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="28" tabindex="3" /> 
    8080       <label for="url"><abbr title="Universal Resource Locator">URL</abbr></label> 
    8181    </p> 
     
    9090    <p> 
    9191      <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 
    92       <input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" /> 
     92      <input type="hidden" name="redirect_to" value="<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?>" /> 
    9393      <input name="submit" type="submit" tabindex="5" value="Say It!" /> 
    9494    </p> 
  • trunk/wp-content/themes/default/comments.php

    r11173 r11204  
    6969<?php else : ?> 
    7070 
    71 <p><input type="text" name="author" id="author" value="<?php echo attr($comment_author); ?>" size="22" tabindex="1" <?php if ($req) echo "aria-required='true'"; ?> /> 
     71<p><input type="text" name="author" id="author" value="<?php echo esc_attr($comment_author); ?>" size="22" tabindex="1" <?php if ($req) echo "aria-required='true'"; ?> /> 
    7272<label for="author"><small>Name <?php if ($req) echo "(required)"; ?></small></label></p> 
    7373 
    74 <p><input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="22" tabindex="2" <?php if ($req) echo "aria-required='true'"; ?> /> 
     74<p><input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="22" tabindex="2" <?php if ($req) echo "aria-required='true'"; ?> /> 
    7575<label for="email"><small>Mail (will not be published) <?php if ($req) echo "(required)"; ?></small></label></p> 
    7676 
    77 <p><input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="22" tabindex="3" /> 
     77<p><input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="22" tabindex="3" /> 
    7878<label for="url"><small>Website</small></label></p> 
    7979 
  • trunk/wp-content/themes/default/functions.php

    r11173 r11204  
    167167    } 
    168168    function PopupWindow_populate(contents) { 
    169         contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php _ea('Close Color Picker'); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>'; 
     169        contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php esc_attr_e('Close Color Picker'); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>'; 
    170170        this.contents = contents; 
    171171        this.populated = false; 
     
    381381            <form method="post" action=""> 
    382382                <?php wp_nonce_field('kubrick-header'); ?> 
    383                 <div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php _ea('Save'); ?>" /></div> 
    384                     <label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attr(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br /> 
    385                     <label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attr(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br /> 
    386                 <label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attr(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br /> 
    387                 <input type="hidden" name="hi" id="hi" value="<?php echo attr(kubrick_header_image()); ?>" /> 
    388                 <input type="submit" name="toggledisplay" id="toggledisplay" value="<?php _ea('Toggle Text'); ?>" /> 
    389                 <input type="submit" name="defaults" value="<?php _ea('Use Defaults'); ?>" /> 
    390                 <input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;<?php _ea('Save'); ?>&nbsp;&nbsp;" /> 
     383                <div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php esc_attr_e('Save'); ?>" /></div> 
     384                    <label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo esc_attr(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br /> 
     385                    <label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo esc_attr(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br /> 
     386                <label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo esc_attr(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br /> 
     387                <input type="hidden" name="hi" id="hi" value="<?php echo esc_attr(kubrick_header_image()); ?>" /> 
     388                <input type="submit" name="toggledisplay" id="toggledisplay" value="<?php esc_attr_e('Toggle Text'); ?>" /> 
     389                <input type="submit" name="defaults" value="<?php esc_attr_e('Use Defaults'); ?>" /> 
     390                <input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;<?php esc_attr_e('Save'); ?>&nbsp;&nbsp;" /> 
    391391                <input type="hidden" name="action" value="save" /> 
    392392                <input type="hidden" name="njform" value="true" /> 
     
    394394        </div> 
    395395        <div id="jsForm"> 
    396             <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attr($_SERVER['REQUEST_URI']); ?>"> 
     396            <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo esc_attr($_SERVER['REQUEST_URI']); ?>"> 
    397397                <?php wp_nonce_field('kubrick-header'); ?> 
    398     <input type="button"  class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php _ea('Font Color'); ?>"></input> 
    399         <input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php _ea('Upper Color'); ?>"></input> 
    400         <input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php _ea('Lower Color'); ?>"></input> 
    401                 <input type="button" class="button-secondary" name="revert" value="<?php _ea('Revert'); ?>" onclick="kRevert()" /> 
    402                 <input type="button" class="button-secondary" value="<?php _ea('Advanced'); ?>" onclick="toggleAdvanced()" /> 
     398    <input type="button"  class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php esc_attr_e('Font Color'); ?>"></input> 
     399        <input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php esc_attr_e('Upper Color'); ?>"></input> 
     400        <input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php esc_attr_e('Lower Color'); ?>"></input> 
     401                <input type="button" class="button-secondary" name="revert" value="<?php esc_attr_e('Revert'); ?>" onclick="kRevert()" /> 
     402                <input type="button" class="button-secondary" value="<?php esc_attr_e('Advanced'); ?>" onclick="toggleAdvanced()" /> 
    403403                <input type="hidden" name="action" value="save" /> 
    404                 <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attr(kubrick_header_display()); ?>" /> 
    405                 <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attr(kubrick_header_color()); ?>" /> 
    406                 <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attr(kubrick_upper_color()); ?>" /> 
    407                 <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attr(kubrick_lower_color()); ?>" /> 
    408                 <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attr(kubrick_header_image()); ?>" /> 
    409                 <p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php _ea('Update Header'); ?>" onclick="cp.hidePopup('prettyplease')" /></p> 
     404                <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo esc_attr(kubrick_header_display()); ?>" /> 
     405                <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo esc_attr(kubrick_header_color()); ?>" /> 
     406                <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo esc_attr(kubrick_upper_color()); ?>" /> 
     407                <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo esc_attr(kubrick_lower_color()); ?>" /> 
     408                <input type="hidden" name="headerimage" id="headerimage" value="<?php echo esc_attr(kubrick_header_image()); ?>" /> 
     409                <p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php esc_attr_e('Update Header'); ?>" onclick="cp.hidePopup('prettyplease')" /></p> 
    410410            </form> 
    411411            <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div> 
     
    413413                <form id="jsAdvanced" style="display:none;" action=""> 
    414414                    <?php wp_nonce_field('kubrick-header'); ?> 
    415                     <label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attr(kubrick_header_color()); ?>" /><br /> 
    416                     <label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attr(kubrick_upper_color()); ?>" /><br /> 
    417                     <label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attr(kubrick_lower_color()); ?>" /><br /> 
    418                     <input type="button" class="button-secondary" name="default" value="<?php _ea('Select Default Colors'); ?>" onclick="kDefaults()" /><br /> 
    419                     <input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php _ea('Toggle Text Display'); ?>"></input><br /> 
     415                    <label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo esc_attr(kubrick_header_color()); ?>" /><br /> 
     416                    <label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo esc_attr(kubrick_upper_color()); ?>" /><br /> 
     417                    <label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo esc_attr(kubrick_lower_color()); ?>" /><br /> 
     418                    <input type="button" class="button-secondary" name="default" value="<?php esc_attr_e('Select Default Colors'); ?>" onclick="kDefaults()" /><br /> 
     419                    <input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php esc_attr_e('Toggle Text Display'); ?>"></input><br /> 
    420420                </form> 
    421421            </div> 
  • trunk/wp-includes/author-template.php

    r11190 r11204  
    182182        '<a href="%1$s" title="%2$s">%3$s</a>', 
    183183        get_author_posts_url( $authordata->ID, $authordata->user_nicename ), 
    184         sprintf( __( 'Posts by %s' ), attr( get_the_author() ) ), 
     184        sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ), 
    185185        get_the_author() 
    186186    ); 
     
    293293                $link = $name; 
    294294        } else { 
    295             $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attr($author->display_name)) . '">' . $name . '</a>'; 
     295            $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>'; 
    296296 
    297297            if ( (! empty($feed_image)) || (! empty($feed)) ) { 
  • trunk/wp-includes/bookmark-template.php

    r11184 r11204  
    7373            $the_link = clean_url($bookmark->link_url); 
    7474 
    75         $desc = attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display')); 
    76         $name = attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display')); 
     75        $desc = esc_attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display')); 
     76        $name = esc_attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display')); 
    7777        $title = $desc; 
    7878 
  • trunk/wp-includes/bookmark.php

    r11109 r11204  
    346346            $value = format_to_edit($value); 
    347347        } else { 
    348             $value = attr($value); 
     348            $value = esc_attr($value); 
    349349        } 
    350350    } else if ( 'db' == $context ) { 
     
    356356 
    357357    if ( 'attribute' == $context ) 
    358         $value = attr($value); 
     358        $value = esc_attr($value); 
    359359    else if ( 'js' == $context ) 
    360360        $value = js_escape($value); 
  • trunk/wp-includes/category-template.php

    r11158 r11204  
    663663        $tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key; 
    664664        $tag_name = $tags[ $key ]->name; 
    665         $a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " . 
     665        $a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . esc_attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " . 
    666666            ( $smallest + ( ( $count - $min_count ) * $font_step ) ) 
    667667            . "$unit;'>$tag_name</a>"; 
  • trunk/wp-includes/class.wp-styles.php

    r11109 r11204  
    4949 
    5050        if ( isset($this->registered[$handle]->args) ) 
    51             $media = attr( $this->registered[$handle]->args ); 
     51            $media = esc_attr( $this->registered[$handle]->args ); 
    5252        else 
    5353            $media = 'all'; 
     
    5555        $href = $this->_css_href( $this->registered[$handle]->src, $ver, $handle ); 
    5656        $rel = isset($this->registered[$handle]->extra['alt']) && $this->registered[$handle]->extra['alt'] ? 'alternate stylesheet' : 'stylesheet'; 
    57         $title = isset($this->registered[$handle]->extra['title']) ? "title='" . attr( $this->registered[$handle]->extra['title'] ) . "'" : ''; 
     57        $title = isset($this->registered[$handle]->extra['title']) ? "title='" . esc_attr( $this->registered[$handle]->extra['title'] ) . "'" : ''; 
    5858 
    5959        $end_cond = $tag = ''; 
  • trunk/wp-includes/classes.php

    r11141 r11204  
    11881188        $css_class = implode(' ', apply_filters('page_css_class', $css_class, $page)); 
    11891189 
    1190         $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>'; 
     1190        $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . esc_attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>'; 
    11911191 
    11921192        if ( !empty($show_date) ) { 
     
    13261326        extract($args); 
    13271327 
    1328         $cat_name = attr( $category->name); 
     1328        $cat_name = esc_attr( $category->name); 
    13291329        $cat_name = apply_filters( 'list_cats', $cat_name, $category ); 
    13301330        $link = '<a href="' . get_category_link( $category->term_id ) . '" '; 
     
    13321332            $link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"'; 
    13331333        else 
    1334             $link .= 'title="' . attr( apply_filters( 'category_description', $category->description, $category )) . '"'; 
     1334            $link .= 'title="' . esc_attr( apply_filters( 'category_description', $category->description, $category )) . '"'; 
    13351335        $link .= '>'; 
    13361336        $link .= $cat_name . '</a>'; 
  • trunk/wp-includes/comment-template.php

    r11109 r11204  
    946946        echo ' class="'.$css_class.'" '; 
    947947    } 
    948     $title = attr( get_the_title() ); 
     948    $title = esc_attr( get_the_title() ); 
    949949 
    950950    echo apply_filters( 'comments_popup_link_attributes', '' ); 
  • trunk/wp-includes/comment.php

    r11190 r11204  
    372372        $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 
    373373        $comment_author = stripslashes($comment_author); 
    374         $comment_author = attr($comment_author); 
     374        $comment_author = esc_attr($comment_author); 
    375375        $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; 
    376376    } 
     
    379379        $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 
    380380        $comment_author_email = stripslashes($comment_author_email); 
    381         $comment_author_email = attr($comment_author_email); 
     381        $comment_author_email = esc_attr($comment_author_email); 
    382382        $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; 
    383383    } 
  • trunk/wp-includes/default-widgets.php

    r11199 r11204  
    6262        //Defaults 
    6363        $instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') ); 
    64         $title = attr( $instance['title'] ); 
    65         $exclude = attr( $instance['exclude'] ); 
     64        $title = esc_attr( $instance['title'] ); 
     65        $exclude = esc_attr( $instance['exclude'] ); 
    6666    ?> 
    6767        <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></label></p> 
     
    213213        if ( $d ) { 
    214214?> 
    215         <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select> 
     215        <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo esc_attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select> 
    216216<?php 
    217217        } else { 
     
    242242        $dropdown = $instance['dropdown'] ? 'checked="checked"' : ''; 
    243243?> 
    244         <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p> 
     244        <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p> 
    245245        <p> 
    246246            <label for="<?php echo $this->get_field_id('count'); ?>"><input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <?php _e('Show post counts'); ?></label> 
     
    277277            <?php wp_register(); ?> 
    278278            <li><?php wp_loginout(); ?></li> 
    279             <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 
    280             <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 
    281             <li><a href="http://wordpress.org/" title="<?php echo attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li> 
     279            <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo esc_attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 
     280            <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo esc_attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 
     281            <li><a href="http://wordpress.org/" title="<?php echo esc_attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li> 
    282282            <?php wp_meta(); ?> 
    283283            </ul> 
     
    297297        $title = strip_tags($instance['title']); 
    298298?> 
    299             <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p> 
     299            <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p> 
    300300<?php 
    301301    } 
     
    339339        <p><label for="<?php echo $this->get_field_id('title'); ?>"> 
    340340        <?php _e('Title:'); ?> 
    341         <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /> 
     341        <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /> 
    342342        </label></p> 
    343343<?php 
     
    387387        <p><label for="<?php echo $this->get_field_id('title'); ?>"> 
    388388        <?php _e('Title:'); ?> 
    389         <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /> 
     389        <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /> 
    390390        </label></p> 
    391391 
     
    470470        //Defaults 
    471471        $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 
    472         $title = attr( $instance['title'] ); 
     472        $title = esc_attr( $instance['title'] ); 
    473473        $count = (bool) $instance['count']; 
    474474        $hierarchical = (bool) $instance['hierarchical']; 
     
    573573 
    574574    function form( $instance ) { 
    575         $title = attr($instance['title']); 
     575        $title = esc_attr($instance['title']); 
    576576        if ( !$number = (int) $instance['number'] ) 
    577577            $number = 5; 
     
    660660 
    661661    function form( $instance ) { 
    662         $title = attr($instance['title']); 
     662        $title = esc_attr($instance['title']); 
    663663        if ( !$number = (int) $instance['number'] ) 
    664664            $number = 5; 
     
    709709 
    710710        if ( ! is_wp_error($rss) ) { 
    711             $desc = attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 
     711            $desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 
    712712            if ( empty($title) ) 
    713713                $title = htmlentities(strip_tags($rss->get_title())); 
     
    724724        $icon = includes_url('images/rss.png'); 
    725725        if ( $title ) 
    726             $title = "<a class='rsswidget' href='$url' title='" . attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>"; 
     726            $title = "<a class='rsswidget' href='$url' title='" . esc_attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>"; 
    727727 
    728728        echo $before_widget; 
     
    796796            $link = substr($link, 1); 
    797797        $link = clean_url(strip_tags($link)); 
    798         $title = attr(strip_tags($item->get_title())); 
     798        $title = esc_attr(strip_tags($item->get_title())); 
    799799        if ( empty($title) ) 
    800800            $title = __('Untitled'); 
    801801 
    802         $desc = str_replace(array("\n", "\r"), ' ', attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); 
     802        $desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); 
    803803        $desc = wp_html_excerpt( $desc, 360 ) . ' [&hellip;]'; 
    804804        $desc = wp_specialchars( $desc ); 
     
    859859    extract( $inputs, EXTR_SKIP); 
    860860 
    861     $number = attr( $number ); 
    862     $title  = attr( $title ); 
     861    $number = esc_attr( $number ); 
     862    $title  = esc_attr( $title ); 
    863863    $url    = clean_url( $url ); 
    864864    $items  = (int) $items; 
     
    996996    <p><label for="<?php echo $this->get_field_id('title'); ?>"> 
    997997    <?php _e('Title:') ?> 
    998     <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attr( $instance['title'] ); ?>" /> 
     998    <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $instance['title'] ); ?>" /> 
    999999    </label></p> 
    10001000<?php 
  • trunk/wp-includes/deprecated.php

    r11138 r11204  
    10071007            $rel = ' rel="' . $rel . '"'; 
    10081008 
    1009         $desc = attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display')); 
    1010         $name = attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display')); 
     1009        $desc = esc_attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display')); 
     1010        $name = esc_attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display')); 
    10111011        $title = $desc; 
    10121012 
  • trunk/wp-includes/feed-atom-comments.php

    r11109 r11204  
    1919            printf(ent2ncr(__('Comments on: %s')), get_the_title_rss()); 
    2020        elseif ( is_search() ) 
    21             printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attr(get_search_query())); 
     21            printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), esc_attr(get_search_query())); 
    2222        else 
    2323            printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss()); 
     
    3333    <id><?php echo get_post_comments_feed_link('', 'atom'); ?></id> 
    3434<?php } elseif(is_search()) { ?> 
    35     <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attr(get_search_query()); ?>" /> 
     35    <link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . esc_attr(get_search_query()); ?>" /> 
    3636    <link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link('', 'atom'); ?>" /> 
    3737    <id><?php echo get_search_comments_feed_link('', 'atom'); ?></id> 
  • trunk/wp-includes/feed-rss2-comments.php

    r11109 r11204  
    2121            printf(ent2ncr(__('Comments on: %s')), get_the_title_rss()); 
    2222        elseif ( is_search() ) 
    23             printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attr($wp_query->query_vars['s'])); 
     23            printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), esc_attr($wp_query->query_vars['s'])); 
    2424        else 
    2525            printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss()); 
  • trunk/wp-includes/feed.php

    r11109 r11204  
    339339            $the_list .= "\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n"; 
    340340        elseif ( 'atom' == $type ) 
    341             $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attr( $cat_name ) ); 
     341            $the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', esc_attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), esc_attr( $cat_name ) ); 
    342342        else 
    343343            $the_list .= "\t\t<category><![CDATA[" . @html_entity_decode( $cat_name, ENT_COMPAT, get_option('blog_charset') ) . "]]></category>\n"; 
  • trunk/wp-includes/formatting.php

    r11178 r11204  
    12711271    $smiley = trim(reset($smiley)); 
    12721272    $img = $wpsmiliestrans[$smiley]; 
    1273     $smiley_masked = attr($smiley); 
     1273    $smiley_masked = esc_attr($smiley); 
    12741274 
    12751275    return " <img src='$siteurl/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> "; 
     
    20792079 * @return string 
    20802080 */ 
    2081 function attr( $text ) { 
     2081function esc_attr( $text ) { 
    20822082    $safe_text = wp_check_invalid_utf8( $text ); 
    20832083    $safe_text = wp_specialchars( $safe_text, ENT_QUOTES ); 
     
    20912091 * 
    20922092 * @deprecated 2.8.0 
    2093  * @see attr() 
     2093 * @see esc_attr() 
    20942094 *  
    20952095 * @param string $text 
     
    20972097 */ 
    20982098function attribute_escape( $text ) { 
    2099     return attr( $text ); 
     2099    return esc_attr( $text ); 
    21002100} 
    21012101 
  • trunk/wp-includes/functions.php

    r11190 r11204  
    394394 */ 
    395395function form_option( $option ) { 
    396     echo attr (get_option( $option ) ); 
     396    echo esc_attr(get_option( $option ) ); 
    397397} 
    398398 
     
    17441744 */ 
    17451745function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { 
    1746     $name = attr( $name ); 
     1746    $name = esc_attr( $name ); 
    17471747    $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; 
    17481748    if ( $echo ) 
     
    17691769 */ 
    17701770function wp_referer_field( $echo = true) { 
    1771     $ref = attr( $_SERVER['REQUEST_URI'] ); 
     1771    $ref = esc_attr( $_SERVER['REQUEST_URI'] ); 
    17721772    $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />'; 
    17731773 
     
    17951795    $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI']; 
    17961796    $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to; 
    1797     $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attr( stripslashes( $ref ) ) . '" />'; 
     1797    $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />'; 
    17981798    if ( $echo ) 
    17991799        echo $orig_referer_field; 
  • trunk/wp-includes/general-template.php

    r11190 r11204  
    121121    $form = '<form role="search" method="get" id="searchform" action="' . get_option('home') . '/" > 
    122122    <div><label class="invisible" for="s">' . __('Search for:') . '</label> 
    123     <input type="text" value="' . attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" /> 
    124     <input type="submit" id="searchsubmit" value="'. _a('Search') .'" /> 
     123    <input type="text" value="' . esc_attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" /> 
     124    <input type="submit" id="searchsubmit" value="'. esc_attr__('Search') .'" /> 
    125125    </div> 
    126126    </form>'; 
     
    689689function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 
    690690    $text = wptexturize($text); 
    691     $title_text = attr($text); 
     691    $title_text = esc_attr($text); 
    692692    $url = clean_url($url); 
    693693 
     
    14351435    $args = wp_parse_args( $args, $defaults ); 
    14361436 
    1437     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n"; 
    1438     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n"; 
     1437    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . esc_attr(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n"; 
     1438    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . esc_attr(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";