Make WordPress Core


Ignore:
Timestamp:
05/05/2009 07:43:53 PM (15 years ago)
Author:
markjaquith
Message:

_a(), _ea(), _xa(), attr() are now esc_attr(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-advanced.php

    r11203 r11204  
    3434    $form_action = 'post';
    3535    $temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post()
    36     $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . attr($temp_ID) . "' />";
     36    $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . esc_attr($temp_ID) . "' />";
    3737    $autosave = false;
    3838} else {
    3939    $form_action = 'editpost';
    40     $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . attr($post_ID) . "' />";
     40    $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />";
    4141    $autosave = wp_get_post_autosave( $post_ID );
    4242
     
    7373<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
    7474<div style="display:none;">
    75 <input type="submit" name="save" value="<?php _ea('Save'); ?>" />
     75<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
    7676</div>
    7777
     
    7979<div id="save-action">
    8080<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?>
    81 <input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
     81<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
    8282<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
    83 <input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
     83<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
    8484<?php } ?>
    8585</div>
     
    130130
    131131<div id="post-status-select" class="hide-if-js">
    132 <input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" />
     132<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" />
    133133<select name='post_status' id='post_status' tabindex='4'>
    134134<?php if ( 'publish' == $post->post_status ) : ?>
     
    170170
    171171<div id="post-visibility-select" class="hide-if-js">
    172 <input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
     172<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
    173173<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> />
    174 <input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
     174<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />
    175175
    176176
     
    178178<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
    179179<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
    180 <span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
     180<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
    181181<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
    182182
     
    239239    if ( current_user_can('publish_posts') ) :
    240240        if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
    241         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" />
    242         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" />
     241        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
     242        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
    243243<?php   else : ?>
    244         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" />
    245         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" />
     244        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
     245        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
    246246<?php   endif;
    247247    else : ?>
    248         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" />
    249         <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" />
     248        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
     249        <input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
    250250<?php
    251251    endif;
    252252} else { ?>
    253         <input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Post') ?>" />
    254         <input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Post') ?>" />
     253        <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Post') ?>" />
     254        <input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Post') ?>" />
    255255<?php
    256256} ?>
     
    272272 */
    273273function post_tags_meta_box($post, $box) {
    274     $tax_name = attr(substr($box['id'], 8));
     274    $tax_name = esc_attr(substr($box['id'], 8));
    275275    $taxonomy = get_taxonomy($tax_name);
    276     $helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.');
     276    $helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.');
    277277?>
    278278<div class="tagsdiv" id="<?php echo $tax_name; ?>">
     
    280280    <div class="nojs-tags hide-if-js">
    281281    <p><?php _e('Add or remove tags'); ?></p>
    282     <textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
     282    <textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
    283283
    284284    <span class="ajaxtag hide-if-no-js">
    285285        <label class="invisible" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
    286         <input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _ea('Add new tag'); ?>" />
    287         <input type="button" class="button tagadd" value="<?php _ea('Add'); ?>" tabindex="3" />
     286        <input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" />
     287        <input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" />
    288288    </span></div>
    289289    <p class="howto"><?php echo $helps; ?></p>
     
    298298    if ( !is_taxonomy_hierarchical($tax_name) ) {
    299299        $taxonomy = get_taxonomy($tax_name);
    300         $label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name;
     300        $label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name;
    301301
    302302        add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core');
     
    334334    <h4><a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a></h4>
    335335    <p id="category-add" class="wp-hidden-child">
    336     <label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
     336    <label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
    337337    <label class="invisible" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
    338     <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _ea( 'Add' ); ?>" tabindex="3" />
     338    <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" />
    339339<?php   wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
    340340    <span id="category-ajax-response"></span></p>
     
    386386 */
    387387function post_trackback_meta_box($post) {
    388     $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
     388    $form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. esc_attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
    389389    if ('' != $post->pinged) {
    390390        $pings = '<p>'. __('Already pinged:') . '</p><ul>';
     
    493493function post_slug_meta_box($post) {
    494494?>
    495 <label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
     495<label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
    496496<?php
    497497}
     
    568568
    569569<input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    570 <input type="hidden" id="hiddenaction" name="action" value="<?php echo attr($form_action) ?>" />
    571 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
    572 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
    573 <input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
    574 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
     570<input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr($form_action) ?>" />
     571<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" />
     572<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
     573<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
     574<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
    575575<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
    576576<?php
     
    593593<div id="titlewrap">
    594594    <label class="invisible" for="title"><?php _e('Title') ?></label>
    595     <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
     595    <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
    596596</div>
    597597<div class="inside">
Note: See TracChangeset for help on using the changeset viewer.