Changeset 11204 for trunk/wp-admin/includes/media.php
- Timestamp:
- 05/05/2009 07:43:53 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/media.php
r11203 r11204 79 79 $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false)); 80 80 $link = "<a href='" . clean_url($href) . "'$class>$text</a>"; 81 echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n";81 echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n"; 82 82 } 83 83 echo "</ul>\n"; … … 105 105 $html = get_image_tag($id, $htmlalt, $title, $align, $size); 106 106 107 $rel = $rel ? ' rel="attachment wp-att-' .attr($id).'"' : '';107 $rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : ''; 108 108 109 109 if ( $url ) … … 429 429 if ( !empty($attachment['url']) ) { 430 430 if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) ) 431 $rel = " rel='attachment wp-att-" .attr($send_id)."'";431 $rel = " rel='attachment wp-att-" . esc_attr($send_id)."'"; 432 432 $html = "<a href='{$attachment['url']}'$rel>$html</a>"; 433 433 } … … 464 464 if ( !empty($src) && !strpos($src, '://') ) 465 465 $src = "http://$src"; 466 $alt = attr($_POST['insertonly']['alt']);466 $alt = esc_attr($_POST['insertonly']['alt']); 467 467 if ( isset($_POST['insertonly']['align']) ) { 468 $align = attr($_POST['insertonly']['align']);468 $align = esc_attr($_POST['insertonly']['align']); 469 469 $class = " class='align$align'"; 470 470 } … … 558 558 if ( !empty($href) && !strpos($href, '://') ) 559 559 $href = "http://$href"; 560 $title = attr($_POST['insertonly']['title']);560 $title = esc_attr($_POST['insertonly']['title']); 561 561 if ( empty($title) ) 562 562 $title = basename($href); … … 612 612 if ( !empty($href) && !strpos($href, '://') ) 613 613 $href = "http://$href"; 614 $title = attr($_POST['insertonly']['title']);614 $title = esc_attr($_POST['insertonly']['title']); 615 615 if ( empty($title) ) 616 616 $title = basename($href); … … 666 666 if ( !empty($href) && !strpos($href, '://') ) 667 667 $href = "http://$href"; 668 $title = attr($_POST['insertonly']['title']);668 $title = esc_attr($_POST['insertonly']['title']); 669 669 if ( empty($title) ) 670 670 $title = basename($href); … … 756 756 $out = array(); 757 757 foreach ($alignments as $name => $label) { 758 $name = attr($name);758 $name = esc_attr($name); 759 759 $out[] = "<input type='radio' name='attachments[{$post->ID}][align]' id='image-align-{$name}-{$post->ID}' value='$name'". 760 760 ( $checked == $name ? " checked='checked'" : "" ) . … … 830 830 $url = $link; 831 831 832 return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br />832 return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . esc_attr($url) . "' /><br /> 833 833 <button type='button' class='button urlnone' title=''>" . __('None') . "</button> 834 <button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button>835 <button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button>834 <button type='button' class='button urlfile' title='" . esc_attr($file) . "'>" . __('File URL') . "</button> 835 <button type='button' class='button urlpost' title='" . esc_attr($link) . "'>" . __('Post URL') . "</button> 836 836 "; 837 837 } … … 993 993 'label' => __('File URL'), 994 994 'input' => 'html', 995 'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />",995 'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . esc_attr($image_url) . "' /><br />", 996 996 'value' => isset($edit_post->post_url) ? $edit_post->post_url : '', 997 997 'helps' => __('Location of the uploaded file.'), … … 1090 1090 1091 1091 $filename = basename($post->guid); 1092 $title = attr($post->post_title);1092 $title = esc_attr($post->post_title); 1093 1093 1094 1094 if ( $_tags = get_the_tags($attachment_id) ) { 1095 1095 foreach ( $_tags as $tag ) 1096 1096 $tags[] = $tag->name; 1097 $tags = attr(join(', ', $tags));1097 $tags = esc_attr(join(', ', $tags)); 1098 1098 } 1099 1099 … … 1102 1102 $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type)); 1103 1103 $type = array_shift($keys); 1104 $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />";1104 $type = "<input type='hidden' id='type-of-$attachment_id' value='" . esc_attr( $type ) . "' />"; 1105 1105 } 1106 1106 … … 1161 1161 $delete_href = wp_nonce_url("post.php?action=delete-post&post=$attachment_id", 'delete-post_' . $attachment_id); 1162 1162 if ( $send ) 1163 $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . _a( 'Insert into Post' ) . "' />";1163 $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />"; 1164 1164 if ( $delete ) 1165 1165 $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>"; … … 1199 1199 $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>"; 1200 1200 } else { 1201 $item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>";1201 $item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>"; 1202 1202 } 1203 1203 if ( !empty($field['helps']) ) … … 1227 1227 1228 1228 foreach ( $hidden_fields as $name => $value ) 1229 $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n";1229 $item .= "\t<input type='hidden' name='$name' id='$name' value='" . esc_attr( $value ) . "' />\n"; 1230 1230 1231 1231 if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) { … … 1308 1308 button_image_url: '<?php echo includes_url('images/upload.png'); ?>', 1309 1309 button_placeholder_id: "flash-browse-button", 1310 upload_url : "<?php echo attr( $flash_action_url ); ?>",1310 upload_url : "<?php echo esc_attr( $flash_action_url ); ?>", 1311 1311 flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>", 1312 1312 file_post_name: "async-upload", … … 1356 1356 <p id="async-upload-wrap"> 1357 1357 <label class="invisible" for="async-upload"><?php _e('Upload'); ?></label> 1358 <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php _ea('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>1358 <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php esc_attr_e('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a> 1359 1359 </p> 1360 1360 <div class="clear"></div> … … 1386 1386 ?> 1387 1387 1388 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">1388 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 1389 1389 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1390 1390 <?php wp_nonce_field('media-form'); ?> … … 1418 1418 ?> 1419 1419 </div> 1420 <input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />1420 <input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" /> 1421 1421 <?php 1422 1422 } … … 1442 1442 ?> 1443 1443 1444 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">1444 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 1445 1445 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1446 1446 <?php wp_nonce_field('media-form'); ?> … … 1576 1576 <a href="#" id="clear"><?php _e('Clear'); ?></a> 1577 1577 </div> 1578 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">1578 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form"> 1579 1579 <?php wp_nonce_field('media-form'); ?> 1580 1580 <?php //media_upload_form( $errors ); ?> … … 1591 1591 1592 1592 <p class="ml-submit"> 1593 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php _ea( 'Save all changes' ); ?>" />1593 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php esc_attr_e( 'Save all changes' ); ?>" /> 1594 1594 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1595 <input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" />1596 <input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" />1595 <input type="hidden" name="type" value="<?php echo esc_attr( $GLOBALS['type'] ); ?>" /> 1596 <input type="hidden" name="tab" value="<?php echo esc_attr( $GLOBALS['tab'] ); ?>" /> 1597 1597 </p> 1598 1598 … … 1668 1668 1669 1669 <p class="ml-submit"> 1670 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php _ea( 'Insert gallery' ); ?>" />1671 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php _ea( 'Update gallery settings' ); ?>" />1670 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php esc_attr_e( 'Insert gallery' ); ?>" /> 1671 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php esc_attr_e( 'Update gallery settings' ); ?>" /> 1672 1672 </p> 1673 1673 </div> … … 1705 1705 1706 1706 <form id="filter" action="" method="get"> 1707 <input type="hidden" name="type" value="<?php echo attr( $type ); ?>" />1708 <input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" />1707 <input type="hidden" name="type" value="<?php echo esc_attr( $type ); ?>" /> 1708 <input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" /> 1709 1709 <input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" /> 1710 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" />1710 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? esc_attr( $_GET['post_mime_type'] ) : ''; ?>" /> 1711 1711 1712 1712 <p id="media-search" class="search-box"> 1713 1713 <label class="invisible" for="media-search-input"><?php _e('Search Media');?>:</label> 1714 1714 <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" /> 1715 <input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" />1715 <input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" /> 1716 1716 </p> 1717 1717 … … 1792 1792 $default = ''; 1793 1793 1794 echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";1794 echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>"; 1795 1795 echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" ); 1796 1796 echo "</option>\n"; … … 1800 1800 <?php } ?> 1801 1801 1802 <input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter »' ) ); ?>" class="button-secondary" />1802 <input type="submit" id="post-query-submit" value="<?php echo esc_attr( __( 'Filter »' ) ); ?>" class="button-secondary" /> 1803 1803 1804 1804 </div> … … 1808 1808 </form> 1809 1809 1810 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">1810 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="library-form"> 1811 1811 1812 1812 <?php wp_nonce_field('media-form'); ?> … … 1830 1830 </div> 1831 1831 <p class="ml-submit"> 1832 <input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />1832 <input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" /> 1833 1833 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1834 1834 </p> … … 1912 1912 <td></td> 1913 1913 <td> 1914 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . _a('Insert into Post') . '" />1914 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . esc_attr__('Insert into Post') . '" /> 1915 1915 </td> 1916 1916 </tr> … … 1948 1948 <td></td> 1949 1949 <td> 1950 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />1950 <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" /> 1951 1951 </td> 1952 1952 </tr> … … 1983 1983 <td></td> 1984 1984 <td> 1985 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />1985 <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" /> 1986 1986 </td> 1987 1987 </tr> … … 2018 2018 <td></td> 2019 2019 <td> 2020 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />2020 <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" /> 2021 2021 </td> 2022 2022 </tr>
Note: See TracChangeset
for help on using the changeset viewer.