Make WordPress Core


Ignore:
Timestamp:
05/05/2009 07:43:53 PM (16 years ago)
Author:
markjaquith
Message:

_a(), _ea(), _xa(), attr() are now esc_attr(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r11203 r11204  
    7979            $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
    8080            $link = "<a href='" . clean_url($href) . "'$class>$text</a>";
    81             echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n";
     81            echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n";
    8282        }
    8383        echo "</ul>\n";
     
    105105    $html = get_image_tag($id, $htmlalt, $title, $align, $size);
    106106
    107     $rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : '';
     107    $rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : '';
    108108
    109109    if ( $url )
     
    429429        if ( !empty($attachment['url']) ) {
    430430            if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) )
    431                 $rel = " rel='attachment wp-att-".attr($send_id)."'";
     431                $rel = " rel='attachment wp-att-" . esc_attr($send_id)."'";
    432432            $html = "<a href='{$attachment['url']}'$rel>$html</a>";
    433433        }
     
    464464        if ( !empty($src) && !strpos($src, '://') )
    465465            $src = "http://$src";
    466         $alt = attr($_POST['insertonly']['alt']);
     466        $alt = esc_attr($_POST['insertonly']['alt']);
    467467        if ( isset($_POST['insertonly']['align']) ) {
    468             $align = attr($_POST['insertonly']['align']);
     468            $align = esc_attr($_POST['insertonly']['align']);
    469469            $class = " class='align$align'";
    470470        }
     
    558558        if ( !empty($href) && !strpos($href, '://') )
    559559            $href = "http://$href";
    560         $title = attr($_POST['insertonly']['title']);
     560        $title = esc_attr($_POST['insertonly']['title']);
    561561        if ( empty($title) )
    562562            $title = basename($href);
     
    612612        if ( !empty($href) && !strpos($href, '://') )
    613613            $href = "http://$href";
    614         $title = attr($_POST['insertonly']['title']);
     614        $title = esc_attr($_POST['insertonly']['title']);
    615615        if ( empty($title) )
    616616            $title = basename($href);
     
    666666        if ( !empty($href) && !strpos($href, '://') )
    667667            $href = "http://$href";
    668         $title = attr($_POST['insertonly']['title']);
     668        $title = esc_attr($_POST['insertonly']['title']);
    669669        if ( empty($title) )
    670670            $title = basename($href);
     
    756756    $out = array();
    757757    foreach ($alignments as $name => $label) {
    758         $name = attr($name);
     758        $name = esc_attr($name);
    759759        $out[] = "<input type='radio' name='attachments[{$post->ID}][align]' id='image-align-{$name}-{$post->ID}' value='$name'".
    760760            ( $checked == $name ? " checked='checked'" : "" ) .
     
    830830        $url = $link;
    831831
    832     return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br />
     832    return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . esc_attr($url) . "' /><br />
    833833                <button type='button' class='button urlnone' title=''>" . __('None') . "</button>
    834                 <button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button>
    835                 <button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button>
     834                <button type='button' class='button urlfile' title='" . esc_attr($file) . "'>" . __('File URL') . "</button>
     835                <button type='button' class='button urlpost' title='" . esc_attr($link) . "'>" . __('Post URL') . "</button>
    836836";
    837837}
     
    993993            'label'      => __('File URL'),
    994994            'input'      => 'html',
    995             'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />",
     995            'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . esc_attr($image_url) . "' /><br />",
    996996            'value'      => isset($edit_post->post_url) ? $edit_post->post_url : '',
    997997            'helps'      => __('Location of the uploaded file.'),
     
    10901090
    10911091    $filename = basename($post->guid);
    1092     $title = attr($post->post_title);
     1092    $title = esc_attr($post->post_title);
    10931093
    10941094    if ( $_tags = get_the_tags($attachment_id) ) {
    10951095        foreach ( $_tags as $tag )
    10961096            $tags[] = $tag->name;
    1097         $tags = attr(join(', ', $tags));
     1097        $tags = esc_attr(join(', ', $tags));
    10981098    }
    10991099
     
    11021102        $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
    11031103        $type = array_shift($keys);
    1104         $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />";
     1104        $type = "<input type='hidden' id='type-of-$attachment_id' value='" . esc_attr( $type ) . "' />";
    11051105    }
    11061106
     
    11611161    $delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
    11621162    if ( $send )
    1163         $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . _a( 'Insert into Post' ) . "' />";
     1163        $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />";
    11641164    if ( $delete )
    11651165        $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
     
    11991199            $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
    12001200        } else {
    1201             $item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>";
     1201            $item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
    12021202        }
    12031203        if ( !empty($field['helps']) )
     
    12271227
    12281228    foreach ( $hidden_fields as $name => $value )
    1229         $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n";
     1229        $item .= "\t<input type='hidden' name='$name' id='$name' value='" . esc_attr( $value ) . "' />\n";
    12301230
    12311231    if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) {
     
    13081308            button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
    13091309            button_placeholder_id: "flash-browse-button",
    1310             upload_url : "<?php echo attr( $flash_action_url ); ?>",
     1310            upload_url : "<?php echo esc_attr( $flash_action_url ); ?>",
    13111311            flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>",
    13121312            file_post_name: "async-upload",
     
    13561356    <p id="async-upload-wrap">
    13571357    <label class="invisible" for="async-upload"><?php _e('Upload'); ?></label>
    1358     <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php _ea('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
     1358    <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php esc_attr_e('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
    13591359    </p>
    13601360    <div class="clear"></div>
     
    13861386?>
    13871387
    1388 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
     1388<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
    13891389<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    13901390<?php wp_nonce_field('media-form'); ?>
     
    14181418?>
    14191419</div>
    1420 <input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
     1420<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
    14211421<?php
    14221422}
     
    14421442?>
    14431443
    1444 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
     1444<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
    14451445<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    14461446<?php wp_nonce_field('media-form'); ?>
     
    15761576<a href="#" id="clear"><?php _e('Clear'); ?></a>
    15771577</div>
    1578 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
     1578<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
    15791579<?php wp_nonce_field('media-form'); ?>
    15801580<?php //media_upload_form( $errors ); ?>
     
    15911591
    15921592<p class="ml-submit">
    1593 <input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php _ea( 'Save all changes' ); ?>" />
     1593<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
    15941594<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    1595 <input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" />
    1596 <input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" />
     1595<input type="hidden" name="type" value="<?php echo esc_attr( $GLOBALS['type'] ); ?>" />
     1596<input type="hidden" name="tab" value="<?php echo esc_attr( $GLOBALS['tab'] ); ?>" />
    15971597</p>
    15981598
     
    16681668
    16691669<p class="ml-submit">
    1670 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php _ea( 'Insert gallery' ); ?>" />
    1671 <input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php _ea( 'Update gallery settings' ); ?>" />
     1670<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php esc_attr_e( 'Insert gallery' ); ?>" />
     1671<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php esc_attr_e( 'Update gallery settings' ); ?>" />
    16721672</p>
    16731673</div>
     
    17051705
    17061706<form id="filter" action="" method="get">
    1707 <input type="hidden" name="type" value="<?php echo attr( $type ); ?>" />
    1708 <input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" />
     1707<input type="hidden" name="type" value="<?php echo esc_attr( $type ); ?>" />
     1708<input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" />
    17091709<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
    1710 <input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" />
     1710<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? esc_attr( $_GET['post_mime_type'] ) : ''; ?>" />
    17111711
    17121712<p id="media-search" class="search-box">
    17131713    <label class="invisible" for="media-search-input"><?php _e('Search Media');?>:</label>
    17141714    <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
    1715     <input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" />
     1715    <input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" />
    17161716</p>
    17171717
     
    17921792        $default = '';
    17931793
    1794     echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
     1794    echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
    17951795    echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
    17961796    echo "</option>\n";
     
    18001800<?php } ?>
    18011801
    1802 <input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
     1802<input type="submit" id="post-query-submit" value="<?php echo esc_attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
    18031803
    18041804</div>
     
    18081808</form>
    18091809
    1810 <form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
     1810<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
    18111811
    18121812<?php wp_nonce_field('media-form'); ?>
     
    18301830</div>
    18311831<p class="ml-submit">
    1832 <input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
     1832<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
    18331833<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
    18341834</p>
     
    19121912            <td></td>
    19131913            <td>
    1914                 <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . _a('Insert into Post') . '" />
     1914                <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . esc_attr__('Insert into Post') . '" />
    19151915            </td>
    19161916        </tr>
     
    19481948            <td></td>
    19491949            <td>
    1950                 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
     1950                <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
    19511951            </td>
    19521952        </tr>
     
    19831983            <td></td>
    19841984            <td>
    1985                 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
     1985                <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
    19861986            </td>
    19871987        </tr>
     
    20182018            <td></td>
    20192019            <td>
    2020                 <input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
     2020                <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
    20212021            </td>
    20222022        </tr>
Note: See TracChangeset for help on using the changeset viewer.