Make WordPress Core


Ignore:
Timestamp:
05/05/2009 07:43:53 PM (15 years ago)
Author:
markjaquith
Message:

_a(), _ea(), _xa(), attr() are now esc_attr(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/users.php

    r11190 r11204  
    2929
    3030if ( empty($_REQUEST) ) {
    31     $referer = '<input type="hidden" name="wp_http_referer" value="'. attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
     31    $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
    3232} elseif ( isset($_REQUEST['wp_http_referer']) ) {
    3333    $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
    34     $referer = '<input type="hidden" name="wp_http_referer" value="' . attr($redirect) . '" />';
     34    $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
    3535} else {
    3636    $redirect = 'users.php';
     
    150150            echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
    151151        } else {
    152             echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
     152            echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
    153153            $go_delete = true;
    154154        }
     
    158158    foreach ( (array) $all_logins as $login )
    159159        if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) )
    160             $user_dropdown .= "<option value=\"" . attr($login->ID) . "\">{$login->user_login}</option>";
     160            $user_dropdown .= "<option value=\"" . esc_attr($login->ID) . "\">{$login->user_login}</option>";
    161161    $user_dropdown .= '</select>';
    162162    ?>
     
    171171    </ul></fieldset>
    172172    <input type="hidden" name="action" value="dodelete" />
    173     <p class="submit"><input type="submit" name="submit" value="<?php _ea('Confirm Deletion'); ?>" class="button-secondary" /></p>
     173    <p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Deletion'); ?>" class="button-secondary" /></p>
    174174<?php else : ?>
    175175    <p><?php _e('There are no valid users selected for deletion.'); ?></p>
     
    292292<p class="search-box">
    293293    <label class="invisible" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label>
    294     <input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" />
    295     <input type="submit" value="<?php _ea( 'Search Users' ); ?>" class="button" />
     294    <input type="text" id="user-search-input" name="usersearch" value="<?php echo esc_attr($wp_user_search->search_term); ?>" />
     295    <input type="submit" value="<?php esc_attr_e( 'Search Users' ); ?>" class="button" />
    296296</p>
    297297</form>
     
    309309<option value="delete"><?php _e('Delete'); ?></option>
    310310</select>
    311 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
     311<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
    312312<label class="invisible" for="new_role"><?php _e('Change role to&hellip;') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to&hellip;') ?></option><?php wp_dropdown_roles(); ?></select>
    313 <input type="submit" value="<?php _ea('Change'); ?>" name="changeit" class="button-secondary" />
     313<input type="submit" value="<?php esc_attr_e('Change'); ?>" name="changeit" class="button-secondary" />
    314314<?php wp_nonce_field('bulk-users'); ?>
    315315</div>
     
    375375<option value="delete"><?php _e('Delete'); ?></option>
    376376</select>
    377 <input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
     377<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
    378378</div>
    379379
     
    389389    foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
    390390        $var = 'new_' . $var;
    391         $$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : '';
     391        $$var = isset($_REQUEST[$formpost]) ? esc_attr(stripslashes($_REQUEST[$formpost])) : '';
    392392    }
    393393    unset($name);
Note: See TracChangeset for help on using the changeset viewer.