Changeset 11204 for trunk/wp-includes/default-widgets.php
- Timestamp:
- 05/05/2009 07:43:53 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/default-widgets.php
r11199 r11204 62 62 //Defaults 63 63 $instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') ); 64 $title = attr( $instance['title'] );65 $exclude = attr( $instance['exclude'] );64 $title = esc_attr( $instance['title'] ); 65 $exclude = esc_attr( $instance['exclude'] ); 66 66 ?> 67 67 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></label></p> … … 213 213 if ( $d ) { 214 214 ?> 215 <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>215 <select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo esc_attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select> 216 216 <?php 217 217 } else { … … 242 242 $dropdown = $instance['dropdown'] ? 'checked="checked"' : ''; 243 243 ?> 244 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>244 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p> 245 245 <p> 246 246 <label for="<?php echo $this->get_field_id('count'); ?>"><input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <?php _e('Show post counts'); ?></label> … … 277 277 <?php wp_register(); ?> 278 278 <li><?php wp_loginout(); ?></li> 279 <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>280 <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>281 <li><a href="http://wordpress.org/" title="<?php echo attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>279 <li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo esc_attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 280 <li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo esc_attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li> 281 <li><a href="http://wordpress.org/" title="<?php echo esc_attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li> 282 282 <?php wp_meta(); ?> 283 283 </ul> … … 297 297 $title = strip_tags($instance['title']); 298 298 ?> 299 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>299 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p> 300 300 <?php 301 301 } … … 339 339 <p><label for="<?php echo $this->get_field_id('title'); ?>"> 340 340 <?php _e('Title:'); ?> 341 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />341 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /> 342 342 </label></p> 343 343 <?php … … 387 387 <p><label for="<?php echo $this->get_field_id('title'); ?>"> 388 388 <?php _e('Title:'); ?> 389 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />389 <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /> 390 390 </label></p> 391 391 … … 470 470 //Defaults 471 471 $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); 472 $title = attr( $instance['title'] );472 $title = esc_attr( $instance['title'] ); 473 473 $count = (bool) $instance['count']; 474 474 $hierarchical = (bool) $instance['hierarchical']; … … 573 573 574 574 function form( $instance ) { 575 $title = attr($instance['title']);575 $title = esc_attr($instance['title']); 576 576 if ( !$number = (int) $instance['number'] ) 577 577 $number = 5; … … 660 660 661 661 function form( $instance ) { 662 $title = attr($instance['title']);662 $title = esc_attr($instance['title']); 663 663 if ( !$number = (int) $instance['number'] ) 664 664 $number = 5; … … 709 709 710 710 if ( ! is_wp_error($rss) ) { 711 $desc = attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));711 $desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); 712 712 if ( empty($title) ) 713 713 $title = htmlentities(strip_tags($rss->get_title())); … … 724 724 $icon = includes_url('images/rss.png'); 725 725 if ( $title ) 726 $title = "<a class='rsswidget' href='$url' title='" . attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";726 $title = "<a class='rsswidget' href='$url' title='" . esc_attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>"; 727 727 728 728 echo $before_widget; … … 796 796 $link = substr($link, 1); 797 797 $link = clean_url(strip_tags($link)); 798 $title = attr(strip_tags($item->get_title()));798 $title = esc_attr(strip_tags($item->get_title())); 799 799 if ( empty($title) ) 800 800 $title = __('Untitled'); 801 801 802 $desc = str_replace(array("\n", "\r"), ' ', attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));802 $desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); 803 803 $desc = wp_html_excerpt( $desc, 360 ) . ' […]'; 804 804 $desc = wp_specialchars( $desc ); … … 859 859 extract( $inputs, EXTR_SKIP); 860 860 861 $number = attr( $number );862 $title = attr( $title );861 $number = esc_attr( $number ); 862 $title = esc_attr( $title ); 863 863 $url = clean_url( $url ); 864 864 $items = (int) $items; … … 996 996 <p><label for="<?php echo $this->get_field_id('title'); ?>"> 997 997 <?php _e('Title:') ?> 998 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attr( $instance['title'] ); ?>" />998 <input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $instance['title'] ); ?>" /> 999 999 </label></p> 1000 1000 <?php
Note: See TracChangeset
for help on using the changeset viewer.