Make WordPress Core

Changeset 11245


Ignore:
Timestamp:
05/09/2009 07:27:22 AM (16 years ago)
Author:
markjaquith
Message:

esc_js(). Shorter, follows new escaping naming convention.

Location:
trunk
Files:
19 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-attachment-rows.php

    r11204 r11245  
    8383            $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
    8484        if ( current_user_can('delete_post', $post->ID) )
    85             $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     85            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    8686        $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    8787        $action_count = count($actions);
  • trunk/wp-admin/edit-form-advanced.php

    r11224 r11245  
    230230<?php
    231231if ( ( 'edit' == $action ) && current_user_can('delete_post', $post->ID) ) { ?>
    232 <a class="submitdelete deletion" href="<?php echo wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
     232<a class="submitdelete deletion" href="<?php echo wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
    233233<?php } ?>
    234234</div>
  • trunk/wp-admin/edit-form-comment.php

    r11204 r11245  
    7070<div id="major-publishing-actions">
    7171<div id="delete-action">
    72 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
     72<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . esc_js(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
    7373</div>
    7474<div id="publishing-action">
  • trunk/wp-admin/edit-link-form.php

    r11224 r11245  
    8686<?php
    8787if ( !empty($_GET['action']) && 'edit' == $_GET['action'] && current_user_can('manage_links') ) { ?>
    88     <a class="submitdelete deletion" href="<?php echo wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf(__("You are about to delete this link '%s'\n  'Cancel' to stop, 'OK' to delete."), $link->link_name )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
     88    <a class="submitdelete deletion" href="<?php echo wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf(__("You are about to delete this link '%s'\n  'Cancel' to stop, 'OK' to delete."), $link->link_name )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
    8989<?php } ?>
    9090</div>
  • trunk/wp-admin/edit-page-form.php

    r11204 r11245  
    217217<?php
    218218if ( ( 'edit' == $action ) && current_user_can('delete_page', $post->ID) ) { ?>
    219 <a class="submitdelete deletion" href="<?php echo wp_nonce_url("page.php?action=delete&amp;post=$post->ID", 'delete-page_' . $post->ID); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
     219<a class="submitdelete deletion" href="<?php echo wp_nonce_url("page.php?action=delete&amp;post=$post->ID", 'delete-page_' . $post->ID); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
    220220<?php } ?>
    221221</div>
  • trunk/wp-admin/import/blogger.php

    r11204 r11245  
    191191        }
    192192//echo '<pre>'.print_r($this,1).'</pre>';
    193         $start    = js_escape( __('Import') );
    194         $continue = js_escape( __('Continue') );
    195         $stop     = js_escape( __('Importing...') );
    196         $authors  = js_escape( __('Set Authors') );
    197         $loadauth = js_escape( __('Preparing author mapping form...') );
    198         $authhead = js_escape( __('Final Step: Author Mapping') );
    199         $nothing  = js_escape( __('Nothing was imported. Had you already imported this blog?') );
     193        $start    = esc_js( __('Import') );
     194        $continue = esc_js( __('Continue') );
     195        $stop     = esc_js( __('Importing...') );
     196        $authors  = esc_js( __('Set Authors') );
     197        $loadauth = esc_js( __('Preparing author mapping form...') );
     198        $authhead = esc_js( __('Final Step: Author Mapping') );
     199        $nothing  = esc_js( __('Nothing was imported. Had you already imported this blog?') );
    200200        $title    = __('Blogger Blogs');
    201201        $name     = __('Blog Name');
     
    216216                $value = $authors;
    217217            $value = esc_attr($value);
    218             $blogtitle = js_escape( $blog['title'] );
     218            $blogtitle = esc_js( $blog['title'] );
    219219            $pdone = isset($blog['posts_done']) ? (int) $blog['posts_done'] : 0;
    220220            $cdone = isset($blog['comments_done']) ? (int) $blog['comments_done'] : 0;
     
    659659        $mapthis = __('Blogger username');
    660660        $tothis = __('WordPress login');
    661         $submit = js_escape( __('Save Changes') );
     661        $submit = esc_js( __('Save Changes') );
    662662
    663663        foreach ( $blog['authors'] as $i => $author )
  • trunk/wp-admin/includes/template.php

    r11242 r11245  
    14471447                $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
    14481448                $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
    1449                 $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     1449                $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    14501450            }
    14511451            if ( in_array($post->post_status, array('pending', 'draft')) ) {
     
    16601660            $actions['edit'] = '<a href="' . $edit_link . '" title="' . esc_attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
    16611661            $actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
    1662             $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     1662            $actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    16631663        }
    16641664        if ( in_array($post->post_status, array('pending', 'draft')) ) {
  • trunk/wp-admin/link-manager.php

    r11204 r11245  
    198198                    $actions = array();
    199199                    $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
    200                     $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id) . "' onclick=\"if ( confirm('" . js_escape(sprintf( __("You are about to delete this link '%s'\n  'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     200                    $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id) . "' onclick=\"if ( confirm('" . esc_js(sprintf( __("You are about to delete this link '%s'\n  'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    201201                    $action_count = count($actions);
    202202                    $i = 0;
  • trunk/wp-admin/press-this.php

    r11224 r11245  
    403403                break;
    404404            case 'photo' :
    405                 jQuery('#extra_fields').before('<p id="waiting"><img src="images/wpspin_light.gif" alt="" /> <?php echo js_escape( __( 'Loading...' ) ); ?></p>');
     405                jQuery('#extra_fields').before('<p id="waiting"><img src="images/wpspin_light.gif" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></p>');
    406406                jQuery.ajax({
    407407                    type: "GET",
  • trunk/wp-admin/themes.php

    r11204 r11245  
    198198    $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $theme_name)) . '">' . __('Preview') . '</a>';
    199199    if ( current_user_can('update_themes') )
    200         $actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . js_escape(sprintf( __("You are about to delete this theme '%s'\n  'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>';
     200        $actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . esc_js(sprintf( __("You are about to delete this theme '%s'\n  'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>';
    201201    $actions = apply_filters('theme_action_links', $actions, $themes[$theme_name]);
    202202
  • trunk/wp-admin/update-core.php

    r11204 r11245  
    5959    if ( $dismissed ) {
    6060
    61         $show_text = js_escape(__('Show hidden updates'));
    62         $hide_text = js_escape(__('Hide hidden updates'));
     61        $show_text = esc_js(__('Show hidden updates'));
     62        $hide_text = esc_js(__('Hide hidden updates'));
    6363    ?>
    6464    <script type="text/javascript">
  • trunk/wp-admin/upload.php

    r11204 r11245  
    342342            $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
    343343        if ( current_user_can('delete_post', $post->ID) )
    344             $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
     344            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
    345345        $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
    346346        if ( current_user_can('edit_post', $post->ID) )
  • trunk/wp-content/themes/default/functions.php

    r11204 r11245  
    252252    }
    253253    function kRevert() {
    254         document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>';
    255         document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>';
    256         document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>';
    257         document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat';
     254        document.getElementById('headerimage').value = '<?php echo esc_js(kubrick_header_image()); ?>';
     255        document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo esc_js(kubrick_upper_color()); ?>';
     256        document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo esc_js(kubrick_lower_color()); ?>';
     257        document.getElementById('header').style.background = 'url("<?php echo esc_js(kubrick_header_image_url()); ?>") center no-repeat';
    258258        document.getElementById('header').style.color = '';
    259         document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>';
    260         document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>';
     259        document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo esc_js(kubrick_header_color_string()); ?>';
     260        document.getElementById('fontdisplay').value = '<?php echo esc_js(kubrick_header_display_string()); ?>';
    261261        document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
    262262    }
  • trunk/wp-includes/bookmark.php

    r11204 r11245  
    358358        $value = esc_attr($value);
    359359    else if ( 'js' == $context )
    360         $value = js_escape($value);
     360        $value = esc_js($value);
    361361
    362362    return $value;
  • trunk/wp-includes/class.wp-scripts.php

    r11058 r11245  
    6161                continue;
    6262            }
    63             $data .= "$eol\t$var: \"" . js_escape( $val ) . '"';
     63            $data .= "$eol\t$var: \"" . esc_js( $val ) . '"';
    6464            $eol = ",\n";
    6565        }
  • trunk/wp-includes/formatting.php

    r11215 r11245  
    20552055 * The filter 'js_escape' is also applied here.
    20562056 *
    2057  * @since 2.0.4
     2057 * @since 2.8.0
    20582058 *
    20592059 * @param string $text The text to be escaped.
    20602060 * @return string Escaped text.
    20612061 */
    2062 function js_escape($text) {
     2062function esc_js( $text ) {
    20632063    $safe_text = wp_check_invalid_utf8( $text );
    20642064    $safe_text = wp_specialchars( $safe_text, ENT_COMPAT );
     
    20662066    $safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) );
    20672067    return apply_filters( 'js_escape', $safe_text, $text );
     2068}
     2069
     2070/**
     2071 * Escape single quotes, specialchar double quotes, and fix line endings.
     2072 *
     2073 * The filter 'js_escape' is also applied by esc_js()
     2074 *
     2075 * @since 2.0.4
     2076 *
     2077 * @deprecated 2.8.0
     2078 * @see esc_js()
     2079 *
     2080 * @param string $text The text to be escaped.
     2081 * @return string Escaped text.
     2082 */
     2083function js_escape( $text ) {
     2084    return esc_js( $text );
    20682085}
    20692086
  • trunk/wp-includes/js/tinymce/langs/wp-langs.php

    r10774 r11245  
    1919
    2020    if ( 'en' == $language ) return $text;
    21     else return js_escape($text);
     21    else return esc_js($text);
    2222}
    2323
  • trunk/wp-includes/post.php

    r11222 r11245  
    906906        $value = esc_attr($value);
    907907    else if ( 'js' == $context )
    908         $value = js_escape($value);
     908        $value = esc_js($value);
    909909
    910910    return $value;
  • trunk/wp-includes/taxonomy.php

    r11216 r11245  
    10141014        $value = esc_attr($value);
    10151015    else if ( 'js' == $context )
    1016         $value = js_escape($value);
     1016        $value = esc_js($value);
    10171017
    10181018    return $value;
Note: See TracChangeset for help on using the changeset viewer.