Changeset 11380
- Timestamp:
- 05/18/2009 03:11:07 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 68 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r11343 r11380 423 423 } 424 424 $cat_id = $cat_id['term_id']; 425 $cat_name = wp_specialchars(stripslashes($cat_name));425 $cat_name = esc_html(stripslashes($cat_name)); 426 426 $x->add( array( 427 427 'what' => 'link-category', … … 899 899 $data = new WP_Error( 'locked', sprintf( 900 900 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ), 901 wp_specialchars( $last_user_name )901 esc_html( $last_user_name ) 902 902 ) ); 903 903 … … 1058 1058 $last_user = get_userdata( $last ); 1059 1059 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1060 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), wp_specialchars( $last_user_name ) );1060 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1061 1061 exit; 1062 1062 } … … 1218 1218 1219 1219 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1220 $html .= '<td><label for="found-'.$post->ID.'">'. wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";1220 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1221 1221 } 1222 1222 $html .= '</tbody></table>'; -
trunk/wp-admin/admin-header.php
r11280 r11380 11 11 12 12 get_admin_page_title(); 13 $title = wp_specialchars( strip_tags( $title ) );13 $title = esc_html( strip_tags( $title ) ); 14 14 wp_user_settings(); 15 15 wp_menu_unfold(); -
trunk/wp-admin/async-upload.php
r11013 r11380 43 43 $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 44 44 if (is_wp_error($id)) { 45 echo '<div id="media-upload-error">'. wp_specialchars($id->get_error_message()).'</div>';45 echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>'; 46 46 exit; 47 47 } -
trunk/wp-admin/categories.php
r11312 r11380 130 130 <div class="wrap nosubsub"> 131 131 <?php screen_icon(); ?> 132 <h2><?php echo wp_specialchars( $title );132 <h2><?php echo esc_html( $title ); 133 133 if ( isset($_GET['s']) && $_GET['s'] ) 134 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>134 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?> 135 135 </h2> 136 136 -
trunk/wp-admin/edit-attachment-rows.php
r11323 r11380 25 25 <tbody id="the-list" class="list:post"> 26 26 <?php 27 add_filter('the_title',' wp_specialchars');27 add_filter('the_title','esc_html'); 28 28 $alt = ''; 29 29 $posts_columns = get_column_headers('upload'); … … 111 111 $out = array(); 112 112 foreach ( $tags as $c ) 113 $out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";113 $out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>"; 114 114 echo join( ', ', $out ); 115 115 } else { -
trunk/wp-admin/edit-category-form.php
r11204 r11380 67 67 <tr class="form-field"> 68 68 <th scope="row" valign="top"><label for="category_description"><?php _e('Description') ?></label></th> 69 <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->description); ?></textarea><br />69 <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($category->description); ?></textarea><br /> 70 70 <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td> 71 71 </tr> -
trunk/wp-admin/edit-comments.php
r11312 r11380 97 97 <div class="wrap"> 98 98 <?php screen_icon(); ?> 99 <h2><?php echo wp_specialchars( $title );99 <h2><?php echo esc_html( $title ); 100 100 if ( isset($_GET['s']) && $_GET['s'] ) 101 printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( wp_specialchars( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>101 printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?> 102 102 </h2> 103 103 -
trunk/wp-admin/edit-form-advanced.php
r11323 r11380 167 167 } 168 168 169 ?><?php echo wp_specialchars( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>169 ?><?php echo esc_html( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a> 170 170 171 171 <div id="post-visibility-select" class="hide-if-js"> … … 391 391 $already_pinged = explode("\n", trim($post->pinged)); 392 392 foreach ($already_pinged as $pinged_url) { 393 $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";393 $pings .= "\n\t<li>" . esc_html($pinged_url) . "</li>"; 394 394 } 395 395 $pings .= '</ul>'; … … 550 550 <div class="wrap"> 551 551 <?php screen_icon(); ?> 552 <h2><?php echo wp_specialchars( $title ); ?></h2>552 <h2><?php echo esc_html( $title ); ?></h2> 553 553 <?php if ( $notice ) : ?> 554 554 <div id="notice" class="error"><p><?php echo $notice ?></p></div> … … 623 623 if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) { 624 624 $last_user = get_userdata($last_id); 625 printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));625 printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified)); 626 626 } else { 627 627 printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified)); -
trunk/wp-admin/edit-link-categories.php
r11312 r11380 62 62 <div class="wrap nosubsub"> 63 63 <?php screen_icon(); ?> 64 <h2><?php echo wp_specialchars( $title );64 <h2><?php echo esc_html( $title ); 65 65 if ( isset($_GET['s']) && $_GET['s'] ) 66 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>66 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?> 67 67 </h2> 68 68 -
trunk/wp-admin/edit-link-form.php
r11312 r11380 343 343 <div class="wrap"> 344 344 <?php screen_icon(); ?> 345 <h2><?php echo wp_specialchars( $title ); ?></h2>345 <h2><?php echo esc_html( $title ); ?></h2> 346 346 347 347 <?php if ( isset( $_GET['added'] ) ) : ?> -
trunk/wp-admin/edit-page-form.php
r11323 r11380 159 159 } 160 160 161 echo wp_specialchars( $visibility_trans ); ?></span>161 echo esc_html( $visibility_trans ); ?></span> 162 162 <?php if ( $can_publish ) { ?> 163 163 <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a> … … 398 398 <div class="wrap"> 399 399 <?php screen_icon(); ?> 400 <h2><?php echo wp_specialchars( $title ); ?></h2>400 <h2><?php echo esc_html( $title ); ?></h2> 401 401 402 402 <form name="post" action="page.php" method="post" id="post"> … … 461 461 if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) { 462 462 $last_user = get_userdata($last_id); 463 printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));463 printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified)); 464 464 } else { 465 465 printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified)); -
trunk/wp-admin/edit-pages.php
r11318 r11380 105 105 <div class="wrap"> 106 106 <?php screen_icon(); ?> 107 <h2><?php echo wp_specialchars( $title );107 <h2><?php echo esc_html( $title ); 108 108 if ( isset($_GET['s']) && $_GET['s'] ) 109 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( get_search_query() ) ); ?>109 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?> 110 110 </h2> 111 111 -
trunk/wp-admin/edit-tag-form.php
r11204 r11380 37 37 <tr class="form-field"> 38 38 <th scope="row" valign="top"><label for="description"><?php _e('Description') ?></label></th> 39 <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($tag->description); ?></textarea><br />39 <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br /> 40 40 <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td> 41 41 </tr> -
trunk/wp-admin/edit-tags.php
r11312 r11380 147 147 <div class="wrap nosubsub"> 148 148 <?php screen_icon(); ?> 149 <h2><?php echo wp_specialchars( $title );149 <h2><?php echo esc_html( $title ); 150 150 if ( isset($_GET['s']) && $_GET['s'] ) 151 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>151 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?> 152 152 </h2> 153 153 -
trunk/wp-admin/edit.php
r11312 r11380 97 97 <div class="wrap"> 98 98 <?php screen_icon(); ?> 99 <h2><?php echo wp_specialchars( $title );99 <h2><?php echo esc_html( $title ); 100 100 if ( isset($_GET['s']) && $_GET['s'] ) 101 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( get_search_query() ) ); ?>101 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?> 102 102 </h2> 103 103 -
trunk/wp-admin/export.php
r11204 r11380 25 25 <div class="wrap"> 26 26 <?php screen_icon(); ?> 27 <h2><?php echo wp_specialchars( $title ); ?></h2>27 <h2><?php echo esc_html( $title ); ?></h2> 28 28 29 29 <p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p> -
trunk/wp-admin/import.php
r10150 r11380 16 16 <div class="wrap"> 17 17 <?php screen_icon(); ?> 18 <h2><?php echo wp_specialchars( $title ); ?></h2>18 <h2><?php echo esc_html( $title ); ?></h2> 19 19 <p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p> 20 20 -
trunk/wp-admin/import/opml.php
r11204 r11380 59 59 foreach ($categories as $category) { 60 60 ?> 61 <option value="<?php echo $category->term_id; ?>"><?php echo wp_specialchars(apply_filters('link_category', $category->name)); ?></option>61 <option value="<?php echo $category->term_id; ?>"><?php echo esc_html(apply_filters('link_category', $category->name)); ?></option> 62 62 <?php 63 63 } // end foreach -
trunk/wp-admin/includes/bookmark.php
r11204 r11380 30 30 wp_die( __( 'Cheatin’ uh?' )); 31 31 32 $_POST['link_url'] = wp_specialchars( $_POST['link_url'] );32 $_POST['link_url'] = esc_html( $_POST['link_url'] ); 33 33 $_POST['link_url'] = clean_url($_POST['link_url']); 34 $_POST['link_name'] = wp_specialchars( $_POST['link_name'] );35 $_POST['link_image'] = wp_specialchars( $_POST['link_image'] );34 $_POST['link_name'] = esc_html( $_POST['link_name'] ); 35 $_POST['link_image'] = esc_html( $_POST['link_image'] ); 36 36 $_POST['link_rss'] = clean_url($_POST['link_rss']); 37 37 if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] ) -
trunk/wp-admin/includes/dashboard.php
r11375 r11380 582 582 $type = ucwords( $comment->comment_type ); 583 583 endswitch; 584 $type = wp_specialchars( $type );584 $type = esc_html( $type ); 585 585 ?> 586 586 <div class="dashboard-comment-wrap"> … … 647 647 $site_link = clean_url( strip_tags( $author->get_link() ) ); 648 648 649 if ( !$publisher = wp_specialchars( strip_tags( $author->get_name() ) ) )649 if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) ) 650 650 $publisher = __( 'Somebody' ); 651 651 if ( $site_link ) … … 668 668 /* translators: incoming links feed, %4$s is the date */ 669 669 $text .= ' ' . __( 'on %4$s' ); 670 $date = wp_specialchars( strip_tags( $item->get_date() ) );670 $date = esc_html( strip_tags( $item->get_date() ) ); 671 671 $date = strtotime( $date ); 672 672 $date = gmdate( get_option( 'date_format' ), $date ); … … 814 814 else // but let's make it forward compatible if things change 815 815 $title = $item->get_title(); 816 $title = wp_specialchars( $title );817 818 $description = wp_specialchars( strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))) );816 $title = esc_html( $title ); 817 818 $description = esc_html( strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))) ); 819 819 820 820 $ilink = wp_nonce_url('plugin-install.php?tab=plugin-information&plugin=' . $slug, 'install-plugin_' . $slug) . -
trunk/wp-admin/includes/export.php
r10045 r11380 100 100 $str = utf8_encode($str); 101 101 102 // $str = ent2ncr( wp_specialchars($str));102 // $str = ent2ncr(esc_html($str)); 103 103 104 104 $str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>"; -
trunk/wp-admin/includes/media.php
r11372 r11380 1199 1199 $item .= $field[$field['input']]; 1200 1200 elseif ( $field['input'] == 'textarea' ) { 1201 $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";1201 $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . esc_html( $field['value'] ) . "</textarea>"; 1202 1202 } else { 1203 1203 $item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>"; … … 1420 1420 echo get_media_items( $id, $errors ); 1421 1421 } else { 1422 echo '<div id="media-upload-error">'. wp_specialchars($id->get_error_message()).'</div>';1422 echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>'; 1423 1423 exit; 1424 1424 } … … 1803 1803 1804 1804 echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>"; 1805 echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );1805 echo esc_html( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" ); 1806 1806 echo "</option>\n"; 1807 1807 } -
trunk/wp-admin/includes/post.php
r11375 r11380 320 320 function get_default_post_to_edit() { 321 321 if ( !empty( $_REQUEST['post_title'] ) ) 322 $post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));322 $post_title = esc_html( stripslashes( $_REQUEST['post_title'] )); 323 323 else if ( !empty( $_REQUEST['popuptitle'] ) ) { 324 $post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));324 $post_title = esc_html( stripslashes( $_REQUEST['popuptitle'] )); 325 325 $post_title = funky_javascript_fix( $post_title ); 326 326 } else { … … 330 330 $post_content = ''; 331 331 if ( !empty( $_REQUEST['content'] ) ) 332 $post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));332 $post_content = esc_html( stripslashes( $_REQUEST['content'] )); 333 333 else if ( !empty( $post_title ) ) { 334 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );334 $text = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 335 335 $text = funky_javascript_fix( $text); 336 336 $popupurl = clean_url($_REQUEST['popupurl']); … … 339 339 340 340 if ( !empty( $_REQUEST['excerpt'] ) ) 341 $post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));341 $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] )); 342 342 else 343 343 $post_excerpt = ''; -
trunk/wp-admin/includes/template.php
r11366 r11380 470 470 471 471 $class = in_array( $category->term_id, $popular_cats ) ? ' class="popular-category"' : ''; 472 $output .= "\n<li id='category-$category->term_id'$class>" . '<label class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . wp_specialchars( apply_filters('the_category', $category->name )) . '</label>';472 $output .= "\n<li id='category-$category->term_id'$class>" . '<label class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . esc_html( apply_filters('the_category', $category->name )) . '</label>'; 473 473 } 474 474 … … 563 563 <label class="selectit"> 564 564 <input id="in-<?php echo $id; ?>" type="checkbox" value="<?php echo (int) $category->term_id; ?>" /> 565 <?php echo wp_specialchars( apply_filters( 'the_category', $category->name ) ); ?>565 <?php echo esc_html( apply_filters( 'the_category', $category->name ) ); ?> 566 566 </label> 567 567 </li> … … 615 615 foreach ( $categories as $category ) { 616 616 $cat_id = $category->term_id; 617 $name = wp_specialchars( apply_filters('the_category', $category->name));617 $name = esc_html( apply_filters('the_category', $category->name)); 618 618 $checked = in_array( $cat_id, $checked_categories ); 619 619 echo '<li id="link-category-', $cat_id, '"><label for="in-link-category-', $cat_id, '" class="selectit"><input value="', $cat_id, '" type="checkbox" name="link_category[]" id="in-link-category-', $cat_id, '"', ($checked ? ' checked="checked"' : "" ), '/> ', $name, "</label></li>"; … … 1305 1305 <div class="mn">' . mysql2date( 'i', $post->post_date, false ) . '</div> 1306 1306 <div class="ss">' . mysql2date( 's', $post->post_date, false ) . '</div> 1307 <div class="post_password">' . wp_specialchars($post->post_password, 1) . '</div>';1307 <div class="post_password">' . esc_html( $post->post_password ) . '</div>'; 1308 1308 1309 1309 if( $post->post_type == 'page' ) 1310 1310 echo ' 1311 1311 <div class="post_parent">' . $post->post_parent . '</div> 1312 <div class="page_template">' . wp_specialchars(get_post_meta( $post->ID, '_wp_page_template', true ), 1) . '</div>1312 <div class="page_template">' . esc_html( get_post_meta( $post->ID, '_wp_page_template', true ) ) . '</div> 1313 1313 <div class="menu_order">' . $post->menu_order . '</div>'; 1314 1314 1315 1315 if( $post->post_type == 'post' ) 1316 1316 echo ' 1317 <div class="tags_input">' . wp_specialchars( str_replace( ',', ', ', get_tags_to_edit($post->ID) ), 1) . '</div>1317 <div class="tags_input">' . esc_html( str_replace( ',', ', ', get_tags_to_edit($post->ID) ) ) . '</div> 1318 1318 <div class="post_category">' . implode( ',', wp_get_post_categories( $post->ID ) ) . '</div> 1319 1319 <div class="sticky">' . (is_sticky($post->ID) ? 'sticky' : '') . '</div>'; … … 1332 1332 global $wp_query, $post, $mode; 1333 1333 1334 add_filter('the_title',' wp_specialchars');1334 add_filter('the_title','esc_html'); 1335 1335 1336 1336 // Create array of post IDs. … … 1479 1479 $out = array(); 1480 1480 foreach ( $categories as $c ) 1481 $out[] = "<a href='edit.php?category_name=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "</a>";1481 $out[] = "<a href='edit.php?category_name=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "</a>"; 1482 1482 echo join( ', ', $out ); 1483 1483 } else { … … 1495 1495 $out = array(); 1496 1496 foreach ( $tags as $c ) 1497 $out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";1497 $out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>"; 1498 1498 echo join( ', ', $out ); 1499 1499 } else { … … 1592 1592 } 1593 1593 1594 $page->post_title = wp_specialchars( $page->post_title );1594 $page->post_title = esc_html( $page->post_title ); 1595 1595 $pad = str_repeat( '— ', $level ); 1596 1596 $id = (int) $page->ID; … … 1654 1654 $edit_link = get_edit_post_link( $page->ID ); 1655 1655 ?> 1656 <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>1656 <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . esc_html($parent_name) : ''; ?></strong> 1657 1657 <?php 1658 1658 $actions = array(); … … 2338 2338 if ( $currentcat != $category->term_id && $parent == $category->parent) { 2339 2339 $pad = str_repeat( '– ', $level ); 2340 $category->name = wp_specialchars( $category->name );2340 $category->name = esc_html( $category->name ); 2341 2341 echo "\n\t<option value='$category->term_id'"; 2342 2342 if ( $currentparent == $category->term_id ) … … 2628 2628 $current = ''; 2629 2629 2630 echo "\n\t<option class='level-$level' value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>";2630 echo "\n\t<option class='level-$level' value='$item->ID'$current>$pad " . esc_html($item->post_title) . "</option>"; 2631 2631 parent_dropdown( $default, $item->ID, $level +1 ); 2632 2632 } -
trunk/wp-admin/includes/theme-install.php
r11286 r11380 194 194 if ( isset($trans[$feature_name]) ) 195 195 $feature_name = $trans[$feature_name]; 196 $feature_name = wp_specialchars( $feature_name );196 $feature_name = esc_html( $feature_name ); 197 197 echo '<div class="feature-name">' . $feature_name . '</div>'; 198 198 … … 202 202 if ( isset($trans[$feature]) ) 203 203 $feature_name = $trans[$feature]; 204 $feature_name = wp_specialchars( $feature_name );204 $feature_name = esc_html( $feature_name ); 205 205 $feature = esc_attr($feature); 206 206 ?> -
trunk/wp-admin/includes/user.php
r11320 r11380 66 66 67 67 if ( isset( $_POST['user_login'] )) 68 $user->user_login = wp_specialchars( trim( $_POST['user_login'] ));68 $user->user_login = esc_html( trim( $_POST['user_login'] )); 69 69 70 70 $pass1 = $pass2 = ''; … … 87 87 88 88 if ( isset( $_POST['email'] )) 89 $user->user_email = wp_specialchars( trim( $_POST['email'] ));89 $user->user_email = esc_html( trim( $_POST['email'] )); 90 90 if ( isset( $_POST['url'] ) ) { 91 91 if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { … … 97 97 } 98 98 if ( isset( $_POST['first_name'] )) 99 $user->first_name = wp_specialchars( trim( $_POST['first_name'] ));99 $user->first_name = esc_html( trim( $_POST['first_name'] )); 100 100 if ( isset( $_POST['last_name'] )) 101 $user->last_name = wp_specialchars( trim( $_POST['last_name'] ));101 $user->last_name = esc_html( trim( $_POST['last_name'] )); 102 102 if ( isset( $_POST['nickname'] )) 103 $user->nickname = wp_specialchars( trim( $_POST['nickname'] ));103 $user->nickname = esc_html( trim( $_POST['nickname'] )); 104 104 if ( isset( $_POST['display_name'] )) 105 $user->display_name = wp_specialchars( trim( $_POST['display_name'] ));105 $user->display_name = esc_html( trim( $_POST['display_name'] )); 106 106 if ( isset( $_POST['description'] )) 107 107 $user->description = trim( $_POST['description'] ); 108 108 if ( isset( $_POST['jabber'] )) 109 $user->jabber = wp_specialchars( trim( $_POST['jabber'] ));109 $user->jabber = esc_html( trim( $_POST['jabber'] )); 110 110 if ( isset( $_POST['aim'] )) 111 $user->aim = wp_specialchars( trim( $_POST['aim'] ));111 $user->aim = esc_html( trim( $_POST['aim'] )); 112 112 if ( isset( $_POST['yim'] )) 113 $user->yim = wp_specialchars( trim( $_POST['yim'] ));113 $user->yim = esc_html( trim( $_POST['yim'] )); 114 114 if ( !$update ) 115 115 $user->rich_editing = 'true'; // Default to true for new users. … … 381 381 $user->yim = isset( $user->yim ) && !empty( $user->yim ) ? esc_attr($user->yim) : ''; 382 382 $user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? esc_attr($user->jabber) : ''; 383 $user->description = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : '';383 $user->description = isset( $user->description ) && !empty( $user->description ) ? esc_html($user->description) : ''; 384 384 385 385 return $user; -
trunk/wp-admin/includes/widgets.php
r11309 r11380 163 163 unset($wp_registered_widgets[$widget_id]['_callback']); 164 164 165 $widget_title = wp_specialchars( strip_tags( $sidebar_args['widget_name'] ) );165 $widget_title = esc_html( strip_tags( $sidebar_args['widget_name'] ) ); 166 166 $has_form = 'noform'; 167 167 -
trunk/wp-admin/index.php
r10378 r11380 31 31 <div class="wrap"> 32 32 <?php screen_icon(); ?> 33 <h2><?php echo wp_specialchars( $title ); ?></h2>33 <h2><?php echo esc_html( $title ); ?></h2> 34 34 35 35 <div id="dashboard-widgets-wrap"> -
trunk/wp-admin/js/revisions-js.php
r9010 r11380 14 14 15 15 $j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) ); 16 $n = wp_specialchars( $GLOBALS['current_user']->data->display_name );16 $n = esc_html( $GLOBALS['current_user']->data->display_name ); 17 17 $d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) ); 18 18 -
trunk/wp-admin/link-manager.php
r11312 r11380 72 72 <div class="wrap nosubsub"> 73 73 <?php screen_icon(); ?> 74 <h2><?php echo wp_specialchars( $title );74 <h2><?php echo esc_html( $title ); 75 75 if ( isset($_GET['s']) && $_GET['s'] ) 76 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>76 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?> 77 77 </h2> 78 78 -
trunk/wp-admin/media-upload.php
r11372 r11380 56 56 <div class="wrap"> 57 57 <?php screen_icon(); ?> 58 <h2><?php echo wp_specialchars( $title ); ?></h2>58 <h2><?php echo esc_html( $title ); ?></h2> 59 59 60 60 <form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&upload-page-form=" class="media-upload-form type-form validate" id="file-form"> -
trunk/wp-admin/options-discussion.php
r11312 r11380 18 18 <div class="wrap"> 19 19 <?php screen_icon(); ?> 20 <h2><?php echo wp_specialchars( $title ); ?></h2>20 <h2><?php echo esc_html( $title ); ?></h2> 21 21 22 22 <form method="post" action="options.php"> -
trunk/wp-admin/options-general.php
r11323 r11380 53 53 <div class="wrap"> 54 54 <?php screen_icon(); ?> 55 <h2><?php echo wp_specialchars( $title ); ?></h2>55 <h2><?php echo esc_html( $title ); ?></h2> 56 56 57 57 <form method="post" action="options.php"> -
trunk/wp-admin/options-media.php
r11312 r11380 19 19 <div class="wrap"> 20 20 <?php screen_icon(); ?> 21 <h2><?php echo wp_specialchars( $title ); ?></h2>21 <h2><?php echo esc_html( $title ); ?></h2> 22 22 23 23 <form action="options.php" method="post"> -
trunk/wp-admin/options-misc.php
r11204 r11380 19 19 <div class="wrap"> 20 20 <?php screen_icon(); ?> 21 <h2><?php echo wp_specialchars( $title ); ?></h2>21 <h2><?php echo esc_html( $title ); ?></h2> 22 22 23 23 <form method="post" action="options.php"> -
trunk/wp-admin/options-permalink.php
r11350 r11380 143 143 <div class="wrap"> 144 144 <?php screen_icon(); ?> 145 <h2><?php echo wp_specialchars( $title ); ?></h2>145 <h2><?php echo esc_html( $title ); ?></h2> 146 146 147 147 <form name="form" action="options-permalink.php" method="post"> … … 227 227 <form action="options-permalink.php" method="post"> 228 228 <?php wp_nonce_field('update-permalink') ?> 229 <p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>229 <p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p> 230 230 </form> 231 231 <p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p> … … 236 236 <form action="options-permalink.php" method="post"> 237 237 <?php wp_nonce_field('update-permalink') ?> 238 <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>238 <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->mod_rewrite_rules()); ?></textarea></p> 239 239 </form> 240 240 <?php endif; ?> -
trunk/wp-admin/options-privacy.php
r11312 r11380 18 18 <div class="wrap"> 19 19 <?php screen_icon(); ?> 20 <h2><?php echo wp_specialchars( $title ); ?></h2>20 <h2><?php echo esc_html( $title ); ?></h2> 21 21 22 22 <form method="post" action="options.php"> -
trunk/wp-admin/options-reading.php
r11312 r11380 18 18 <div class="wrap"> 19 19 <?php screen_icon(); ?> 20 <h2><?php echo wp_specialchars( $title ); ?></h2>20 <h2><?php echo esc_html( $title ); ?></h2> 21 21 22 22 <form name="form1" method="post" action="options.php"> -
trunk/wp-admin/options-writing.php
r11312 r11380 18 18 <div class="wrap"> 19 19 <?php screen_icon(); ?> 20 <h2><?php echo wp_specialchars( $title ); ?></h2>20 <h2><?php echo esc_html( $title ); ?></h2> 21 21 22 22 <form method="post" action="options.php"> -
trunk/wp-admin/options.php
r11204 r11380 122 122 <td>"; 123 123 124 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";124 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . esc_html($value) . "</textarea>"; 125 125 else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . esc_attr($value) . "'$disabled />"; 126 126 -
trunk/wp-admin/page.php
r11190 r11380 101 101 $last_user = get_userdata( $last ); 102 102 $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); 103 $message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) );103 $message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) ); 104 104 $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" ); 105 105 add_action('admin_notices', create_function( '', "echo '$message';" ) ); -
trunk/wp-admin/plugin-editor.php
r11226 r11380 136 136 <div class="wrap"> 137 137 <?php screen_icon(); ?> 138 <h2><?php echo wp_specialchars( $title ); ?></h2>138 <h2><?php echo esc_html( $title ); ?></h2> 139 139 <div class="bordertitle"> 140 140 <form id="themeselector" action="plugin-editor.php" method="post"> -
trunk/wp-admin/plugin-install.php
r11366 r11380 57 57 <div class="wrap"> 58 58 <?php screen_icon(); ?> 59 <h2><?php echo wp_specialchars( $title ); ?></h2>59 <h2><?php echo esc_html( $title ); ?></h2> 60 60 61 61 <ul class="subsubsub"> -
trunk/wp-admin/plugins.php
r11371 r11380 190 190 if ( !empty($invalid) ) 191 191 foreach ( $invalid as $plugin_file => $error ) 192 echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>';192 echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), esc_html($plugin_file), $error->get_error_message()) . '</p></div>'; 193 193 ?> 194 194 … … 223 223 <div class="wrap"> 224 224 <?php screen_icon(); ?> 225 <h2><?php echo wp_specialchars( $title ); ?></h2>225 <h2><?php echo esc_html( $title ); ?></h2> 226 226 227 227 <?php -
trunk/wp-admin/post.php
r11190 r11380 136 136 $last_user = get_userdata( $last ); 137 137 $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); 138 $message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );138 $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) ); 139 139 $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" ); 140 140 add_action('admin_notices', create_function( '', "echo '$message';" ) ); -
trunk/wp-admin/press-this.php
r11312 r11380 92 92 93 93 // Set Variables 94 $title = isset($_GET['t']) ? wp_specialchars(aposfix(stripslashes($_GET['t']))) : '';94 $title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : ''; 95 95 $selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; 96 96 if ( ! empty($selection) ) { -
trunk/wp-admin/revision.php
r8732 r11380 178 178 179 179 <tr id="revision-field-<?php echo $field; ?>"> 180 <th scope="row"><?php echo wp_specialchars( $field_title ); ?></th>180 <th scope="row"><?php echo esc_html( $field_title ); ?></th> 181 181 <td><div class="pre"><?php echo $content; ?></div></td> 182 182 </tr> -
trunk/wp-admin/theme-editor.php
r11204 r11380 116 116 <div class="wrap"> 117 117 <?php screen_icon(); ?> 118 <h2><?php echo wp_specialchars( $title ); ?></h2>118 <h2><?php echo esc_html( $title ); ?></h2> 119 119 <div class="bordertitle"> 120 120 <form id="themeselector" action="theme-editor.php" method="post"> -
trunk/wp-admin/theme-install.php
r11005 r11380 57 57 <div class="wrap"> 58 58 <?php screen_icon(); ?> 59 <h2><?php echo wp_specialchars( $title ); ?></h2>59 <h2><?php echo esc_html( $title ); ?></h2> 60 60 61 61 <ul class="subsubsub"> -
trunk/wp-admin/themes.php
r11285 r11380 120 120 <div class="wrap"> 121 121 <?php screen_icon(); ?> 122 <h2><?php echo wp_specialchars( $title ); ?></h2>122 <h2><?php echo esc_html( $title ); ?></h2> 123 123 124 124 <h3><?php _e('Current Theme'); ?></h3> -
trunk/wp-admin/tools.php
r11204 r11380 18 18 ?> 19 19 <div class="wrap"> 20 <h2><?php echo wp_specialchars( $title ); ?></h2>20 <h2><?php echo esc_html( $title ); ?></h2> 21 21 22 22 <div class="tool-box"> -
trunk/wp-admin/upload.php
r11312 r11380 165 165 <div class="wrap"> 166 166 <?php screen_icon(); ?> 167 <h2><?php echo wp_specialchars( $title );167 <h2><?php echo esc_html( $title ); 168 168 if ( isset($_GET['s']) && $_GET['s'] ) 169 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( get_search_query() ) ); ?>169 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?> 170 170 </h2> 171 171 … … 323 323 foreach ( $orphans as $post ) { 324 324 $class = 'alternate' == $class ? '' : 'alternate'; 325 $att_title = wp_specialchars( _draft_or_post_title($post->ID) );325 $att_title = esc_html( _draft_or_post_title($post->ID) ); 326 326 ?> 327 327 <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top"> -
trunk/wp-admin/user-edit.php
r11359 r11380 116 116 <div class="wrap" id="profile-page"> 117 117 <?php screen_icon(); ?> 118 <h2><?php echo wp_specialchars( $title ); ?></h2>118 <h2><?php echo esc_html( $title ); ?></h2> 119 119 120 120 <form id="your-profile" action="" method="post"> -
trunk/wp-admin/users.php
r11312 r11380 240 240 <div class="wrap"> 241 241 <?php screen_icon(); ?> 242 <h2><?php echo wp_specialchars( $title );242 <h2><?php echo esc_html( $title ); 243 243 if ( isset($_GET['usersearch']) && $_GET['usersearch'] ) 244 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( $_GET['usersearch'] ) ); ?>244 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( $_GET['usersearch'] ) ); ?> 245 245 </h2> 246 246 -
trunk/wp-admin/widgets.php
r11204 r11380 126 126 <div class="wrap"> 127 127 <?php screen_icon(); ?> 128 <h2><?php echo wp_specialchars( $title ); ?></h2>128 <h2><?php echo esc_html( $title ); ?></h2> 129 129 <div class="error"> 130 130 <p><?php _e( 'No Sidebars Defined' ); ?></p> … … 259 259 <div class="wrap"> 260 260 <?php screen_icon(); ?> 261 <h2><?php echo wp_specialchars( $title ); ?></h2>261 <h2><?php echo esc_html( $title ); ?></h2> 262 262 <div class="editwidget"<?php echo $width; ?>> 263 <h3><?php printf( __( 'Widget %s' ), wp_specialchars( strip_tags($control['name']) ) ); ?></h3>263 <h3><?php printf( __( 'Widget %s' ), esc_html( strip_tags($control['name']) ) ); ?></h3> 264 264 265 265 <form action="widgets.php" method="post"> … … 335 335 <div class="wrap"> 336 336 <?php screen_icon(); ?> 337 <h2><?php echo wp_specialchars( $title ); ?></h2>337 <h2><?php echo esc_html( $title ); ?></h2> 338 338 339 339 <?php if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) { ?> … … 379 379 <div class="sidebar-name"> 380 380 <div class="sidebar-name-arrow"><br /></div> 381 <h3><?php echo wp_specialchars( $registered_sidebar['name'] ); ?>381 <h3><?php echo esc_html( $registered_sidebar['name'] ); ?> 382 382 <span><img src="images/wpspin_dark.gif" class="ajax-feedback" title="" alt="" /></span></h3></div> 383 383 <?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?> -
trunk/wp-includes/classes.php
r11318 r11380 1253 1253 $output .= ' selected="selected"'; 1254 1254 $output .= '>'; 1255 $title = wp_specialchars($page->post_title);1255 $title = esc_html($page->post_title); 1256 1256 $output .= "$pad$title"; 1257 1257 $output .= "</option>\n"; -
trunk/wp-includes/comment-template.php
r11323 r11380 1079 1079 1080 1080 $style = isset($_GET['replytocom']) ? '' : ' style="display:none;"'; 1081 $link = wp_specialchars( remove_query_arg('replytocom') ) . '#respond';1081 $link = esc_html( remove_query_arg('replytocom') ) . '#respond'; 1082 1082 return apply_filters('cancel_comment_reply_link', '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>', $link, $text); 1083 1083 } -
trunk/wp-includes/default-filters.php
r11208 r11380 21 21 add_filter($filter, 'trim'); 22 22 add_filter($filter, 'wp_filter_kses'); 23 add_filter($filter, ' wp_specialchars', 30);23 add_filter($filter, 'esc_html', 30); 24 24 } 25 25 … … 81 81 add_filter($filter, 'wptexturize'); 82 82 add_filter($filter, 'convert_chars'); 83 add_filter($filter, ' wp_specialchars');83 add_filter($filter, 'esc_html'); 84 84 } 85 85 … … 132 132 add_filter('the_title_rss', 'strip_tags'); 133 133 add_filter('the_title_rss', 'ent2ncr', 8); 134 add_filter('the_title_rss', ' wp_specialchars');134 add_filter('the_title_rss', 'esc_html'); 135 135 add_filter('the_content_rss', 'ent2ncr', 8); 136 136 add_filter('the_excerpt_rss', 'convert_chars'); … … 138 138 add_filter('comment_author_rss', 'ent2ncr', 8); 139 139 add_filter('comment_text_rss', 'ent2ncr', 8); 140 add_filter('comment_text_rss', ' wp_specialchars');140 add_filter('comment_text_rss', 'esc_html'); 141 141 add_filter('bloginfo_rss', 'ent2ncr', 8); 142 142 add_filter('the_author', 'ent2ncr', 8); … … 144 144 // Misc filters 145 145 add_filter('option_ping_sites', 'privacy_ping_filter'); 146 add_filter('option_blog_charset', ' wp_specialchars');146 add_filter('option_blog_charset', '_wp_specialchars'); // IMPORTANT: This must not be wp_specialchars() or esc_html() or it'll cause an infinite loop 147 147 add_filter('option_home', '_config_wp_home'); 148 148 add_filter('option_siteurl', '_config_wp_siteurl'); -
trunk/wp-includes/default-widgets.php
r11318 r11380 821 821 $desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); 822 822 $desc = wp_html_excerpt( $desc, 360 ) . ' […]'; 823 $desc = wp_specialchars( $desc );823 $desc = esc_html( $desc ); 824 824 825 825 if ( $show_summary ) { … … 845 845 $author = $item->get_author(); 846 846 $author = $author->get_name(); 847 $author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>';847 $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>'; 848 848 } 849 849 -
trunk/wp-includes/feed.php
r11358 r11380 166 166 $encode_html = 2; 167 167 if ( 1== $encode_html ) { 168 $content = wp_specialchars($content);168 $content = esc_html($content); 169 169 $cut = 0; 170 170 } elseif ( 0 == $encode_html ) { -
trunk/wp-includes/formatting.php
r11345 r11380 214 214 * @return string The encoded text with HTML entities. 215 215 */ 216 function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {216 function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { 217 217 $string = (string) $string; 218 218 … … 287 287 * 288 288 * @param string $string The text which is to be decoded. 289 * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.289 * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. 290 290 * @return string The decoded text without HTML entities. 291 291 */ … … 302 302 } 303 303 304 // Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value304 // Match the previous behaviour of _wp_specialchars() when the $quote_style is not an accepted value 305 305 if ( empty( $quote_style ) ) { 306 306 $quote_style = ENT_NOQUOTES; … … 2075 2075 function esc_js( $text ) { 2076 2076 $safe_text = wp_check_invalid_utf8( $text ); 2077 $safe_text = wp_specialchars( $safe_text, ENT_COMPAT );2077 $safe_text = _wp_specialchars( $safe_text, ENT_COMPAT ); 2078 2078 $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) ); 2079 2079 $safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) ); … … 2099 2099 2100 2100 /** 2101 * Escaping for HTML attributes.2101 * Escaping for HTML blocks. 2102 2102 * 2103 2103 * @since 2.8.0 … … 2106 2106 * @return string 2107 2107 */ 2108 function esc_html( $text ) { 2109 $safe_text = wp_check_invalid_utf8( $text ); 2110 $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES ); 2111 return apply_filters( 'esc_html', $safe_text, $text ); 2112 return $text; 2113 } 2114 2115 /** 2116 * Escaping for HTML blocks 2117 * @deprecated 2.8.0 2118 * @see esc_html() 2119 */ 2120 function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { 2121 if ( func_num_args() > 1 ) { // Maintain backwards compat for people passing additional args 2122 $args = func_get_args(); 2123 return call_user_func_array( '_wp_specialchars', $args ); 2124 } else { 2125 return esc_html( $string ); 2126 } 2127 } 2128 2129 /** 2130 * Escaping for HTML attributes. 2131 * 2132 * @since 2.8.0 2133 * 2134 * @param string $text 2135 * @return string 2136 */ 2108 2137 function esc_attr( $text ) { 2109 2138 $safe_text = wp_check_invalid_utf8( $text ); 2110 $safe_text = wp_specialchars( $safe_text, ENT_QUOTES );2139 $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES ); 2111 2140 return apply_filters( 'attribute_escape', $safe_text, $text ); 2112 2141 } … … 2225 2254 $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes 2226 2255 $value = stripslashes($value); 2227 $value = wp_specialchars( $value );2256 $value = esc_html( $value ); 2228 2257 break; 2229 2258 … … 2299 2328 * Callback function used by preg_replace. 2300 2329 * 2301 * @uses wp_specialcharsto format the $matches text.2330 * @uses esc_html to format the $matches text. 2302 2331 * @since 2.3.0 2303 2332 * 2304 2333 * @param array $matches Populated by matches to preg_replace. 2305 * @return string The text returned after wp_specialcharsif needed.2334 * @return string The text returned after esc_html if needed. 2306 2335 */ 2307 2336 function wp_pre_kses_less_than_callback( $matches ) { 2308 2337 if ( false === strpos($matches[0], '>') ) 2309 return wp_specialchars($matches[0]);2338 return esc_html($matches[0]); 2310 2339 return $matches[0]; 2311 2340 } -
trunk/wp-includes/functions.php
r11370 r11380 380 380 $protected = array( 'alloptions', 'notoptions' ); 381 381 if ( in_array( $option, $protected ) ) 382 die( sprintf( __( '%s is a protected WP option and may not be modified' ), wp_specialchars( $option ) ) );382 die( sprintf( __( '%s is a protected WP option and may not be modified' ), esc_html( $option ) ) ); 383 383 } 384 384 … … 1594 1594 $hook = 'do_feed_' . $feed; 1595 1595 if ( !has_action($hook) ) { 1596 $message = sprintf( __( 'ERROR: %s is not a valid feed template' ), wp_specialchars($feed));1596 $message = sprintf( __( 'ERROR: %s is not a valid feed template' ), esc_html($feed)); 1597 1597 wp_die($message); 1598 1598 } … … 1719 1719 function wp_nonce_url( $actionurl, $action = -1 ) { 1720 1720 $actionurl = str_replace( '&', '&', $actionurl ); 1721 return wp_specialchars( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );1721 return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) ); 1722 1722 } 1723 1723 … … 2309 2309 $object = call_user_func( $lookup, $object ); 2310 2310 } 2311 return sprintf( $trans[$verb][$noun][0], wp_specialchars($object) );2311 return sprintf( $trans[$verb][$noun][0], esc_html($object) ); 2312 2312 } else { 2313 2313 return $trans[$verb][$noun][0]; … … 2335 2335 function wp_nonce_ays( $action ) { 2336 2336 $title = __( 'WordPress Failure Notice' ); 2337 $html = wp_specialchars( wp_explain_nonce( $action ) );2337 $html = esc_html( wp_explain_nonce( $action ) ); 2338 2338 if ( wp_get_referer() ) 2339 2339 $html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>"; -
trunk/wp-includes/general-template.php
r11370 r11380 1470 1470 1471 1471 if ( comments_open() || pings_open() || $post->comment_count > 0 ) { 1472 $title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));1472 $title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) )); 1473 1473 $href = get_post_comments_feed_link( $post->ID ); 1474 1474 } -
trunk/wp-includes/l10n.php
r11281 r11380 121 121 122 122 /** 123 * Retrieves the translation of $text and escapes it for safe use in HTML output. 124 * If there is no translation, or the domain isn't loaded the original text is returned. 125 * 126 * @see translate() An alias of translate() 127 * @see esc_html() 128 * @since 2.8.0 129 * 130 * @param string $text Text to translate 131 * @param string $domain Optional. Domain to retrieve the translated text 132 * @return string Translated text 133 */ 134 function esc_html__( $text, $domain = 'default' ) { 135 return esc_html( translate( $text, $domain ) ); 136 } 137 138 /** 123 139 * Displays the returned translated text from translate(). 124 140 * … … 145 161 function esc_attr_e( $text, $domain = 'default' ) { 146 162 echo esc_attr( translate( $text, $domain ) ); 163 } 164 165 /** 166 * Displays translated text that has been escaped for safe use in HTML output. 167 * 168 * @see translate() Echoes returned translate() string 169 * @see esc_html() 170 * @since 2.8.0 171 * 172 * @param string $text Text to translate 173 * @param string $domain Optional. Domain to retrieve the translated text 174 */ 175 function esc_html_e( $text, $domain = 'default' ) { 176 echo esc_html( translate( $text, $domain ) ); 147 177 } 148 178 -
trunk/wp-includes/user.php
r10992 r11380 541 541 $_selected = $user->ID == $selected ? " selected='selected'" : ''; 542 542 $display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')'; 543 $output .= "\t<option value='$user->ID'$_selected>" . wp_specialchars($display) . "</option>\n";543 $output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n"; 544 544 } 545 545 -
trunk/wp-includes/widgets.php
r11374 r11380 602 602 603 603 if ( isset($wp_registered_widgets[$id]['description']) ) 604 return wp_specialchars( $wp_registered_widgets[$id]['description'] );604 return esc_html( $wp_registered_widgets[$id]['description'] ); 605 605 } 606 606 -
trunk/wp-mail.php
r11190 r11380 24 24 ( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) { 25 25 $pop3->quit(); 26 wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : wp_specialchars($pop3->ERROR) );26 wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : esc_html($pop3->ERROR) ); 27 27 } 28 28 … … 196 196 do_action('publish_phone', $post_ID); 197 197 198 echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), wp_specialchars($post_author)) . '</p>';199 echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), wp_specialchars($post_title)) . '</p>';198 echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), esc_html($post_author)) . '</p>'; 199 echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), esc_html($post_title)) . '</p>'; 200 200 201 201 if(!$pop3->delete($i)) { 202 echo '<p>' . sprintf(__('Oops: %s'), wp_specialchars($pop3->ERROR)) . '</p>';202 echo '<p>' . sprintf(__('Oops: %s'), esc_html($pop3->ERROR)) . '</p>'; 203 203 $pop3->reset(); 204 204 exit; -
trunk/xmlrpc.php
r11323 r11380 884 884 $struct['count'] = $tag->count; 885 885 $struct['slug'] = $tag->slug; 886 $struct['html_url'] = wp_specialchars( get_tag_link( $tag->term_id ) );887 $struct['rss_url'] = wp_specialchars( get_tag_feed_link( $tag->term_id ) );886 $struct['html_url'] = esc_html( get_tag_link( $tag->term_id ) ); 887 $struct['rss_url'] = esc_html( get_tag_feed_link( $tag->term_id ) ); 888 888 889 889 $tags[] = $struct; … … 2791 2791 $struct['categoryDescription'] = $cat->description; 2792 2792 $struct['categoryName'] = $cat->name; 2793 $struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id));2794 $struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2'));2793 $struct['htmlUrl'] = esc_html(get_category_link($cat->term_id)); 2794 $struct['rssUrl'] = esc_html(get_category_feed_link($cat->term_id, 'rss2')); 2795 2795 2796 2796 $categories_struct[] = $struct; … … 3328 3328 $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); 3329 3329 3330 $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';3330 $context = '[...] ' . esc_html( $excerpt ) . ' [...]'; 3331 3331 $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); 3332 3332
Note: See TracChangeset
for help on using the changeset viewer.