Changeset 11383 for trunk/wp-admin/includes/dashboard.php
- Timestamp:
- 05/18/2009 04:00:33 PM (12 years ago)
- File:
-
- 1 edited
-
trunk/wp-admin/includes/dashboard.php (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/dashboard.php
r11380 r11383 116 116 if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) { 117 117 list($url) = explode( '#', add_query_arg( 'edit', false ), 2 ); 118 $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';118 $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>'; 119 119 add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' ); 120 120 return; 121 121 } 122 122 list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 ); 123 $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';123 $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>'; 124 124 } 125 125 $side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary'); … … 358 358 if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) { 359 359 $view = get_permalink( $_POST['post_ID'] ); 360 $edit = clean_url( get_edit_post_link( $_POST['post_ID'] ) );360 $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) ); 361 361 if ( 'post-quickpress-publish' == $_POST['action'] ) { 362 362 if ( current_user_can('publish_posts') ) 363 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( $view ), $edit );363 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit ); 364 364 else 365 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );365 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 366 366 } else { 367 printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );367 printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 368 368 $drafts_query = new WP_Query( array( 369 369 'post_type' => 'post', … … 385 385 ?> 386 386 387 <form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">387 <form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press"> 388 388 <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4> 389 389 <div class="input-text-wrap"> … … 526 526 $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); 527 527 $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>"; 528 $comment_link = '<a class="comment-link" href="' . clean_url(get_comment_link()) . '">#</a>';529 530 $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );531 $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );532 $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );533 $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );528 $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; 529 530 $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 531 $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 532 $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) ); 533 $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 534 534 535 535 $actions = array(); … … 642 642 $content = ''; 643 643 $date = ''; 644 $link = clean_url( strip_tags( $item->get_link() ) );644 $link = esc_url( strip_tags( $item->get_link() ) ); 645 645 646 646 $author = $item->get_author(); 647 $site_link = clean_url( strip_tags( $author->get_link() ) );647 $site_link = esc_url( strip_tags( $author->get_link() ) ); 648 648 649 649 if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) ) … … 781 781 list($link, $frag) = explode( '#', $item->get_link() ); 782 782 783 $link = clean_url($link);783 $link = esc_url($link); 784 784 if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) ) 785 785 $slug = $matches[1];
Note: See TracChangeset
for help on using the changeset viewer.