Make WordPress Core

Changeset 12619


Ignore:
Timestamp:
01/07/2010 12:21:19 AM (15 years ago)
Author:
ryan
Message:

Add esc_attr to ms-options.php. see #11782

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-options.php

    r12610 r12619  
    1010include('admin-header.php');
    1111
    12 if( is_site_admin() == false ) {
     12if ( !is_super_admin() )
    1313    wp_die( __('You do not have permission to access this page.') );
    14 }
    1514
    1615if (isset($_GET['updated'])) {
     
    3029                <th scope="row"><?php _e('Site Name') ?></th>
    3130                <td>
    32                     <input name="site_name" type="text" id="site_name" style="width: 95%" value="<?php echo $current_site->site_name ?>" size="45" />
     31                    <input name="site_name" type="text" id="site_name" style="width: 95%" value="<?php echo esc_attr($current_site->site_name) ?>" size="45" />
    3332                    <br />
    3433                    <?php _e('What you would like to call this website.') ?>
     
    3938                <th scope="row"><?php _e('Site Admin Email') ?></th>
    4039                <td>
    41                     <input name="admin_email" type="text" id="admin_email" style="width: 95%" value="<?php echo stripslashes( get_site_option('admin_email') ) ?>" size="45" />
     40                    <input name="admin_email" type="text" id="admin_email" style="width: 95%" value="<?php echo esc_attr( stripslashes( get_site_option('admin_email') ) ) ?>" size="45" />
    4241                    <br />
    4342                    <?php printf( __( 'Registration and support mails will come from this address. Make it generic like "support@%s"' ), $current_site->domain ); ?>
     
    9695                        $blogname = '';
    9796                    }?>
    98                     <input name="dashboard_blog_orig" type="hidden" id="dashboard_blog_orig" value="<?php echo $blogname; ?>" />
    99                     <input name="dashboard_blog" type="text" id="dashboard_blog" value="<?php echo $blogname; ?>" size="30" />
     97                    <input name="dashboard_blog_orig" type="hidden" id="dashboard_blog_orig" value="<?php echo esc_attr($blogname); ?>" />
     98                    <input name="dashboard_blog" type="text" id="dashboard_blog" value="<?php echo esc_attr($blogname); ?>" size="30" />
    10099                    <br />
    101100                    <?php _e( "Blogname ('dashboard', 'control', 'manager', etc) or blog id.<br />New users are added to this blog as subscribers (or the user role defined below) if they don't have a blog. Leave blank for the main blog. 'Subscriber' users on old blog will be moved to the new blog if changed. New blog will be created if it does not exist." ); ?>
     
    117116                <th scope="row"><?php _e('Banned Names') ?></th>
    118117                <td>
    119                     <input name="illegal_names" type="text" id="illegal_names" style="width: 95%" value="<?php echo implode( " ", get_site_option('illegal_names') ); ?>" size="45" />
     118                    <input name="illegal_names" type="text" id="illegal_names" style="width: 95%" value="<?php echo esc_attr( implode( " ", get_site_option('illegal_names') ) ); ?>" size="45" />
    120119                    <br />
    121120                    <?php _e('Users are not allowed to register these blogs. Separate names by spaces.') ?>
     
    194193                <th scope="row"><?php _e('First Comment URL') ?></th>
    195194                <td>
    196                     <input type="text" size='40' name="first_comment_url" id="first_comment_url" value="<?php echo get_site_option('first_comment_url') ?>" />
     195                    <input type="text" size='40' name="first_comment_url" id="first_comment_url" value="<?php echo esc_attr(get_site_option('first_comment_url')) ?>" />
    197196                    <br />
    198197                    <?php _e('URL on first comment on a new blog.') ?>
     
    217216            <tr valign="top">
    218217                <th scope="row"><?php _e('Blog upload space') ?></th>
    219                 <td><input name="blog_upload_space" type="text" id="blog_upload_space" value="<?php echo get_site_option('blog_upload_space', 10) ?>" size="3" /> MB</td>
     218                <td><input name="blog_upload_space" type="text" id="blog_upload_space" value="<?php echo esc_attr( get_site_option('blog_upload_space', 10) ) ?>" size="3" /> MB</td>
    220219            </tr>
    221220
    222221            <tr valign="top">
    223222                <th scope="row"><?php _e('Upload File Types') ?></th>
    224                 <td><input name="upload_filetypes" type="text" id="upload_filetypes" value="<?php echo get_site_option('upload_filetypes', 'jpg jpeg png gif') ?>" size="45" /></td>
     223                <td><input name="upload_filetypes" type="text" id="upload_filetypes" value="<?php echo esc_attr( get_site_option('upload_filetypes', 'jpg jpeg png gif') ) ?>" size="45" /></td>
    225224            </tr>
    226225
    227226            <tr valign="top">
    228227                <th scope="row"><?php _e('Max upload file size') ?></th>
    229                 <td><input name="fileupload_maxk" type="text" id="fileupload_maxk" value="<?php echo get_site_option('fileupload_maxk', 300) ?>" size="5" /> KB</td>
     228                <td><input name="fileupload_maxk" type="text" id="fileupload_maxk" value="<?php echo esc_attr( get_site_option('fileupload_maxk', 300) ) ?>" size="5" /> KB</td>
    230229            </tr>
    231230            <tr valign="top">
    232231                <th scope="row"><?php _e('Admin Notice Feed') ?></th>
    233                 <td><input name="admin_notice_feed" style="width: 95%" type="text" id="admin_notice_feed" value="<?php echo get_site_option( 'admin_notice_feed' ) ?>" size="80" /><br />
     232                <td><input name="admin_notice_feed" style="width: 95%" type="text" id="admin_notice_feed" value="<?php echo esc_attr( get_site_option( 'admin_notice_feed' ) ) ?>" size="80" /><br />
    234233                <?php _e( 'Display the latest post from this RSS or Atom feed on all blog dashboards. Leave blank to disable.' ); ?><br />
    235234                <?php if( get_site_option( 'admin_notice_feed' ) != 'http://' . $current_site->domain . $current_site->path . 'feed/' )
     
    243242                <th scope="row"><?php _e('Site Admins') ?></th>
    244243                <td>
    245                     <input name="site_admins" type="text" id="site_admins" style="width: 95%" value="<?php echo implode(' ', get_site_option( 'site_admins', array( 'admin' ) ) ) ?>" size="45" />
     244                    <input name="site_admins" type="text" id="site_admins" style="width: 95%" value="<?php echo esc_attr( implode(' ', get_site_option( 'site_admins', array( 'admin' ) ) ) ) ?>" size="45" />
    246245                    <br />
    247246                    <?php _e('These users may login to the main blog and administer the site. Space separated list of usernames.') ?>
     
    292291
    293292        <p class="submit">
    294             <input type="submit" name="Submit" value="<?php _e('Update Options') ?>" /></p>
     293            <input type="submit" name="Submit" value="<?php esc_attr_e('Update Options') ?>" /></p>
    295294    </form>
    296295</div>
Note: See TracChangeset for help on using the changeset viewer.