WordPress.org

Make WordPress Core

Changeset 12619


Ignore:
Timestamp:
01/07/10 00:21:19 (4 years ago)
Author:
ryan
Message:

Add esc_attr to ms-options.php. see #11782

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-options.php

    r12610 r12619  
    1010include('admin-header.php'); 
    1111 
    12 if( is_site_admin() == false ) { 
     12if ( !is_super_admin() ) 
    1313    wp_die( __('You do not have permission to access this page.') ); 
    14 } 
    1514 
    1615if (isset($_GET['updated'])) { 
     
    3029                <th scope="row"><?php _e('Site Name') ?></th> 
    3130                <td> 
    32                     <input name="site_name" type="text" id="site_name" style="width: 95%" value="<?php echo $current_site->site_name ?>" size="45" /> 
     31                    <input name="site_name" type="text" id="site_name" style="width: 95%" value="<?php echo esc_attr($current_site->site_name) ?>" size="45" /> 
    3332                    <br /> 
    3433                    <?php _e('What you would like to call this website.') ?> 
     
    3938                <th scope="row"><?php _e('Site Admin Email') ?></th> 
    4039                <td> 
    41                     <input name="admin_email" type="text" id="admin_email" style="width: 95%" value="<?php echo stripslashes( get_site_option('admin_email') ) ?>" size="45" /> 
     40                    <input name="admin_email" type="text" id="admin_email" style="width: 95%" value="<?php echo esc_attr( stripslashes( get_site_option('admin_email') ) ) ?>" size="45" /> 
    4241                    <br /> 
    4342                    <?php printf( __( 'Registration and support mails will come from this address. Make it generic like "support@%s"' ), $current_site->domain ); ?> 
     
    9695                        $blogname = ''; 
    9796                    }?> 
    98                     <input name="dashboard_blog_orig" type="hidden" id="dashboard_blog_orig" value="<?php echo $blogname; ?>" /> 
    99                     <input name="dashboard_blog" type="text" id="dashboard_blog" value="<?php echo $blogname; ?>" size="30" /> 
     97                    <input name="dashboard_blog_orig" type="hidden" id="dashboard_blog_orig" value="<?php echo esc_attr($blogname); ?>" /> 
     98                    <input name="dashboard_blog" type="text" id="dashboard_blog" value="<?php echo esc_attr($blogname); ?>" size="30" /> 
    10099                    <br /> 
    101100                    <?php _e( "Blogname ('dashboard', 'control', 'manager', etc) or blog id.<br />New users are added to this blog as subscribers (or the user role defined below) if they don't have a blog. Leave blank for the main blog. 'Subscriber' users on old blog will be moved to the new blog if changed. New blog will be created if it does not exist." ); ?> 
     
    117116                <th scope="row"><?php _e('Banned Names') ?></th> 
    118117                <td> 
    119                     <input name="illegal_names" type="text" id="illegal_names" style="width: 95%" value="<?php echo implode( " ", get_site_option('illegal_names') ); ?>" size="45" /> 
     118                    <input name="illegal_names" type="text" id="illegal_names" style="width: 95%" value="<?php echo esc_attr( implode( " ", get_site_option('illegal_names') ) ); ?>" size="45" /> 
    120119                    <br /> 
    121120                    <?php _e('Users are not allowed to register these blogs. Separate names by spaces.') ?> 
     
    194193                <th scope="row"><?php _e('First Comment URL') ?></th> 
    195194                <td> 
    196                     <input type="text" size='40' name="first_comment_url" id="first_comment_url" value="<?php echo get_site_option('first_comment_url') ?>" /> 
     195                    <input type="text" size='40' name="first_comment_url" id="first_comment_url" value="<?php echo esc_attr(get_site_option('first_comment_url')) ?>" /> 
    197196                    <br /> 
    198197                    <?php _e('URL on first comment on a new blog.') ?> 
     
    217216            <tr valign="top"> 
    218217                <th scope="row"><?php _e('Blog upload space') ?></th> 
    219                 <td><input name="blog_upload_space" type="text" id="blog_upload_space" value="<?php echo get_site_option('blog_upload_space', 10) ?>" size="3" /> MB</td> 
     218                <td><input name="blog_upload_space" type="text" id="blog_upload_space" value="<?php echo esc_attr( get_site_option('blog_upload_space', 10) ) ?>" size="3" /> MB</td> 
    220219            </tr> 
    221220 
    222221            <tr valign="top"> 
    223222                <th scope="row"><?php _e('Upload File Types') ?></th> 
    224                 <td><input name="upload_filetypes" type="text" id="upload_filetypes" value="<?php echo get_site_option('upload_filetypes', 'jpg jpeg png gif') ?>" size="45" /></td> 
     223                <td><input name="upload_filetypes" type="text" id="upload_filetypes" value="<?php echo esc_attr( get_site_option('upload_filetypes', 'jpg jpeg png gif') ) ?>" size="45" /></td> 
    225224            </tr> 
    226225 
    227226            <tr valign="top"> 
    228227                <th scope="row"><?php _e('Max upload file size') ?></th> 
    229                 <td><input name="fileupload_maxk" type="text" id="fileupload_maxk" value="<?php echo get_site_option('fileupload_maxk', 300) ?>" size="5" /> KB</td> 
     228                <td><input name="fileupload_maxk" type="text" id="fileupload_maxk" value="<?php echo esc_attr( get_site_option('fileupload_maxk', 300) ) ?>" size="5" /> KB</td> 
    230229            </tr> 
    231230            <tr valign="top"> 
    232231                <th scope="row"><?php _e('Admin Notice Feed') ?></th> 
    233                 <td><input name="admin_notice_feed" style="width: 95%" type="text" id="admin_notice_feed" value="<?php echo get_site_option( 'admin_notice_feed' ) ?>" size="80" /><br /> 
     232                <td><input name="admin_notice_feed" style="width: 95%" type="text" id="admin_notice_feed" value="<?php echo esc_attr( get_site_option( 'admin_notice_feed' ) ) ?>" size="80" /><br /> 
    234233                <?php _e( 'Display the latest post from this RSS or Atom feed on all blog dashboards. Leave blank to disable.' ); ?><br /> 
    235234                <?php if( get_site_option( 'admin_notice_feed' ) != 'http://' . $current_site->domain . $current_site->path . 'feed/' ) 
     
    243242                <th scope="row"><?php _e('Site Admins') ?></th> 
    244243                <td> 
    245                     <input name="site_admins" type="text" id="site_admins" style="width: 95%" value="<?php echo implode(' ', get_site_option( 'site_admins', array( 'admin' ) ) ) ?>" size="45" /> 
     244                    <input name="site_admins" type="text" id="site_admins" style="width: 95%" value="<?php echo esc_attr( implode(' ', get_site_option( 'site_admins', array( 'admin' ) ) ) ) ?>" size="45" /> 
    246245                    <br /> 
    247246                    <?php _e('These users may login to the main blog and administer the site. Space separated list of usernames.') ?> 
     
    292291 
    293292        <p class="submit"> 
    294             <input type="submit" name="Submit" value="<?php _e('Update Options') ?>" /></p> 
     293            <input type="submit" name="Submit" value="<?php esc_attr_e('Update Options') ?>" /></p> 
    295294    </form> 
    296295</div> 
Note: See TracChangeset for help on using the changeset viewer.