Changeset 13106
- Timestamp:
- 02/13/2010 10:35:10 AM (15 years ago)
- Location:
- trunk
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/bookmark.php
r13053 r13106 247 247 $link_id = (int) $linkdata['link_id']; 248 248 249 $link = get_ link( $link_id, ARRAY_A );249 $link = get_bookmark( $link_id, ARRAY_A ); 250 250 251 251 // Escape data pulled from DB. -
trunk/wp-admin/includes/media.php
r12986 r13106 1147 1147 global $redir_tab; 1148 1148 1149 if ( ( $attachment_id = intval( $attachment_id ) ) && $thumb_url = get_attachment_icon_src( $attachment_id ) )1149 if ( ( $attachment_id = intval( $attachment_id ) ) && $thumb_url = wp_get_attachment_image_src( $attachment_id ) ) 1150 1150 $thumb_url = $thumb_url[0]; 1151 1151 else -
trunk/wp-admin/includes/ms.php
r12965 r13106 213 213 if ( is_array( $blog_allowed_themes ) ) { 214 214 foreach( (array) $themes as $key => $theme ) { 215 $theme_key = wp_specialchars( $theme[ 'Stylesheet' ] );215 $theme_key = esc_html( $theme[ 'Stylesheet' ] ); 216 216 if ( isset( $blog_allowed_themes[ $key ] ) == true ) { 217 217 $blog_allowedthemes[ $theme_key ] = 1; … … 336 336 } else { 337 337 foreach( (array) $themes as $key => $theme ) { 338 $theme_key = wp_specialchars( $theme[ 'Stylesheet' ] );338 $theme_key = esc_html( $theme[ 'Stylesheet' ] ); 339 339 if ( isset( $allowed_themes[ $key ] ) == true ) { 340 340 $allowedthemes[ $theme_key ] = 1; -
trunk/wp-admin/includes/theme.php
r12859 r13106 143 143 $allowed_themes = array_merge( $allowed_themes, $blog_allowed_themes ); 144 144 145 if ( isset( $allowed_themes[ wp_specialchars( $ct->stylesheet ) ] ) == false )146 $allowed_themes[ wp_specialchars( $ct->stylesheet ) ] = true;145 if ( isset( $allowed_themes[ esc_html( $ct->stylesheet ) ] ) == false ) 146 $allowed_themes[ esc_html( $ct->stylesheet ) ] = true; 147 147 148 148 reset( $themes ); 149 149 foreach ( $themes as $key => $theme ) { 150 if ( isset( $allowed_themes[ wp_specialchars( $theme[ 'Stylesheet' ] ) ] ) == false )150 if ( isset( $allowed_themes[ esc_html( $theme[ 'Stylesheet' ] ) ] ) == false ) 151 151 unset( $themes[ $key ] ); 152 152 } -
trunk/wp-admin/includes/user.php
r12989 r13106 93 93 $user->user_url = ''; 94 94 } else { 95 $user->user_url = sanitize_url( $_POST['url'] );95 $user->user_url = esc_url_raw( $_POST['url'] ); 96 96 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 97 97 } -
trunk/wp-admin/ms-edit.php
r13095 r13106 386 386 reset( $themes ); 387 387 foreach ( (array) $themes as $key => $theme ) { 388 if ( $_POST['theme'][ wp_specialchars( $theme['Stylesheet'] ) ] == 'enabled' )389 $allowed_themes[ wp_specialchars( $theme['Stylesheet'] ) ] = true;388 if ( $_POST['theme'][ esc_html( $theme['Stylesheet'] ) ] == 'enabled' ) 389 $allowed_themes[ esc_html( $theme['Stylesheet'] ) ] = true; 390 390 } 391 391 update_site_option( 'allowedthemes', $allowed_themes ); … … 414 414 <body id="error-page"> 415 415 <h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1> 416 <form action='ms-edit.php?action=<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>' method='post'>417 <input type='hidden' name='action' value='<?php echo wp_specialchars( $_GET['action2'] ) ?>' />418 <input type='hidden' name='id' value='<?php echo wp_specialchars( $id ); ?>' />416 <form action='ms-edit.php?action=<?php echo esc_attr( $_GET[ 'action2' ] ) ?>' method='post'> 417 <input type='hidden' name='action' value='<?php echo esc_attr( $_GET['action2'] ) ?>' /> 418 <input type='hidden' name='id' value='<?php echo esc_attr( $id ); ?>' /> 419 419 <input type='hidden' name='ref' value='<?php echo $referrer; ?>' /> 420 420 <?php wp_nonce_field( $_GET['action2'] ) ?> 421 <p><?php echo wp_specialchars( stripslashes($_GET['msg']) ); ?></p>421 <p><?php echo esc_html( stripslashes($_GET['msg']) ); ?></p> 422 422 <p class="submit"><input class="button" type='submit' value='<?php _e("Confirm"); ?>' /></p> 423 423 </form> … … 500 500 501 501 $password = wp_generate_password(); 502 $user_id = wpmu_create_user(wp_specialchars( strtolower( $user['username'] ) ), $password, wp_specialchars( $user['email'] ) );502 $user_id = wpmu_create_user(wp_specialchars( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) ); 503 503 504 504 if ( false == $user_id ) -
trunk/wp-admin/ms-options.php
r13095 r13106 281 281 $menu_items = apply_filters( 'mu_menu_items', array('plugins' => __('Plugins')) ); 282 282 foreach ( (array) $menu_items as $key => $val ) { 283 echo "<tr><th scope='row'>" . wp_specialchars($val) . "</th><td><input type='checkbox' name='menu_items[" . $key . "]' value='1'" . checked($menu_perms[$key], '1', false) . " /></td></tr>";283 echo "<tr><th scope='row'>" . esc_html($val) . "</th><td><input type='checkbox' name='menu_items[" . $key . "]' value='1'" . checked($menu_perms[$key], '1', false) . " /></td></tr>"; 284 284 } 285 285 ?> -
trunk/wp-admin/ms-sites.php
r13039 r13106 169 169 if ( is_serialized($option->option_value) ) { 170 170 if ( is_serialized_string($option->option_value) ) { 171 $option->option_value = wp_specialchars(maybe_unserialize($option->option_value), 'single');171 $option->option_value = esc_html(maybe_unserialize($option->option_value), 'single'); 172 172 } else { 173 173 $option->option_value = "SERIALIZED DATA"; … … 211 211 $out = ''; 212 212 foreach ( $themes as $key => $theme ) { 213 $theme_key = wp_specialchars( $theme['Stylesheet'] );213 $theme_key = esc_html( $theme['Stylesheet'] ); 214 214 if ( ! isset($allowed_themes[$theme_key] ) ) { 215 215 $checked = ( isset($blog_allowed_themes[ $theme_key ]) ) ? 'checked="checked"' : ''; … … 254 254 <select name="role[<?php echo $val->user_id ?>]" id="new_role"><?php 255 255 foreach ( $editblog_roles as $role => $role_assoc ){ 256 $name = translate_ with_context($role_assoc['name']);256 $name = translate_user_role($role_assoc['name']); 257 257 $selected = ( $role == $existing_role ) ? 'selected="selected"' : ''; 258 258 echo "<option {$selected} value=\"" . esc_attr($role) . "\">{$name}</option>"; -
trunk/wp-admin/ms-themes.php
r12910 r13106 38 38 foreach ( (array) $themes as $key => $theme ) { 39 39 $total_theme_count++; 40 $theme_key = wp_specialchars($theme['Stylesheet']);40 $theme_key = esc_html($theme['Stylesheet']); 41 41 $class = ('alt' == $class) ? '' : 'alt'; 42 42 $class1 = $enabled = $disabled = ''; -
trunk/wp-admin/user-edit.php
r12928 r13106 71 71 if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { 72 72 $user->ID = $current_user->ID; 73 $user->user_email = wp_specialchars( trim( $new_email[ 'newemail' ] ) );73 $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) ); 74 74 if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) 75 75 $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) ); -
trunk/wp-admin/user-new.php
r12907 r13106 28 28 29 29 Please click the following link to activate your user account: 30 %%s" ), get_bloginfo('name'), site_url(), wp_specialchars( $_REQUEST[ 'role' ] ) );30 %%s" ), get_bloginfo('name'), site_url(), esc_html( $_REQUEST[ 'role' ] ) ); 31 31 } 32 32 add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' ); … … 56 56 if ( $user_details ) { 57 57 // Adding an existing user to this blog 58 $new_user_email = wp_specialchars(trim($_REQUEST['email']));58 $new_user_email = esc_html(trim($_REQUEST['email'])); 59 59 $redirect = 'user-new.php'; 60 60 $username = $user_details->user_login; -
trunk/wp-includes/ms-functions.php
r13047 r13106 868 868 if ( isset( $_GET['redirect'] ) ) { 869 869 if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) 870 $url .= "&action=blogs&s=". wp_specialchars( substr( $_GET['redirect'], 2 ) );870 $url .= "&action=blogs&s=". esc_html( substr( $_GET['redirect'], 2 ) ); 871 871 } elseif ( isset( $_POST['redirect'] ) ) { 872 872 $url = wpmu_admin_redirect_add_updated_param( $_POST['redirect'] ); … … 1156 1156 if ( $admin_email == '' ) 1157 1157 $admin_email = 'support@' . $_SERVER['SERVER_NAME']; 1158 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );1158 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) ); 1159 1159 $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 1160 1160 $message = sprintf( apply_filters( 'wpmu_signup_blog_notification_email', __( "To activate your blog, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\nAfter you activate, you can visit your blog here:\n\n%s" ) ), $activate_url, esc_url( "http://{$domain}{$path}" ), $key ); … … 1175 1175 if ( $admin_email == '' ) 1176 1176 $admin_email = 'support@' . $_SERVER['SERVER_NAME']; 1177 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );1177 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) ); 1178 1178 $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 1179 1179 $message = sprintf( apply_filters( 'wpmu_signup_user_notification_email', __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\n" ) ), site_url( "wp-activate.php?key=$key" ), $key ); … … 1479 1479 $admin_email = 'support@' . $_SERVER['SERVER_NAME']; 1480 1480 1481 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );1481 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) ); 1482 1482 $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 1483 1483 $message = $welcome_email; … … 1512 1512 $admin_email = 'support@' . $_SERVER['SERVER_NAME']; 1513 1513 1514 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );1514 $from_name = get_site_option( "site_name" ) == '' ? 'WordPress' : esc_html( get_site_option( "site_name" ) ); 1515 1515 $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 1516 1516 $message = $welcome_email; -
trunk/wp-signup.php
r12856 r13106 231 231 $errors = new WP_Error(); 232 232 if ( isset( $_POST[ 'signup_for' ] ) ) 233 $signup[ wp_specialchars( $_POST[ 'signup_for' ] ) ] = 'checked="checked"';233 $signup[ esc_html( $_POST[ 'signup_for' ] ) ] = 'checked="checked"'; 234 234 else 235 235 $signup[ 'blog' ] = 'checked="checked"';
Note: See TracChangeset
for help on using the changeset viewer.