WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/02/2010 10:53:59 PM (12 years ago)
Author:
ryan
Message:

Escape links by default. Props alexkingorg. see #13051

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-sites.php

    r14315 r14347  
    8585        <div class="wrap">
    8686        <?php screen_icon(); ?>
    87         <h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo esc_url( get_home_url( $id ) ); ?>"><?php echo esc_url( get_home_url( $id ) ); ?></a></h2>
     87        <h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo get_home_url( $id ); ?>"><?php echo get_home_url( $id ); ?></a></h2>
    8888        <form method="post" action="ms-edit.php?action=updateblog">
    8989            <?php wp_nonce_field( 'editblog' ); ?>
     
    434434
    435435        <div class="view-switch">
    436             <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
    437             <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
     436            <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
     437            <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
    438438        </div>
    439439
     
    532532                            case 'blogname': ?>
    533533                                <td class="column-title">
    534                                     <a href="<?php echo esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) ); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a>
     534                                    <a href="<?php echo admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a>
    535535                                    <?php
    536536                                    if ( 'list' != $mode )
     
    547547                                    );
    548548
    549                                     $actions['edit']    = '<span class="edit"><a href="' . esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) ) . '">' . __( 'Edit' ) . '</a><span>';
    550                                     $actions['backend'] = "<span class='backend'><a href='" . esc_url( get_admin_url($blog['blog_id']) ) . "' class='edit'>" . __( 'Backend' ) . '</a></span>';
     549                                    $actions['edit']    = '<span class="edit"><a href="' . admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) . '">' . __( 'Edit' ) . '</a><span>';
     550                                    $actions['backend'] = "<span class='backend'><a href='" . get_admin_url($blog['blog_id']) . "' class='edit'>" . __( 'Backend' ) . '</a></span>';
    551551                                    if ( $current_site->blog_id != $blog['blog_id'] ) {
    552552                                        if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' )
    553                                             $actions['activate']    = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Activate' ) . '</a></span>';
     553                                            $actions['activate']    = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ) . '">' . __( 'Activate' ) . '</a></span>';
    554554                                        else
    555                                             $actions['deactivate']  = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Deactivate' ) . '</a></span>';
     555                                            $actions['deactivate']  = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ) . '">' . __( 'Deactivate' ) . '</a></span>';
    556556
    557557                                        if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' )
    558                                             $actions['unarchive']   = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=unarchiveblog&amp;id=' .  $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Unarchive' ) . '</a></span>';
     558                                            $actions['unarchive']   = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=unarchiveblog&amp;id=' .  $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ) . '">' . __( 'Unarchive' ) . '</a></span>';
    559559                                        else
    560                                             $actions['archive'] = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Archive' ) . '</a></span>';
     560                                            $actions['archive'] = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ) . '">' . __( 'Archive' ) . '</a></span>';
    561561
    562562                                        if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' )
    563                                             $actions['unspam']  = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Not Spam' ) . '</a></span>';
     563                                            $actions['unspam']  = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ) . '">' . __( 'Not Spam' ) . '</a></span>';
    564564                                        else
    565                                             $actions['spam']    = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ) ) . '">' . __( 'Spam' ) . '</a></span>';
    566 
    567                                         $actions['delete']  = '<span class="delete"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Delete' ) . '</a></span>';
     565                                            $actions['spam']    = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ) . '">' . __( 'Spam' ) . '</a></span>';
     566
     567                                        $actions['delete']  = '<span class="delete"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ) . '">' . __( 'Delete' ) . '</a></span>';
    568568                                    }
    569569
    570                                     $actions['visit']   = "<span class='view'><a href='" . esc_url( get_home_url( $blog['blog_id'] ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>';
     570                                    $actions['visit']   = "<span class='view'><a href='" . get_home_url( $blog['blog_id'] ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>';
    571571                                    $actions = array_filter( $actions );
    572572                                    if ( count( $actions ) ) : ?>
     
    609609                                        if ( count( $blogusers ) > 5 ) {
    610610                                            $blogusers = array_slice( $blogusers, 0, 5 );
    611                                             $blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . esc_url( get_admin_url( $blog['blog_id'], 'users.php' ) ) . '">' . __( 'More' ) . '</a>';
     611                                            $blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . get_admin_url( $blog['blog_id'], 'users.php' ) . '">' . __( 'More' ) . '</a>';
    612612                                        }
    613613                                        foreach ( $blogusers as $key => $val ) {
    614                                             echo '<a href="' . esc_url( admin_url( 'user-edit.php?user_id=' . $val->user_id ) ) . '">' . esc_html( $val->user_login ) . '</a> ';
     614                                            echo '<a href="' . admin_url( 'user-edit.php?user_id=' . $val->user_id ) . '">' . esc_html( $val->user_login ) . '</a> ';
    615615                                            if ( 'list' != $mode )
    616616                                                echo '(' . $val->user_email . ')';
Note: See TracChangeset for help on using the changeset viewer.