Changeset 14347 for trunk/wp-admin/ms-users.php

Timestamp:

05/02/2010 10:53:59 PM (15 years ago)

Author:

ryan

Message:

Escape links by default. Props alexkingorg. see #13051

File:

• trunk/wp-admin/ms-users.php (modified) (5 diffs)

trunk/wp-admin/ms-users.php

@@ -150 +150 @@
 
             <div class="view-switch">
-                <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
-                <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
+                <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
+                <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
             </div>
         </div>
@@ -231 +231 @@
                                 ?>
                                 <td class="username column-username">
-                                    <?php echo $avatar; ?><strong><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php
+                                    <?php echo $avatar; ?><strong><a href="<?php echo admin_url( $edit_link ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php
                                     if ( in_array( $user['user_login'], $super_admins ) )
                                         echo ' - ' . __( 'Super admin' );
@@ -237 +237 @@
                                     <br/>
                                     <div class="row-actions">
-                                        <span class="edit"><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>"><?php _e( 'Edit' ); ?></a></span>
+                                        <span class="edit"><a href="<?php echo admin_url( $edit_link ); ?>"><?php _e( 'Edit' ); ?></a></span>
                                         <?php if ( ! in_array( $user['user_login'], $super_admins ) ) { ?>
-                                        | <span class="delete"><a href="<?php echo $delete  = esc_url( admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span>
+                                        | <span class="delete"><a href="<?php echo $delete  = admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span>
                                         <?php } ?>
                                     </div>
@@ -274 +274 @@
                                         foreach ( (array) $blogs as $key => $val ) {
                                             $path   = ( $val->path == '/' ) ? '' : $val->path;
-                                            echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id  ) ) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>';
+                                            echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>';
                                             echo ' <small class="row-actions">';
 
                                             // Edit
-                                            echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id  ) ) .'">' . __( 'Edit' ) . '</a> | ';
+                                            echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) .'">' . __( 'Edit' ) . '</a> | ';
 
                                             // View
@@ -284 +284 @@
                                             if ( get_blog_status( $val->userblog_id, 'spam' ) == 1 )
                                                 echo 'style="background-color: #faa" ';
-                                            echo 'href="' .  esc_url( get_home_url( $val->userblog_id ) )  . '">' . __( 'View' ) . '</a>';
+                                            echo 'href="' .  get_home_url( $val->userblog_id ) . '">' . __( 'View' ) . '</a>';
                                             
                                             echo '</small><br />';