Make WordPress Core

Changeset 14374


Ignore:
Timestamp:
05/03/2010 06:16:22 PM (15 years ago)
Author:
ryan
Message:

Revert [14347] and [14372]. It broke more than we expected. Try again in 3.1. see #13051

Location:
trunk
Files:
36 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-header.php

    r14347 r14374  
    106106?>
    107107
    108 <img id="header-logo" src="<?php echo includes_url( 'images/blank.gif' ); ?>" alt="" width="32" height="32" />
     108<img id="header-logo" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" alt="" width="32" height="32" />
    109109<h1 id="site-heading" <?php echo $title_class ?>>
    110     <a href="<?php echo trailingslashit( home_url() ); ?>" title="<?php esc_attr_e('Visit Site') ?>">
     110    <a href="<?php echo trailingslashit( get_bloginfo( 'url' ) ); ?>" title="<?php esc_attr_e('Visit Site') ?>">
    111111        <span id="site-title"><?php echo $blog_name ?></span>
    112112    </a>
  • trunk/wp-admin/edit-comments.php

    r14347 r14374  
    157157        if ( $spammed > 0 ) {
    158158            $ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
    159             $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />';
     159            $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />';
    160160        }
    161161
     
    165165        if ( $trashed > 0 ) {
    166166            $ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
    167             $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) . '">' . __('Undo') . '</a><br />';
     167            $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />';
    168168        }
    169169
     
    177177            switch ( $comment->comment_approved ) {
    178178                case '1' :
    179                     $messages[] = __('This comment is already approved.') . ' <a href="' . admin_url( "comment.php?action=editcomment&c=$same" ) . '">' . __( 'Edit comment' ) . '</a>';
     179                    $messages[] = __('This comment is already approved.') . ' <a href="' . esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) ) . '">' . __( 'Edit comment' ) . '</a>';
    180180                    break;
    181181                case 'trash' :
    182                     $messages[] = __( 'This comment is already in the Trash.' ) . ' <a href="' . admin_url( 'edit-comments.php?comment_status=trash' ) . '"> ' . __( 'View Trash' ) . '</a>';
     182                    $messages[] = __( 'This comment is already in the Trash.' ) . ' <a href="' . esc_url( admin_url( 'edit-comments.php?comment_status=trash' ) ) . '"> ' . __( 'View Trash' ) . '</a>';
    183183                    break;
    184184                case 'spam' :
    185                     $messages[] = __( 'This comment is already marked as spam.' ) . ' <a href="' . admin_url( "comment.php?action=editcomment&c=$same" ) . '">' . __( 'Edit comment' ) . '</a>';
     185                    $messages[] = __( 'This comment is already marked as spam.' ) . ' <a href="' . esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) ) . '">' . __( 'Edit comment' ) . '</a>';
    186186                    break;
    187187            }
  • trunk/wp-admin/edit-form-advanced.php

    r14347 r14374  
    3737$messages['post'] = array(
    3838    '',
    39     sprintf( __('Post updated. <a href="%s">View post</a>'), get_permalink($post_ID) ),
     39    sprintf( __('Post updated. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ),
    4040    __('Custom field updated.'),
    4141    __('Custom field deleted.'),
     
    4343    /* translators: %s: date and time of the revision */
    4444    isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false,
    45     sprintf( __('Post published. <a href="%s">View post</a>'), get_permalink($post_ID) ),
     45    sprintf( __('Post published. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ),
    4646    __('Post saved.'),
    47     sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
     47    sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
    4848    sprintf( __('Post scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview post</a>'),
    4949        // translators: Publish box date format, see http://php.net/date
    50         date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),
    51     sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
     50        date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ),
     51    sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
    5252);
    5353$messages['page'] = array(
    5454    '',
    55     sprintf( __('Page updated. <a href="%s">View page</a>'), get_permalink($post_ID) ),
     55    sprintf( __('Page updated. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ),
    5656    __('Custom field updated.'),
    5757    __('Custom field deleted.'),
    5858    __('Page updated.'),
    5959    isset($_GET['revision']) ? sprintf( __('Page restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false,
    60     sprintf( __('Page published. <a href="%s">View page</a>'), get_permalink($post_ID) ),
     60    sprintf( __('Page published. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ),
    6161    __('Page saved.'),
    62     sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
    63     sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),
    64     sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
     62    sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
     63    sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ),
     64    sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
    6565);
    6666
  • trunk/wp-admin/edit.php

    r14347 r14374  
    200200    printf( _n( 'Item moved to the trash.', '%s items moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) );
    201201    $ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
    202     echo ' <a href="' . wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) . '">' . __('Undo') . '</a><br />';
     202    echo ' <a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) ) . '">' . __('Undo') . '</a><br />';
    203203    unset($_GET['trashed']);
    204204}
     
    367367
    368368<div class="view-switch">
    369     <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
    370     <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
     369    <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
     370    <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
    371371</div>
    372372
  • trunk/wp-admin/import/livejournal.php

    r14347 r14374  
    977977                    if ( jQuery( '#<?php echo $id ?>' ).length ) {
    978978                        jQuery( "#<?php echo $id ?> input[type='submit']" ).hide();
    979                         str = '<?php _e( "Continuing&#8230;" ) ?> <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" id="processing" align="top" />';
     979                        str = '<?php _e( "Continuing&#8230;" ) ?> <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="processing" align="top" />';
    980980                        jQuery( '#<?php echo $msg ?>' ).html( str );
    981981                        jQuery( '#<?php echo $id ?>' ).submit();
     
    10061006                        jQuery( "#<?php echo $id ?> input[type='submit']" ).hide();
    10071007                        jQuery.ajaxSetup({'timeout':3600000});
    1008                         str = '<?php _e( "Processing next batch." ) ?> <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" id="processing" align="top" />';
     1008                        str = '<?php _e( "Processing next batch." ) ?> <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="processing" align="top" />';
    10091009                        jQuery( '#<?php echo $msg ?>' ).html( str );
    10101010                        jQuery('#ljapi-status').load(ajaxurl, {'action':'lj-importer',
  • trunk/wp-admin/includes/dashboard.php

    r14347 r14374  
    384384    if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) {
    385385        $view = get_permalink( $_POST['post_ID'] );
    386         $edit = get_edit_post_link( $_POST['post_ID'] );
     386        $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) );
    387387        if ( 'post-quickpress-publish' == $_POST['action'] ) {
    388388            if ( current_user_can('publish_posts') )
    389                 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', $view , $edit );
     389                printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit );
    390390            else
    391                 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', add_query_arg( 'preview', 1, $view ), $edit );
     391                printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
    392392        } else {
    393             printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', add_query_arg( 'preview', 1, $view ), $edit );
     393            printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
    394394            $drafts_query = new WP_Query( array(
    395395                'post_type' => 'post',
     
    411411?>
    412412
    413     <form name="post" action="<?php echo admin_url( 'post.php' ); ?>" method="post" id="quick-press">
     413    <form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
    414414        <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
    415415        <div class="input-text-wrap">
     
    444444            <span id="publishing-action">
    445445                <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php current_user_can('publish_posts') ? esc_attr_e('Publish') : esc_attr_e('Submit for Review'); ?>" />
    446                 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" />
     446                <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" />
    447447            </span>
    448448            <br class="clear" />
     
    559559    $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
    560560    $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
    561     $comment_link = '<a class="comment-link" href="' . get_comment_link() . '">#</a>';
     561    $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
    562562
    563563    $actions_string = '';
  • trunk/wp-admin/includes/media.php

    r14347 r14374  
    12241224    if ( gd_edit_image_support( $post->post_mime_type ) ) {
    12251225        $nonce = wp_create_nonce( "image_editor-$post->ID" );
    1226         $image_edit_button = "<input type='button' id='imgedit-open-btn-$post->ID' onclick='imageEdit.open( $post->ID, \"$nonce\" )' class='button' value='" . esc_attr__( 'Edit Image' ) . "' /> <img src='" . admin_url( 'images/wpspin_light.gif' ) . "' class='imgedit-wait-spin' alt='' />";
     1226        $image_edit_button = "<input type='button' id='imgedit-open-btn-$post->ID' onclick='imageEdit.open( $post->ID, \"$nonce\" )' class='button' value='" . esc_attr__( 'Edit Image' ) . "' /> <img src='" . esc_url( admin_url( 'images/wpspin_light.gif' ) ) . "' class='imgedit-wait-spin' alt='' />";
    12271227    }
    12281228
     
    16411641        if ( ! document.forms[0].src.value )
    16421642            document.getElementById('status_img').innerHTML = '*';
    1643         else document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/no.png' ); ?>" alt="" />';
     1643        else document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/no.png' ) ); ?>" alt="" />';
    16441644    },
    16451645
     
    16501650        t.height = t.preloadImg.height;
    16511651        document.getElementById('go_button').style.color = '#333';
    1652         document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/yes.png' ); ?>" alt="" />';
     1652        document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/yes.png' ) ); ?>" alt="" />';
    16531653    },
    16541654
     
    16601660            return false;
    16611661        }
    1662         document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />';
     1662        document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />';
    16631663        t.preloadImg = new Image();
    16641664        t.preloadImg.onload = t.updateImageData;
  • trunk/wp-admin/includes/meta-boxes.php

    r14347 r14374  
    3838<?php
    3939if ( 'publish' == $post->post_status ) {
    40     $preview_link = get_permalink($post->ID);
     40    $preview_link = esc_url(get_permalink($post->ID));
    4141    $preview_button = __('Preview Changes');
    4242} else {
    43     $preview_link = apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)));
     43    $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
    4444    $preview_button = __('Preview');
    4545}
     
    205205
    206206<div id="publishing-action">
    207 <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" id="ajax-loading" style="visibility:hidden;" alt="" />
     207<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" id="ajax-loading" style="visibility:hidden;" alt="" />
    208208<?php
    209209if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) {
     
    452452<tbody id="the-comment-list" class="list:comment"></tbody>
    453453</table>
    454 <p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" /></p>
     454<p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /></p>
    455455<?php
    456456    $hidden = get_hidden_meta_boxes('post');
  • trunk/wp-admin/includes/ms.php

    r14347 r14374  
    211211                    $blog_users = get_users_of_blog( $details->userblog_id );
    212212                    if ( is_array( $blog_users ) && !empty( $blog_users ) ) {
    213                         $user_site = "<a href='" . get_home_url( $details->userblog_id ) . "'>{$details->blogname}</a>";
     213                        $user_site = "<a href='" . esc_url( get_home_url( $details->userblog_id ) ) . "'>{$details->blogname}</a>";
    214214                        $user_dropdown = "<select name='blog[$val][{$key}]'>";
    215215                        $user_list = '';
     
    301301###SITEURL### "), $new_admin_email );
    302302
    303     $content = str_replace( '###ADMIN_URL###', admin_url( 'options.php?adminhash='.$hash ), $content );
     303    $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'options.php?adminhash='.$hash ) ), $content );
    304304    $content = str_replace( '###EMAIL###', $value, $content );
    305305    $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
     
    353353###SITEURL###" ), $new_user_email );
    354354
    355         $content = str_replace( '###ADMIN_URL###', admin_url( 'profile.php?newuseremail='.$hash ), $content );
     355        $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content );
    356356        $content = str_replace( '###EMAIL###', $_POST['email'], $content);
    357357        $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
     
    482482    <table>
    483483        <tr class="first">
    484             <td class="first b b-posts"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB</a>' ), admin_url( 'upload.php' ), $quota ); ?></td>
     484            <td class="first b b-posts"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB</a>' ), esc_url( admin_url( 'upload.php' ) ), $quota ); ?></td>
    485485            <td class="t posts"><?php _e( 'Space Allowed' ); ?></td>
    486486        </tr>
     
    490490    <table>
    491491        <tr class="first">
    492             <td class="b b-comments"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB (%3$s%%)</a>' ), admin_url( 'upload.php' ), $used, $percentused ); ?></td>
     492            <td class="b b-comments"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB (%3$s%%)</a>' ), esc_url( admin_url( 'upload.php' ) ), $used, $percentused ); ?></td>
    493493            <td class="last t comments <?php echo $used_color;?>"><?php _e( 'Space Used' );?></td>
    494494        </tr>
     
    710710        return false;
    711711    if ( get_site_option( 'wpmu_upgrade_site' ) != $wp_db_version )
    712         echo "<div class='update-nag'>" . sprintf( __( 'Thank you for Updating! Please visit the <a href="%s">Update Network</a> page to update all your sites.' ), admin_url( 'ms-upgrade-network.php' ) ) . "</div>";
     712        echo "<div class='update-nag'>" . sprintf( __( 'Thank you for Updating! Please visit the <a href="%s">Update Network</a> page to update all your sites.' ), esc_url( admin_url( 'ms-upgrade-network.php' ) ) ) . "</div>";
    713713}
    714714add_action( 'admin_notices', 'site_admin_notice' );
     
    755755                    if ( $primary_blog == $blog->userblog_id )
    756756                        $found = true;
    757                     ?><option value="<?php echo $blog->userblog_id ?>"<?php selected( $primary_blog,  $blog->userblog_id ); ?>><?php echo get_home_url( $blog->userblog_id ) ?></option><?php
     757                    ?><option value="<?php echo $blog->userblog_id ?>"<?php selected( $primary_blog,  $blog->userblog_id ); ?>><?php echo esc_url( get_home_url( $blog->userblog_id ) ) ?></option><?php
    758758                } ?>
    759759            </select>
     
    783783    $mu_media_buttons = get_site_option( 'mu_media_buttons', array() );
    784784    if ( empty($mu_media_buttons['image']) && current_theme_supports( 'post-thumbnails' ) ) {
    785         echo "<div class='update-nag'>" . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on <a href='%s'>the options page</a> for it to work." ), admin_url( 'ms-options.php' ) ) . "</div>";
     785        echo "<div class='update-nag'>" . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on <a href='%s'>the options page</a> for it to work." ), esc_url( admin_url( 'ms-options.php' ) ) ) . "</div>";
    786786    }
    787787}
     
    804804 */
    805805function _admin_notice_multisite_activate_plugins_page() {
    806     $message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '<a href="' . admin_url( 'ms-options.php#menu' ) . '">' . __( 'Activate' ) . '</a>' );
     806    $message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '<a href="' . esc_url( admin_url( 'ms-options.php#menu' ) ) . '">' . __( 'Activate' ) . '</a>' );
    807807    echo "<div class='error'><p>$message</p></div>";
    808808}
  • trunk/wp-admin/includes/nav-menu.php

    r14352 r14374  
    451451        <p class="button-controls">
    452452            <span class="add-to-menu">
    453                 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
     453                <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    454454                <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-custom-menu-item" />
    455455            </span>
     
    640640
    641641            <span class="add-to-menu">
    642                 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
     642                <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    643643                <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-post-type-menu-item" />
    644644            </span>
     
    808808
    809809            <span class="add-to-menu">
    810                 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
     810                <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    811811                <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-taxonomy-menu-item" />
    812812            </span>
  • trunk/wp-admin/includes/plugin-install.php

    r14347 r14374  
    148148        foreach ( (array)$api_tags as $tag )
    149149            $tags[ $tag['name'] ] = (object) array(
    150                                     'link' => admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])),
     150                                    'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
    151151                                    'name' => $tag['name'],
    152152                                    'id' => sanitize_title_with_dashes($tag['name']),
  • trunk/wp-admin/includes/plugin.php

    r14347 r14374  
    823823
    824824    if ( empty($icon_url) )
    825         $icon_url = admin_url( 'images/generic.png' );
     825        $icon_url = esc_url( admin_url( 'images/generic.png' ) );
    826826    elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') )
    827827        $icon_url = 'https://' . substr($icon_url, 7);
  • trunk/wp-admin/includes/template.php

    r14347 r14374  
    6666        <?php $update_text = sprintf( __('Update %s'), $tax->singular_label ); ?>
    6767        <a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
    68         <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
     68        <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    6969        <span class="error" style="display:none;"></span>
    7070        <?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?>
     
    614614    $post_status = !empty($_REQUEST['post_status']) ? $_REQUEST['post_status'] : 'all';
    615615    if ( !in_array( $post_status, array('pending', 'draft', 'future') ) && ( empty($post_type) || post_type_supports($post_type, 'comments') ) )
    616         $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . admin_url( 'images/comment-grey-bubble.png' ) . '" /></div>';
     616        $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></div>';
    617617    $posts_columns['date'] = __('Date');
    618618
     
    644644    /* translators: column name */
    645645    $posts_columns['parent'] = _x('Attached to', 'column name');
    646     $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . admin_url( 'images/comment-grey-bubble.png' ) . '" /></div>';
     646    $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></div>';
    647647    //$posts_columns['comments'] = __('Comments');
    648648    /* translators: column name */
     
    11541154            ?>
    11551155            <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a>
    1156             <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
     1156            <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    11571157        <?php } else {
    11581158            $update_text = __( 'Update' );
     
    18191819            $edit_link = 'profile.php';
    18201820        } else {
    1821             $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) );
     1821            $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
    18221822        }
    18231823        $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />";
     
    20132013    $user_can = current_user_can($post_type_object->edit_cap, $post->ID);
    20142014
    2015     $comment_url = get_comment_link($comment->comment_ID);
     2015    $comment_url = esc_url(get_comment_link($comment->comment_ID));
    20162016    $author_url = get_comment_author_url();
    20172017    if ( 'http://' == $author_url )
     
    20692069                if ( $comment->comment_parent ) {
    20702070                    $parent = get_comment( $comment->comment_parent );
    2071                     $parent_link = get_comment_link( $comment->comment_parent );
     2071                    $parent_link = esc_url( get_comment_link( $comment->comment_parent ) );
    20722072                    $name = apply_filters( 'get_comment_author', $parent->comment_author ); // there's no API function for this
    20732073                    printf( ' | '.__( 'In reply to <a href="%1$s">%2$s</a>.' ), $parent_link, $name );
     
    22762276    <span id="savebtn" style="display:none;"><?php _e('Update Comment'); ?></span>
    22772277    <span id="replybtn" style="display:none;"><?php _e('Submit Reply'); ?></span></a>
    2278     <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" />
     2278    <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    22792279    <span class="error" style="display:none;"></span>
    22802280    <br class="clear" />
  • trunk/wp-admin/includes/widgets.php

    r14347 r14374  
    203203        </div>
    204204        <div class="alignright<?php if ( 'noform' === $has_form ) echo ' widget-control-noform'; ?>">
    205         <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" class="ajax-feedback " title="" alt="" />
     205        <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback " title="" alt="" />
    206206        <input type="submit" name="savewidget" class="button-primary widget-control-save" value="<?php esc_attr_e('Save'); ?>" />
    207207        </div>
  • trunk/wp-admin/js/revisions-js.php

    r14347 r14374  
    1313}
    1414
    15 $j = site_url( '/wp-includes/js/jquery/jquery.js' );
     15$j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
    1616$n = esc_html( $GLOBALS['current_user']->data->display_name );
    1717$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );
  • trunk/wp-admin/ms-delete-site.php

    r14347 r14374  
    3838    update_option( 'delete_blog_hash', $hash );
    3939
    40     $url_delete = admin_url( 'ms-delete-site.php?h=' . $hash );
     40    $url_delete = esc_url( admin_url( 'ms-delete-site.php?h=' . $hash ) );
    4141
    4242    $content = apply_filters( 'delete_site_email_content', __( "Dear User,
  • trunk/wp-admin/ms-edit.php

    r14347 r14374  
    3030
    3131        if ( empty( $_POST ) )
    32             wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">options page</a>.', admin_url( 'ms-options.php' ) ) ) );
     32            wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">options page</a>.', esc_url( admin_url( 'ms-options.php' ) ) ) ) );
    3333
    3434        if ( isset($_POST['WPLANG']) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) )
     
    205205
    206206        if ( empty( $_POST ) )
    207             wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">sites page</a>', admin_url( 'ms-sites.php' ) ) ) );
     207            wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">sites page</a>', esc_url( admin_url( 'ms-sites.php' ) ) ) ) );
    208208
    209209        switch_to_blog( $id );
     
    467467            </head>
    468468            <body id="error-page">
    469                 <h1 id="logo"><img alt="WordPress" src="<?php echo admin_url( 'images/wordpress-logo.png' ); ?>" /></h1>
     469                <h1 id="logo"><img alt="WordPress" src="<?php echo esc_attr( admin_url( 'images/wordpress-logo.png' ) ); ?>" /></h1>
    470470                <form action="ms-edit.php?action=<?php echo esc_attr( $_GET['action2'] ) ?>" method="post">
    471471                    <input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" />
  • trunk/wp-admin/ms-options.php

    r14347 r14374  
    9595               
    9696                <?php if ( get_site_option( 'admin_notice_feed' ) != get_home_url( $current_site->id, 'feed/' ) )
    97                     echo __( 'A good one to use would be the feed from your main site: ' ) . get_home_url( $current_site->id, 'feed/' ); ?></td>
     97                    echo __( 'A good one to use would be the feed from your main site: ' ) . esc_url( get_home_url( $current_site->id, 'feed/' ) ) ?></td>
    9898            </tr>
    9999        </table>
  • trunk/wp-admin/ms-sites.php

    r14347 r14374  
    8585        <div class="wrap">
    8686        <?php screen_icon(); ?>
    87         <h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo get_home_url( $id ); ?>"><?php echo get_home_url( $id ); ?></a></h2>
     87        <h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo esc_url( get_home_url( $id ) ); ?>"><?php echo esc_url( get_home_url( $id ) ); ?></a></h2>
    8888        <form method="post" action="ms-edit.php?action=updateblog">
    8989            <?php wp_nonce_field( 'editblog' ); ?>
     
    434434
    435435        <div class="view-switch">
    436             <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
    437             <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
     436            <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
     437            <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
    438438        </div>
    439439
     
    532532                            case 'blogname': ?>
    533533                                <td class="column-title">
    534                                     <a href="<?php echo admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a>
     534                                    <a href="<?php echo esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) ); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a>
    535535                                    <?php
    536536                                    if ( 'list' != $mode )
     
    547547                                    );
    548548
    549                                     $actions['edit']    = '<span class="edit"><a href="' . admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) . '">' . __( 'Edit' ) . '</a><span>';
    550                                     $actions['backend'] = "<span class='backend'><a href='" . get_admin_url($blog['blog_id']) . "' class='edit'>" . __( 'Backend' ) . '</a></span>';
     549                                    $actions['edit']    = '<span class="edit"><a href="' . esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $blog['blog_id'] ) ) . '">' . __( 'Edit' ) . '</a><span>';
     550                                    $actions['backend'] = "<span class='backend'><a href='" . esc_url( get_admin_url($blog['blog_id']) ) . "' class='edit'>" . __( 'Backend' ) . '</a></span>';
    551551                                    if ( $current_site->blog_id != $blog['blog_id'] ) {
    552552                                        if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' )
    553                                             $actions['activate']    = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ) . '">' . __( 'Activate' ) . '</a></span>';
     553                                            $actions['activate']    = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=activateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Activate' ) . '</a></span>';
    554554                                        else
    555                                             $actions['deactivate']  = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ) . '">' . __( 'Deactivate' ) . '</a></span>';
     555                                            $actions['deactivate']  = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=deactivateblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Deactivate' ) . '</a></span>';
    556556
    557557                                        if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' )
    558                                             $actions['unarchive']   = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=unarchiveblog&amp;id=' .  $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ) . '">' . __( 'Unarchive' ) . '</a></span>';
     558                                            $actions['unarchive']   = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=unarchiveblog&amp;id=' .  $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Unarchive' ) . '</a></span>';
    559559                                        else
    560                                             $actions['archive'] = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ) . '">' . __( 'Archive' ) . '</a></span>';
     560                                            $actions['archive'] = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=archiveblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Archive' ) . '</a></span>';
    561561
    562562                                        if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' )
    563                                             $actions['unspam']  = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ) . '">' . __( 'Not Spam' ) . '</a></span>';
     563                                            $actions['unspam']  = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=unspamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Not Spam' ) . '</a></span>';
    564564                                        else
    565                                             $actions['spam']    = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ) . '">' . __( 'Spam' ) . '</a></span>';
    566 
    567                                         $actions['delete']  = '<span class="delete"><a href="' . admin_url( 'ms-edit.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ) . '">' . __( 'Delete' ) . '</a></span>';
     565                                            $actions['spam']    = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=spamblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ) ) . '">' . __( 'Spam' ) . '</a></span>';
     566
     567                                        $actions['delete']  = '<span class="delete"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&amp;action2=deleteblog&amp;id=' . $blog['blog_id'] . '&amp;msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Delete' ) . '</a></span>';
    568568                                    }
    569569
    570                                     $actions['visit']   = "<span class='view'><a href='" . get_home_url( $blog['blog_id'] ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>';
     570                                    $actions['visit']   = "<span class='view'><a href='" . esc_url( get_home_url( $blog['blog_id'] ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>';
    571571                                    $actions = array_filter( $actions );
    572572                                    if ( count( $actions ) ) : ?>
     
    609609                                        if ( count( $blogusers ) > 5 ) {
    610610                                            $blogusers = array_slice( $blogusers, 0, 5 );
    611                                             $blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . get_admin_url( $blog['blog_id'], 'users.php' ) . '">' . __( 'More' ) . '</a>';
     611                                            $blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . esc_url( get_admin_url( $blog['blog_id'], 'users.php' ) ) . '">' . __( 'More' ) . '</a>';
    612612                                        }
    613613                                        foreach ( $blogusers as $key => $val ) {
    614                                             echo '<a href="' . admin_url( 'user-edit.php?user_id=' . $val->user_id ) . '">' . esc_html( $val->user_login ) . '</a> ';
     614                                            echo '<a href="' . esc_url( admin_url( 'user-edit.php?user_id=' . $val->user_id ) ) . '">' . esc_html( $val->user_login ) . '</a> ';
    615615                                            if ( 'list' != $mode )
    616616                                                echo '(' . $val->user_email . ')';
  • trunk/wp-admin/ms-themes.php

    r14347 r14374  
    2727?>
    2828<div class="wrap">
    29     <form action="<?php echo admin_url( 'ms-edit.php?action=updatethemes' ); ?>" method="post">
     29    <form action="<?php echo esc_url( admin_url( 'ms-edit.php?action=updatethemes' ) ); ?>" method="post">
    3030        <?php screen_icon(); ?>
    3131        <h2><?php _e( 'Network Themes' ) ?></h2>
  • trunk/wp-admin/ms-users.php

    r14347 r14374  
    150150
    151151            <div class="view-switch">
    152                 <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
    153                 <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif' ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
     152                <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>
     153                <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>
    154154            </div>
    155155        </div>
     
    231231                                ?>
    232232                                <td class="username column-username">
    233                                     <?php echo $avatar; ?><strong><a href="<?php echo admin_url( $edit_link ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php
     233                                    <?php echo $avatar; ?><strong><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php
    234234                                    if ( in_array( $user['user_login'], $super_admins ) )
    235235                                        echo ' - ' . __( 'Super admin' );
     
    237237                                    <br/>
    238238                                    <div class="row-actions">
    239                                         <span class="edit"><a href="<?php echo admin_url( $edit_link ); ?>"><?php _e( 'Edit' ); ?></a></span>
     239                                        <span class="edit"><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>"><?php _e( 'Edit' ); ?></a></span>
    240240                                        <?php if ( ! in_array( $user['user_login'], $super_admins ) ) { ?>
    241                                         | <span class="delete"><a href="<?php echo $delete  = admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span>
     241                                        | <span class="delete"><a href="<?php echo $delete  = esc_url( admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span>
    242242                                        <?php } ?>
    243243                                    </div>
     
    274274                                        foreach ( (array) $blogs as $key => $val ) {
    275275                                            $path   = ( $val->path == '/' ) ? '' : $val->path;
    276                                             echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>';
     276                                            echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id  ) ) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>';
    277277                                            echo ' <small class="row-actions">';
    278278
    279279                                            // Edit
    280                                             echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id ) .'">' . __( 'Edit' ) . '</a> | ';
     280                                            echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&amp;id=' . $val->userblog_id  ) ) .'">' . __( 'Edit' ) . '</a> | ';
    281281
    282282                                            // View
     
    284284                                            if ( get_blog_status( $val->userblog_id, 'spam' ) == 1 )
    285285                                                echo 'style="background-color: #faa" ';
    286                                             echo 'href="' .  get_home_url( $val->userblog_id ) . '">' . __( 'View' ) . '</a>';
     286                                            echo 'href="' .  esc_url( get_home_url( $val->userblog_id ) ) . '">' . __( 'View' ) . '</a>';
    287287                                           
    288288                                            echo '</small><br />';
  • trunk/wp-admin/my-sites.php

    r14347 r14374  
    8484            echo "<td valign='top' style='$s'>";
    8585            echo "<h3>{$user_blog->blogname}</h3>";
    86             echo "<p>" . apply_filters( 'myblogs_blog_actions', "<a href='" . get_home_url( $user_blog->userblog_id ). "'>" . __( 'Visit' ) . "</a> | <a href='" . get_admin_url( $user_blog->userblog_id ) . "'>" . __( 'Dashboard' ) . "</a>", $user_blog ) . "</p>";
     86            echo "<p>" . apply_filters( 'myblogs_blog_actions', "<a href='" . esc_url( get_home_url( $user_blog->userblog_id ) ). "'>" . __( 'Visit' ) . "</a> | <a href='" . esc_url( get_admin_url( $user_blog->userblog_id ) ) . "'>" . __( 'Dashboard' ) . "</a>", $user_blog ) . "</p>";
    8787            echo apply_filters( 'myblogs_options', '', $user_blog );
    8888            echo "</td>";
  • trunk/wp-admin/network.php

    r14347 r14374  
    9393
    9494    if ( get_option( 'siteurl' ) != get_option( 'home' ) ) {
    95         echo '<div class="error"><p><strong>' . __('Error:') . '</strong> ' . sprintf( __( 'Your <strong>WordPress address</strong> must match your <strong>Site address</strong> before creating a Network. See <a href="%s">General Settings</a>.' ), admin_url( 'options-general.php' ) ) . '</strong></p></div>';
     95        echo '<div class="error"><p><strong>' . __('Error:') . '</strong> ' . sprintf( __( 'Your <strong>WordPress address</strong> must match your <strong>Site address</strong> before creating a Network. See <a href="%s">General Settings</a>.' ), esc_url( admin_url( 'options-general.php' ) ) ) . '</strong></p></div>';
    9696        include ('./admin-footer.php' );
    9797        die();
     
    114114        else
    115115            echo '<p>' . sprintf( __( 'You cannot use port numbers such as <code>%s</code>.' ), $has_ports ) . '</p>';
    116         echo '<a href="' . admin_url() . '">' . __( 'Return to Dashboard' ) . '</a>';
     116        echo '<a href="' . esc_url( admin_url() ) . '">' . __( 'Return to Dashboard' ) . '</a>';
    117117        include( './admin-footer.php' );
    118118        die();
     
    334334        </ol>
    335335<?php if ( !is_multisite() ) { ?>
    336         <p><?php printf( __( 'Once you complete these steps, your network is enabled and configured.') ); ?> <a href="<?php echo admin_url(); ?>"><?php _e( 'Return to Dashboard' ); ?></a></p>
     336        <p><?php printf( __( 'Once you complete these steps, your network is enabled and configured.') ); ?> <a href="<?php echo esc_url( admin_url() ); ?>"><?php _e( 'Return to Dashboard' ); ?></a></p>
    337337<?php
    338338    }
  • trunk/wp-admin/options-general.php

    r14347 r14374  
    110110if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
    111111<div class="updated inline">
    112 <p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, admin_url( 'options.php?dismiss=new_admin_email' ) ); ?></p>
     112<p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?></p>
    113113</div>
    114114<?php endif; ?>
  • trunk/wp-admin/press-this.php

    r14347 r14374  
    400400                    jQuery('#extra-fields').show();
    401401                }
    402                 jQuery('#extra-fields').before('<div id="waiting"><img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></div>');
     402                jQuery('#extra-fields').before('<div id="waiting"><img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></div>');
    403403
    404404                if(photostorage == false) {
     
    476476                            <br /><br /><input class="button-primary" type="submit" name="review" value="<?php esc_attr_e('Submit for Review') ?>" id="review" />
    477477                        <?php } ?>
    478                         <img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" alt="" id="saving" style="display:none;" />
     478                        <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="saving" style="display:none;" />
    479479                    </p>
    480480                </div>
     
    564564                <li id="photo_button">
    565565                    Add: <?php if ( current_user_can('upload_files') ) { ?><a title="<?php _e('Insert an Image'); ?>" href="#">
    566 <img alt="<?php _e('Insert an Image'); ?>" src="<?php echo admin_url( 'images/media-button-image.gif' ); ?>"/></a>
     566<img alt="<?php _e('Insert an Image'); ?>" src="<?php echo esc_url( admin_url( 'images/media-button-image.gif' ) ); ?>"/></a>
    567567                    <?php } ?>
    568568                </li>
    569569                <li id="video_button">
    570                     <a title="<?php _e('Embed a Video'); ?>" href="#"><img alt="<?php _e('Embed a Video'); ?>" src="<?php echo admin_url( 'images/media-button-video.gif' ); ?>"/></a>
     570                    <a title="<?php _e('Embed a Video'); ?>" href="#"><img alt="<?php _e('Embed a Video'); ?>" src="<?php echo esc_url( admin_url( 'images/media-button-video.gif' ) ); ?>"/></a>
    571571                </li>
    572572                <?php if ( user_can_richedit() ) { ?>
  • trunk/wp-admin/themes.php

    r14371 r14374  
    170170    $theme_root = $themes[$theme_name]['Theme Root'];
    171171    $theme_root_uri = $themes[$theme_name]['Theme Root URI'];
    172     $preview_link = trailingslashit( home_url() );
     172    $preview_link = esc_url(get_option('home') . '/');
    173173    if ( is_ssl() )
    174174        $preview_link = str_replace( 'http://', 'https://', $preview_link );
  • trunk/wp-admin/update-core.php

    r14347 r14374  
    335335    } else {
    336336        show_message( __('WordPress updated successfully') );
    337         show_message( '<strong>' . __('Actions:') . '</strong> <a href="' . admin_url() . '">' . __('Go to Dashboard') . '</a>' );
     337        show_message( '<strong>' . __('Actions:') . '</strong> <a href="' . esc_url( admin_url() ) . '">' . __('Go to Dashboard') . '</a>' );
    338338    }
    339339    echo '</div>';
  • trunk/wp-admin/upload.php

    r14347 r14374  
    194194if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) {
    195195    $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) );
    196     $message .= ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>';
     196    $message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
    197197    $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
    198198}
     
    206206$messages[2] = __('Media permanently deleted.');
    207207$messages[3] = __('Error saving media attachment.');
    208 $messages[4] = __('Media moved to the trash.') . ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) . '">' . __('Undo') . '</a>';
     208$messages[4] = __('Media moved to the trash.') . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
    209209$messages[5] = __('Media restored from the trash.');
    210210
  • trunk/wp-admin/user-edit.php

    r14347 r14374  
    161161<h2><?php echo esc_html( $title ); ?></h2>
    162162
    163 <form id="your-profile" action="<?php echo admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>
     163<form id="your-profile" action="<?php echo esc_url( admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>
    164164<?php wp_nonce_field('update-user_' . $user_id) ?>
    165165<?php if ( $wp_http_referer ) : ?>
  • trunk/wp-admin/widgets.php

    r14347 r14374  
    366366        <div class="sidebar-name-arrow"><br /></div>
    367367        <h3><?php _e('Inactive Widgets'); ?>
    368         <span><img src="<?php echo admin_url( 'images/wpspin_light.gif' ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>
     368        <span><img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>
    369369        <div class="widget-holder inactive">
    370370        <p class="description"><?php _e('Drag widgets here to remove them from the sidebar but keep their settings.'); ?></p>
     
    388388    <div class="sidebar-name-arrow"><br /></div>
    389389    <h3><?php echo esc_html( $registered_sidebar['name'] ); ?>
    390     <span><img src="<?php echo admin_url( 'images/wpspin_dark.gif' ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>
     390    <span><img src="<?php echo esc_url( admin_url( 'images/wpspin_dark.gif' ) ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>
    391391    <?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?>
    392392    </div>
  • trunk/wp-content/themes/twentyten/functions.php

    r14347 r14374  
    269269        <?php endif; ?>
    270270
    271         <div class="comment-meta commentmetadata"><a href="<?php echo get_comment_link( $comment->comment_ID ); ?>"><?php printf( __( '%1$s at %2$s', 'twentyten' ), get_comment_date(),  get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)', 'twentyten' ),'  ','' ); ?></div>
     271        <div class="comment-meta commentmetadata"><a href="<?php echo esc_url( get_comment_link( $comment->comment_ID ) ); ?>"><?php printf( __( '%1$s at %2$s', 'twentyten' ), get_comment_date(),  get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)', 'twentyten' ),'  ','' ); ?></div>
    272272
    273273        <div class="comment-body"><?php comment_text(); ?></div>
  • trunk/wp-includes/comment-template.php

    r14365 r14374  
    10331033
    10341034    if ( get_option('comment_registration') && !$user_ID )
    1035         $link = '<a rel="nofollow" class="comment-reply-login" href="' . wp_login_url( get_permalink() ) . '">' . $login_text . '</a>';
     1035        $link = '<a rel="nofollow" class="comment-reply-login" href="' . esc_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>';
    10361036    else
    10371037        $link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
  • trunk/wp-includes/default-widgets.php

    r14347 r14374  
    645645            <ul id="recentcomments"><?php
    646646            if ( $comments ) : foreach ( (array) $comments as $comment) :
    647             echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . get_comment_link($comment->comment_ID) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
     647            echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
    648648            endforeach; endif;?></ul>
    649649        <?php echo $after_widget; ?>
  • trunk/wp-includes/general-template.php

    r14365 r14374  
    185185function wp_loginout($redirect = '', $echo = true) {
    186186    if ( ! is_user_logged_in() )
    187         $link = '<a href="' . wp_login_url($redirect) . '">' . __('Log in') . '</a>';
     187        $link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
    188188    else
    189         $link = '<a href="' . wp_logout_url($redirect) . '">' . __('Log out') . '</a>';
     189        $link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>';
    190190
    191191    if ( $echo )
     
    21092109    }
    21102110
    2111     echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . wp_admin_css_uri( $file ) . "' type='text/css' />\n", $file );
     2111    echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file );
    21122112    if ( is_rtl() )
    2113         echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . wp_admin_css_uri( "$file-rtl" ) . "' type='text/css' />\n", "$file-rtl" );
     2113        echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" );
    21142114}
    21152115
  • trunk/wp-includes/link-template.php

    r14372 r14374  
    785785        return;
    786786
     787    if ( 'display' == $context )
     788        $action = '&amp;action=edit';
     789    else
     790        $action = '&action=edit';
     791
    787792    $post_type_object = get_post_type_object( $post->post_type );
    788793    if ( !$post_type_object )
     
    792797        return;
    793798
    794     $url = admin_url( sprintf($post_type_object->_edit_link, $post->ID) );
    795 
    796     if ( 'display' == $context )
    797         $url .= '&amp;action=edit';
    798     else
    799         $url .= '&action=edit';
    800 
    801     return apply_filters( 'get_edit_post_link', $url , $post->ID, $context );
     799    return apply_filters( 'get_edit_post_link', admin_url( sprintf($post_type_object->_edit_link . $action, $post->ID) ), $post->ID, $context );
    802800}
    803801
     
    18271825 * @return string Home url link with optional path appended.
    18281826*/
    1829 function home_url( $path = '', $scheme = null, $esc_url = true ) {
    1830     return get_home_url(null, $path, $scheme, $esc_url);
     1827function home_url( $path = '', $scheme = null ) {
     1828    return get_home_url(null, $path, $scheme);
    18311829}
    18321830
     
    18461844 * @return string Home url link with optional path appended.
    18471845*/
    1848 function get_home_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) {
     1846function get_home_url( $blog_id = null, $path = '', $scheme = null ) {
    18491847    $orig_scheme = $scheme;
    18501848
     
    18621860        $url .= '/' . ltrim( $path, '/' );
    18631861
    1864     $url = apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id );
    1865 
    1866     if ( $esc_url )
    1867         $url = esc_url($url);
    1868 
    1869     return $url;
     1862    return apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id );
    18701863}
    18711864
     
    18861879 * @return string Site url link with optional path appended.
    18871880*/
    1888 function site_url( $path = '', $scheme = null, $esc_url = true ) {
    1889     return get_site_url(null, $path, $scheme, $esc_url);
     1881function site_url( $path = '', $scheme = null ) {
     1882    return get_site_url(null, $path, $scheme);
    18901883}
    18911884
     
    19051898 * @return string Site url link with optional path appended.
    19061899*/
    1907 function get_site_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) {
     1900function get_site_url( $blog_id = null, $path = '', $scheme = null ) {
    19081901    // should the list of allowed schemes be maintained elsewhere?
    19091902    $orig_scheme = $scheme;
     
    19291922        $url .= '/' . ltrim($path, '/');
    19301923
    1931     $url = apply_filters('site_url', $url, $path, $orig_scheme, $blog_id);
    1932 
    1933     if ( $esc_url )
    1934         $url = esc_url($url);
    1935 
    1936     return $url;
     1924    return apply_filters('site_url', $url, $path, $orig_scheme, $blog_id);
    19371925}
    19381926
     
    19471935 * @return string Admin url link with optional path appended
    19481936*/
    1949 function admin_url( $path = '', $scheme = 'admin', $esc_url = true ) {
    1950     return get_admin_url(null, $path, $scheme, $esc_url);
     1937function admin_url( $path = '', $scheme = 'admin' ) {
     1938    return get_admin_url(null, $path, $scheme);
    19511939}
    19521940
     
    19621950 * @return string Admin url link with optional path appended
    19631951*/
    1964 function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin', $esc_url = true ) {
     1952function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) {
    19651953    $url = get_site_url($blog_id, 'wp-admin/', $scheme);
    19661954
     
    19681956        $url .= ltrim($path, '/');
    19691957
    1970     $url = apply_filters('admin_url', $url, $path, $blog_id);
    1971 
    1972     if ( $esc_url )
    1973         $url = esc_url($url);
    1974 
    1975     return $url;
     1958    return apply_filters('admin_url', $url, $path, $blog_id);
    19761959}
    19771960
     
    19851968 * @return string Includes url link with optional path appended.
    19861969*/
    1987 function includes_url($path = '', $esc_url = true) {
     1970function includes_url($path = '') {
    19881971    $url = site_url() . '/' . WPINC . '/';
    19891972
     
    19911974        $url .= ltrim($path, '/');
    19921975
    1993     $url = apply_filters('includes_url', $url, $path);
    1994 
    1995     if ( $esc_url )
    1996         $url = esc_url($url);
    1997 
    1998     return $url;
     1976    return apply_filters('includes_url', $url, $path);
    19991977}
    20001978
     
    20081986 * @return string Content url link with optional path appended.
    20091987*/
    2010 function content_url($path = '', $esc_url = true) {
     1988function content_url($path = '') {
    20111989    $url = WP_CONTENT_URL;
    20121990    if ( 0 === strpos($url, 'http') && is_ssl() )
     
    20161994        $url .= '/' . ltrim($path, '/');
    20171995
    2018     $url = apply_filters('content_url', $url, $path);
    2019 
    2020     if ( $esc_url )
    2021         $url = esc_url($url);
    2022 
    2023     return $url;
     1996    return apply_filters('content_url', $url, $path);
    20241997}
    20251998
     
    20352008 * @return string Plugins url link with optional path appended.
    20362009*/
    2037 function plugins_url($path = '', $plugin = '', $esc_url = true) {
     2010function plugins_url($path = '', $plugin = '') {
    20382011
    20392012    $mu_plugin_dir = WPMU_PLUGIN_DIR;
     
    20602033        $url .= '/' . ltrim($path, '/');
    20612034
    2062     $url = apply_filters('plugins_url', $url, $path, $plugin);
    2063 
    2064     if ( $esc_url )
    2065         $url = esc_url($url);
    2066 
    2067     return $url;
    2068 
     2035    return apply_filters('plugins_url', $url, $path, $plugin);
    20692036}
    20702037
     
    20832050 * @return string Site url link with optional path appended.
    20842051*/
    2085 function network_site_url( $path = '', $scheme = null, $esc_url = true ) {
     2052function network_site_url( $path = '', $scheme = null ) {
    20862053    global $current_site;
    20872054
     
    21082075        $url .= ltrim($path, '/');
    21092076
    2110     $url = apply_filters('network_site_url', $url, $path, $orig_scheme);
    2111 
    2112     if ( $esc_url )
    2113         $url = esc_url($url);
    2114 
    2115     return $url;
     2077    return apply_filters('network_site_url', $url, $path, $orig_scheme);
    21162078}
    21172079
     
    21302092 * @return string Home url link with optional path appended.
    21312093*/
    2132 function network_home_url( $path = '', $scheme = null, $esc_url = true ) {
     2094function network_home_url( $path = '', $scheme = null ) {
    21332095    global $current_site;
    21342096
     
    21482110        $url .= ltrim( $path, '/' );
    21492111
    2150     $url = apply_filters( 'network_home_url', $url, $path, $orig_scheme);
    2151 
    2152     if ( $esc_url )
    2153         $url = esc_url($url);
    2154 
    2155     return $url;
     2112    return apply_filters( 'network_home_url', $url, $path, $orig_scheme);
    21562113}
    21572114
     
    21662123 * @return string Admin url link with optional path appended
    21672124*/
    2168 function network_admin_url( $path = '', $scheme = 'admin', $esc_url = true ) {
     2125function network_admin_url( $path = '', $scheme = 'admin' ) {
    21692126    $url = network_site_url('wp-admin/', $scheme);
    21702127
     
    21722129        $url .= ltrim($path, '/');
    21732130
    2174     $url = apply_filters('network_admin_url', $url, $path);
    2175 
    2176     if ( $esc_url )
    2177         $url = esc_url($url);
    2178 
    2179     return $url;
     2131    return apply_filters('network_admin_url', $url, $path);
    21802132}
    21812133
  • trunk/wp-includes/ms-functions.php

    r14347 r14374  
    853853        return false;
    854854
    855     $options_site_url = network_admin_url('ms-options.php');
     855    $options_site_url = esc_url(network_admin_url('ms-options.php'));
    856856
    857857    switch_to_blog( $blog_id );
     
    882882    $user = new WP_User($user_id);
    883883
    884     $options_site_url = network_admin_url('ms-options.php');
     884    $options_site_url = esc_url(network_admin_url('ms-options.php'));
    885885    $msg = sprintf(__('New User: %1s
    886886Remote IP: %2s
Note: See TracChangeset for help on using the changeset viewer.