Changeset 14374
- Timestamp:
- 05/03/2010 06:16:22 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 36 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-header.php
r14347 r14374 106 106 ?> 107 107 108 <img id="header-logo" src="<?php echo includes_url( 'images/blank.gif'); ?>" alt="" width="32" height="32" />108 <img id="header-logo" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" alt="" width="32" height="32" /> 109 109 <h1 id="site-heading" <?php echo $title_class ?>> 110 <a href="<?php echo trailingslashit( home_url() ); ?>" title="<?php esc_attr_e('Visit Site') ?>">110 <a href="<?php echo trailingslashit( get_bloginfo( 'url' ) ); ?>" title="<?php esc_attr_e('Visit Site') ?>"> 111 111 <span id="site-title"><?php echo $blog_name ?></span> 112 112 </a> -
trunk/wp-admin/edit-comments.php
r14347 r14374 157 157 if ( $spammed > 0 ) { 158 158 $ids = isset($_GET['ids']) ? $_GET['ids'] : 0; 159 $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments") . '">' . __('Undo') . '</a><br />';159 $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />'; 160 160 } 161 161 … … 165 165 if ( $trashed > 0 ) { 166 166 $ids = isset($_GET['ids']) ? $_GET['ids'] : 0; 167 $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments") . '">' . __('Undo') . '</a><br />';167 $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />'; 168 168 } 169 169 … … 177 177 switch ( $comment->comment_approved ) { 178 178 case '1' : 179 $messages[] = __('This comment is already approved.') . ' <a href="' . admin_url( "comment.php?action=editcomment&c=$same") . '">' . __( 'Edit comment' ) . '</a>';179 $messages[] = __('This comment is already approved.') . ' <a href="' . esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) ) . '">' . __( 'Edit comment' ) . '</a>'; 180 180 break; 181 181 case 'trash' : 182 $messages[] = __( 'This comment is already in the Trash.' ) . ' <a href="' . admin_url( 'edit-comments.php?comment_status=trash') . '"> ' . __( 'View Trash' ) . '</a>';182 $messages[] = __( 'This comment is already in the Trash.' ) . ' <a href="' . esc_url( admin_url( 'edit-comments.php?comment_status=trash' ) ) . '"> ' . __( 'View Trash' ) . '</a>'; 183 183 break; 184 184 case 'spam' : 185 $messages[] = __( 'This comment is already marked as spam.' ) . ' <a href="' . admin_url( "comment.php?action=editcomment&c=$same") . '">' . __( 'Edit comment' ) . '</a>';185 $messages[] = __( 'This comment is already marked as spam.' ) . ' <a href="' . esc_url( admin_url( "comment.php?action=editcomment&c=$same" ) ) . '">' . __( 'Edit comment' ) . '</a>'; 186 186 break; 187 187 } -
trunk/wp-admin/edit-form-advanced.php
r14347 r14374 37 37 $messages['post'] = array( 38 38 '', 39 sprintf( __('Post updated. <a href="%s">View post</a>'), get_permalink($post_ID) ),39 sprintf( __('Post updated. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ), 40 40 __('Custom field updated.'), 41 41 __('Custom field deleted.'), … … 43 43 /* translators: %s: date and time of the revision */ 44 44 isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, 45 sprintf( __('Post published. <a href="%s">View post</a>'), get_permalink($post_ID) ),45 sprintf( __('Post published. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ), 46 46 __('Post saved.'), 47 sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),47 sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), 48 48 sprintf( __('Post scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview post</a>'), 49 49 // translators: Publish box date format, see http://php.net/date 50 date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),51 sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),50 date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), 51 sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), 52 52 ); 53 53 $messages['page'] = array( 54 54 '', 55 sprintf( __('Page updated. <a href="%s">View page</a>'), get_permalink($post_ID) ),55 sprintf( __('Page updated. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ), 56 56 __('Custom field updated.'), 57 57 __('Custom field deleted.'), 58 58 __('Page updated.'), 59 59 isset($_GET['revision']) ? sprintf( __('Page restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, 60 sprintf( __('Page published. <a href="%s">View page</a>'), get_permalink($post_ID) ),60 sprintf( __('Page published. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ), 61 61 __('Page saved.'), 62 sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),63 sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),64 sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),62 sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), 63 sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), 64 sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), 65 65 ); 66 66 -
trunk/wp-admin/edit.php
r14347 r14374 200 200 printf( _n( 'Item moved to the trash.', '%s items moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) ); 201 201 $ids = isset($_GET['ids']) ? $_GET['ids'] : 0; 202 echo ' <a href="' . wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts") . '">' . __('Undo') . '</a><br />';202 echo ' <a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) ) . '">' . __('Undo') . '</a><br />'; 203 203 unset($_GET['trashed']); 204 204 } … … 367 367 368 368 <div class="view-switch"> 369 <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif'); ?>" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>370 <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif'); ?>" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>369 <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a> 370 <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a> 371 371 </div> 372 372 -
trunk/wp-admin/import/livejournal.php
r14347 r14374 977 977 if ( jQuery( '#<?php echo $id ?>' ).length ) { 978 978 jQuery( "#<?php echo $id ?> input[type='submit']" ).hide(); 979 str = '<?php _e( "Continuing…" ) ?> <img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" id="processing" align="top" />';979 str = '<?php _e( "Continuing…" ) ?> <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="processing" align="top" />'; 980 980 jQuery( '#<?php echo $msg ?>' ).html( str ); 981 981 jQuery( '#<?php echo $id ?>' ).submit(); … … 1006 1006 jQuery( "#<?php echo $id ?> input[type='submit']" ).hide(); 1007 1007 jQuery.ajaxSetup({'timeout':3600000}); 1008 str = '<?php _e( "Processing next batch." ) ?> <img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" id="processing" align="top" />';1008 str = '<?php _e( "Processing next batch." ) ?> <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="processing" align="top" />'; 1009 1009 jQuery( '#<?php echo $msg ?>' ).html( str ); 1010 1010 jQuery('#ljapi-status').load(ajaxurl, {'action':'lj-importer', -
trunk/wp-admin/includes/dashboard.php
r14347 r14374 384 384 if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) { 385 385 $view = get_permalink( $_POST['post_ID'] ); 386 $edit = get_edit_post_link( $_POST['post_ID']);386 $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) ); 387 387 if ( 'post-quickpress-publish' == $_POST['action'] ) { 388 388 if ( current_user_can('publish_posts') ) 389 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', $view, $edit );389 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit ); 390 390 else 391 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', add_query_arg( 'preview', 1, $view), $edit );391 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 392 392 } else { 393 printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', add_query_arg( 'preview', 1, $view), $edit );393 printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 394 394 $drafts_query = new WP_Query( array( 395 395 'post_type' => 'post', … … 411 411 ?> 412 412 413 <form name="post" action="<?php echo admin_url( 'post.php'); ?>" method="post" id="quick-press">413 <form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press"> 414 414 <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4> 415 415 <div class="input-text-wrap"> … … 444 444 <span id="publishing-action"> 445 445 <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php current_user_can('publish_posts') ? esc_attr_e('Publish') : esc_attr_e('Submit for Review'); ?>" /> 446 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" />446 <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" /> 447 447 </span> 448 448 <br class="clear" /> … … 559 559 $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); 560 560 $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>"; 561 $comment_link = '<a class="comment-link" href="' . get_comment_link() . '">#</a>';561 $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; 562 562 563 563 $actions_string = ''; -
trunk/wp-admin/includes/media.php
r14347 r14374 1224 1224 if ( gd_edit_image_support( $post->post_mime_type ) ) { 1225 1225 $nonce = wp_create_nonce( "image_editor-$post->ID" ); 1226 $image_edit_button = "<input type='button' id='imgedit-open-btn-$post->ID' onclick='imageEdit.open( $post->ID, \"$nonce\" )' class='button' value='" . esc_attr__( 'Edit Image' ) . "' /> <img src='" . admin_url( 'images/wpspin_light.gif') . "' class='imgedit-wait-spin' alt='' />";1226 $image_edit_button = "<input type='button' id='imgedit-open-btn-$post->ID' onclick='imageEdit.open( $post->ID, \"$nonce\" )' class='button' value='" . esc_attr__( 'Edit Image' ) . "' /> <img src='" . esc_url( admin_url( 'images/wpspin_light.gif' ) ) . "' class='imgedit-wait-spin' alt='' />"; 1227 1227 } 1228 1228 … … 1641 1641 if ( ! document.forms[0].src.value ) 1642 1642 document.getElementById('status_img').innerHTML = '*'; 1643 else document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/no.png'); ?>" alt="" />';1643 else document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/no.png' ) ); ?>" alt="" />'; 1644 1644 }, 1645 1645 … … 1650 1650 t.height = t.preloadImg.height; 1651 1651 document.getElementById('go_button').style.color = '#333'; 1652 document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/yes.png'); ?>" alt="" />';1652 document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/yes.png' ) ); ?>" alt="" />'; 1653 1653 }, 1654 1654 … … 1660 1660 return false; 1661 1661 } 1662 document.getElementById('status_img').innerHTML = '<img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" />';1662 document.getElementById('status_img').innerHTML = '<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />'; 1663 1663 t.preloadImg = new Image(); 1664 1664 t.preloadImg.onload = t.updateImageData; -
trunk/wp-admin/includes/meta-boxes.php
r14347 r14374 38 38 <?php 39 39 if ( 'publish' == $post->post_status ) { 40 $preview_link = get_permalink($post->ID);40 $preview_link = esc_url(get_permalink($post->ID)); 41 41 $preview_button = __('Preview Changes'); 42 42 } else { 43 $preview_link = apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)));43 $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); 44 44 $preview_button = __('Preview'); 45 45 } … … 205 205 206 206 <div id="publishing-action"> 207 <img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" id="ajax-loading" style="visibility:hidden;" alt="" />207 <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" id="ajax-loading" style="visibility:hidden;" alt="" /> 208 208 <?php 209 209 if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) { … … 452 452 <tbody id="the-comment-list" class="list:comment"></tbody> 453 453 </table> 454 <p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" /></p>454 <p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /></p> 455 455 <?php 456 456 $hidden = get_hidden_meta_boxes('post'); -
trunk/wp-admin/includes/ms.php
r14347 r14374 211 211 $blog_users = get_users_of_blog( $details->userblog_id ); 212 212 if ( is_array( $blog_users ) && !empty( $blog_users ) ) { 213 $user_site = "<a href='" . get_home_url( $details->userblog_id) . "'>{$details->blogname}</a>";213 $user_site = "<a href='" . esc_url( get_home_url( $details->userblog_id ) ) . "'>{$details->blogname}</a>"; 214 214 $user_dropdown = "<select name='blog[$val][{$key}]'>"; 215 215 $user_list = ''; … … 301 301 ###SITEURL### "), $new_admin_email ); 302 302 303 $content = str_replace( '###ADMIN_URL###', admin_url( 'options.php?adminhash='.$hash), $content );303 $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'options.php?adminhash='.$hash ) ), $content ); 304 304 $content = str_replace( '###EMAIL###', $value, $content ); 305 305 $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); … … 353 353 ###SITEURL###" ), $new_user_email ); 354 354 355 $content = str_replace( '###ADMIN_URL###', admin_url( 'profile.php?newuseremail='.$hash), $content );355 $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content ); 356 356 $content = str_replace( '###EMAIL###', $_POST['email'], $content); 357 357 $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); … … 482 482 <table> 483 483 <tr class="first"> 484 <td class="first b b-posts"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB</a>' ), admin_url( 'upload.php'), $quota ); ?></td>484 <td class="first b b-posts"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB</a>' ), esc_url( admin_url( 'upload.php' ) ), $quota ); ?></td> 485 485 <td class="t posts"><?php _e( 'Space Allowed' ); ?></td> 486 486 </tr> … … 490 490 <table> 491 491 <tr class="first"> 492 <td class="b b-comments"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB (%3$s%%)</a>' ), admin_url( 'upload.php'), $used, $percentused ); ?></td>492 <td class="b b-comments"><?php printf( __( '<a href="%1$s" title="Manage Uploads" class="musublink">%2$sMB (%3$s%%)</a>' ), esc_url( admin_url( 'upload.php' ) ), $used, $percentused ); ?></td> 493 493 <td class="last t comments <?php echo $used_color;?>"><?php _e( 'Space Used' );?></td> 494 494 </tr> … … 710 710 return false; 711 711 if ( get_site_option( 'wpmu_upgrade_site' ) != $wp_db_version ) 712 echo "<div class='update-nag'>" . sprintf( __( 'Thank you for Updating! Please visit the <a href="%s">Update Network</a> page to update all your sites.' ), admin_url( 'ms-upgrade-network.php') ) . "</div>";712 echo "<div class='update-nag'>" . sprintf( __( 'Thank you for Updating! Please visit the <a href="%s">Update Network</a> page to update all your sites.' ), esc_url( admin_url( 'ms-upgrade-network.php' ) ) ) . "</div>"; 713 713 } 714 714 add_action( 'admin_notices', 'site_admin_notice' ); … … 755 755 if ( $primary_blog == $blog->userblog_id ) 756 756 $found = true; 757 ?><option value="<?php echo $blog->userblog_id ?>"<?php selected( $primary_blog, $blog->userblog_id ); ?>><?php echo get_home_url( $blog->userblog_id) ?></option><?php757 ?><option value="<?php echo $blog->userblog_id ?>"<?php selected( $primary_blog, $blog->userblog_id ); ?>><?php echo esc_url( get_home_url( $blog->userblog_id ) ) ?></option><?php 758 758 } ?> 759 759 </select> … … 783 783 $mu_media_buttons = get_site_option( 'mu_media_buttons', array() ); 784 784 if ( empty($mu_media_buttons['image']) && current_theme_supports( 'post-thumbnails' ) ) { 785 echo "<div class='update-nag'>" . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on <a href='%s'>the options page</a> for it to work." ), admin_url( 'ms-options.php') ) . "</div>";785 echo "<div class='update-nag'>" . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on <a href='%s'>the options page</a> for it to work." ), esc_url( admin_url( 'ms-options.php' ) ) ) . "</div>"; 786 786 } 787 787 } … … 804 804 */ 805 805 function _admin_notice_multisite_activate_plugins_page() { 806 $message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '<a href="' . admin_url( 'ms-options.php#menu') . '">' . __( 'Activate' ) . '</a>' );806 $message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '<a href="' . esc_url( admin_url( 'ms-options.php#menu' ) ) . '">' . __( 'Activate' ) . '</a>' ); 807 807 echo "<div class='error'><p>$message</p></div>"; 808 808 } -
trunk/wp-admin/includes/nav-menu.php
r14352 r14374 451 451 <p class="button-controls"> 452 452 <span class="add-to-menu"> 453 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" />453 <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> 454 454 <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-custom-menu-item" /> 455 455 </span> … … 640 640 641 641 <span class="add-to-menu"> 642 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" />642 <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> 643 643 <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-post-type-menu-item" /> 644 644 </span> … … 808 808 809 809 <span class="add-to-menu"> 810 <img class="waiting" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" />810 <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> 811 811 <input type="submit" class="button-secondary" value="<?php esc_attr_e('Add to Menu'); ?>" name="add-taxonomy-menu-item" /> 812 812 </span> -
trunk/wp-admin/includes/plugin-install.php
r14347 r14374 148 148 foreach ( (array)$api_tags as $tag ) 149 149 $tags[ $tag['name'] ] = (object) array( 150 'link' => admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])),150 'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ), 151 151 'name' => $tag['name'], 152 152 'id' => sanitize_title_with_dashes($tag['name']), -
trunk/wp-admin/includes/plugin.php
r14347 r14374 823 823 824 824 if ( empty($icon_url) ) 825 $icon_url = admin_url( 'images/generic.png');825 $icon_url = esc_url( admin_url( 'images/generic.png' ) ); 826 826 elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') ) 827 827 $icon_url = 'https://' . substr($icon_url, 7); -
trunk/wp-admin/includes/template.php
r14347 r14374 66 66 <?php $update_text = sprintf( __('Update %s'), $tax->singular_label ); ?> 67 67 <a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a> 68 <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" />68 <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> 69 69 <span class="error" style="display:none;"></span> 70 70 <?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?> … … 614 614 $post_status = !empty($_REQUEST['post_status']) ? $_REQUEST['post_status'] : 'all'; 615 615 if ( !in_array( $post_status, array('pending', 'draft', 'future') ) && ( empty($post_type) || post_type_supports($post_type, 'comments') ) ) 616 $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . admin_url( 'images/comment-grey-bubble.png') . '" /></div>';616 $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></div>'; 617 617 $posts_columns['date'] = __('Date'); 618 618 … … 644 644 /* translators: column name */ 645 645 $posts_columns['parent'] = _x('Attached to', 'column name'); 646 $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . admin_url( 'images/comment-grey-bubble.png') . '" /></div>';646 $posts_columns['comments'] = '<div class="vers"><img alt="Comments" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></div>'; 647 647 //$posts_columns['comments'] = __('Comments'); 648 648 /* translators: column name */ … … 1154 1154 ?> 1155 1155 <a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a> 1156 <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" />1156 <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> 1157 1157 <?php } else { 1158 1158 $update_text = __( 'Update' ); … … 1819 1819 $edit_link = 'profile.php'; 1820 1820 } else { 1821 $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI']) ), "user-edit.php?user_id=$user_object->ID" ) );1821 $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) ); 1822 1822 } 1823 1823 $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />"; … … 2013 2013 $user_can = current_user_can($post_type_object->edit_cap, $post->ID); 2014 2014 2015 $comment_url = get_comment_link($comment->comment_ID);2015 $comment_url = esc_url(get_comment_link($comment->comment_ID)); 2016 2016 $author_url = get_comment_author_url(); 2017 2017 if ( 'http://' == $author_url ) … … 2069 2069 if ( $comment->comment_parent ) { 2070 2070 $parent = get_comment( $comment->comment_parent ); 2071 $parent_link = get_comment_link( $comment->comment_parent);2071 $parent_link = esc_url( get_comment_link( $comment->comment_parent ) ); 2072 2072 $name = apply_filters( 'get_comment_author', $parent->comment_author ); // there's no API function for this 2073 2073 printf( ' | '.__( 'In reply to <a href="%1$s">%2$s</a>.' ), $parent_link, $name ); … … 2276 2276 <span id="savebtn" style="display:none;"><?php _e('Update Comment'); ?></span> 2277 2277 <span id="replybtn" style="display:none;"><?php _e('Submit Reply'); ?></span></a> 2278 <img class="waiting" style="display:none;" src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" />2278 <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> 2279 2279 <span class="error" style="display:none;"></span> 2280 2280 <br class="clear" /> -
trunk/wp-admin/includes/widgets.php
r14347 r14374 203 203 </div> 204 204 <div class="alignright<?php if ( 'noform' === $has_form ) echo ' widget-control-noform'; ?>"> 205 <img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" class="ajax-feedback " title="" alt="" />205 <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback " title="" alt="" /> 206 206 <input type="submit" name="savewidget" class="button-primary widget-control-save" value="<?php esc_attr_e('Save'); ?>" /> 207 207 </div> -
trunk/wp-admin/js/revisions-js.php
r14347 r14374 13 13 } 14 14 15 $j = site_url( '/wp-includes/js/jquery/jquery.js');15 $j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) ); 16 16 $n = esc_html( $GLOBALS['current_user']->data->display_name ); 17 17 $d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) ); -
trunk/wp-admin/ms-delete-site.php
r14347 r14374 38 38 update_option( 'delete_blog_hash', $hash ); 39 39 40 $url_delete = admin_url( 'ms-delete-site.php?h=' . $hash);40 $url_delete = esc_url( admin_url( 'ms-delete-site.php?h=' . $hash ) ); 41 41 42 42 $content = apply_filters( 'delete_site_email_content', __( "Dear User, -
trunk/wp-admin/ms-edit.php
r14347 r14374 30 30 31 31 if ( empty( $_POST ) ) 32 wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">options page</a>.', admin_url( 'ms-options.php') ) ) );32 wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">options page</a>.', esc_url( admin_url( 'ms-options.php' ) ) ) ) ); 33 33 34 34 if ( isset($_POST['WPLANG']) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) ) … … 205 205 206 206 if ( empty( $_POST ) ) 207 wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">sites page</a>', admin_url( 'ms-sites.php') ) ) );207 wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">sites page</a>', esc_url( admin_url( 'ms-sites.php' ) ) ) ) ); 208 208 209 209 switch_to_blog( $id ); … … 467 467 </head> 468 468 <body id="error-page"> 469 <h1 id="logo"><img alt="WordPress" src="<?php echo admin_url( 'images/wordpress-logo.png'); ?>" /></h1>469 <h1 id="logo"><img alt="WordPress" src="<?php echo esc_attr( admin_url( 'images/wordpress-logo.png' ) ); ?>" /></h1> 470 470 <form action="ms-edit.php?action=<?php echo esc_attr( $_GET['action2'] ) ?>" method="post"> 471 471 <input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" /> -
trunk/wp-admin/ms-options.php
r14347 r14374 95 95 96 96 <?php if ( get_site_option( 'admin_notice_feed' ) != get_home_url( $current_site->id, 'feed/' ) ) 97 echo __( 'A good one to use would be the feed from your main site: ' ) . get_home_url( $current_site->id, 'feed/' );?></td>97 echo __( 'A good one to use would be the feed from your main site: ' ) . esc_url( get_home_url( $current_site->id, 'feed/' ) ) ?></td> 98 98 </tr> 99 99 </table> -
trunk/wp-admin/ms-sites.php
r14347 r14374 85 85 <div class="wrap"> 86 86 <?php screen_icon(); ?> 87 <h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo get_home_url( $id ); ?>"><?php echo get_home_url( $id); ?></a></h2>87 <h2><?php _e( 'Edit Site' ); ?> - <a href="<?php echo esc_url( get_home_url( $id ) ); ?>"><?php echo esc_url( get_home_url( $id ) ); ?></a></h2> 88 88 <form method="post" action="ms-edit.php?action=updateblog"> 89 89 <?php wp_nonce_field( 'editblog' ); ?> … … 434 434 435 435 <div class="view-switch"> 436 <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif'); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>437 <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif'); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>436 <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a> 437 <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a> 438 438 </div> 439 439 … … 532 532 case 'blogname': ?> 533 533 <td class="column-title"> 534 <a href="<?php echo admin_url( 'ms-sites.php?action=editblog&id=' . $blog['blog_id']); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a>534 <a href="<?php echo esc_url( admin_url( 'ms-sites.php?action=editblog&id=' . $blog['blog_id'] ) ); ?>" class="edit"><?php echo $blogname . $blog_state; ?></a> 535 535 <?php 536 536 if ( 'list' != $mode ) … … 547 547 ); 548 548 549 $actions['edit'] = '<span class="edit"><a href="' . admin_url( 'ms-sites.php?action=editblog&id=' . $blog['blog_id']) . '">' . __( 'Edit' ) . '</a><span>';550 $actions['backend'] = "<span class='backend'><a href='" . get_admin_url($blog['blog_id']) . "' class='edit'>" . __( 'Backend' ) . '</a></span>';549 $actions['edit'] = '<span class="edit"><a href="' . esc_url( admin_url( 'ms-sites.php?action=editblog&id=' . $blog['blog_id'] ) ) . '">' . __( 'Edit' ) . '</a><span>'; 550 $actions['backend'] = "<span class='backend'><a href='" . esc_url( get_admin_url($blog['blog_id']) ) . "' class='edit'>" . __( 'Backend' ) . '</a></span>'; 551 551 if ( $current_site->blog_id != $blog['blog_id'] ) { 552 552 if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' ) 553 $actions['activate'] = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&action2=activateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname) ) ) . '">' . __( 'Activate' ) . '</a></span>';553 $actions['activate'] = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&action2=activateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to activate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Activate' ) . '</a></span>'; 554 554 else 555 $actions['deactivate'] = '<span class="activate"><a href="' . admin_url( 'ms-edit.php?action=confirm&action2=deactivateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname) ) ) . '">' . __( 'Deactivate' ) . '</a></span>';555 $actions['deactivate'] = '<span class="activate"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&action2=deactivateblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to deactivate the site %s' ), $blogname ) ) ) ) . '">' . __( 'Deactivate' ) . '</a></span>'; 556 556 557 557 if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' ) 558 $actions['unarchive'] = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&action2=unarchiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname) ) ) . '">' . __( 'Unarchive' ) . '</a></span>';558 $actions['unarchive'] = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&action2=unarchiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unarchive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Unarchive' ) . '</a></span>'; 559 559 else 560 $actions['archive'] = '<span class="archive"><a href="' . admin_url( 'ms-edit.php?action=confirm&action2=archiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname) ) ) . '">' . __( 'Archive' ) . '</a></span>';560 $actions['archive'] = '<span class="archive"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&action2=archiveblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to archive the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Archive' ) . '</a></span>'; 561 561 562 562 if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' ) 563 $actions['unspam'] = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&action2=unspamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname) ) ) . '">' . __( 'Not Spam' ) . '</a></span>';563 $actions['unspam'] = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&action2=unspamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to unspam the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Not Spam' ) . '</a></span>'; 564 564 else 565 $actions['spam'] = '<span class="spam"><a href="' . admin_url( 'ms-edit.php?action=confirm&action2=spamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname) ) ) . '">' . __( 'Spam' ) . '</a></span>';566 567 $actions['delete'] = '<span class="delete"><a href="' . admin_url( 'ms-edit.php?action=confirm&action2=deleteblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname) ) ) . '">' . __( 'Delete' ) . '</a></span>';565 $actions['spam'] = '<span class="spam"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&action2=spamblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to mark the site %s as spam.' ), $blogname ) ) ) ) . '">' . __( 'Spam' ) . '</a></span>'; 566 567 $actions['delete'] = '<span class="delete"><a href="' . esc_url( admin_url( 'ms-edit.php?action=confirm&action2=deleteblog&id=' . $blog['blog_id'] . '&msg=' . urlencode( sprintf( __( 'You are about to delete the site %s.' ), $blogname ) ) ) ) . '">' . __( 'Delete' ) . '</a></span>'; 568 568 } 569 569 570 $actions['visit'] = "<span class='view'><a href='" . get_home_url( $blog['blog_id']) . "' rel='permalink'>" . __( 'Visit' ) . '</a>';570 $actions['visit'] = "<span class='view'><a href='" . esc_url( get_home_url( $blog['blog_id'] ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>'; 571 571 $actions = array_filter( $actions ); 572 572 if ( count( $actions ) ) : ?> … … 609 609 if ( count( $blogusers ) > 5 ) { 610 610 $blogusers = array_slice( $blogusers, 0, 5 ); 611 $blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . get_admin_url( $blog['blog_id'], 'users.php') . '">' . __( 'More' ) . '</a>';611 $blogusers_warning = __( 'Only showing first 5 users.' ) . ' <a href="' . esc_url( get_admin_url( $blog['blog_id'], 'users.php' ) ) . '">' . __( 'More' ) . '</a>'; 612 612 } 613 613 foreach ( $blogusers as $key => $val ) { 614 echo '<a href="' . admin_url( 'user-edit.php?user_id=' . $val->user_id) . '">' . esc_html( $val->user_login ) . '</a> ';614 echo '<a href="' . esc_url( admin_url( 'user-edit.php?user_id=' . $val->user_id ) ) . '">' . esc_html( $val->user_login ) . '</a> '; 615 615 if ( 'list' != $mode ) 616 616 echo '(' . $val->user_email . ')'; -
trunk/wp-admin/ms-themes.php
r14347 r14374 27 27 ?> 28 28 <div class="wrap"> 29 <form action="<?php echo admin_url( 'ms-edit.php?action=updatethemes'); ?>" method="post">29 <form action="<?php echo esc_url( admin_url( 'ms-edit.php?action=updatethemes' ) ); ?>" method="post"> 30 30 <?php screen_icon(); ?> 31 31 <h2><?php _e( 'Network Themes' ) ?></h2> -
trunk/wp-admin/ms-users.php
r14347 r14374 150 150 151 151 <div class="view-switch"> 152 <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo includes_url( 'images/blank.gif'); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a>153 <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo includes_url( 'images/blank.gif'); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a>152 <a href="<?php echo esc_url( add_query_arg( 'mode', 'list', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'List View' ) ?>" alt="<?php _e( 'List View' ) ?>" /></a> 153 <a href="<?php echo esc_url( add_query_arg( 'mode', 'excerpt', $_SERVER['REQUEST_URI'] ) ) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" width="20" height="20" title="<?php _e( 'Excerpt View' ) ?>" alt="<?php _e( 'Excerpt View' ) ?>" /></a> 154 154 </div> 155 155 </div> … … 231 231 ?> 232 232 <td class="username column-username"> 233 <?php echo $avatar; ?><strong><a href="<?php echo admin_url( $edit_link); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php233 <?php echo $avatar; ?><strong><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php 234 234 if ( in_array( $user['user_login'], $super_admins ) ) 235 235 echo ' - ' . __( 'Super admin' ); … … 237 237 <br/> 238 238 <div class="row-actions"> 239 <span class="edit"><a href="<?php echo admin_url( $edit_link); ?>"><?php _e( 'Edit' ); ?></a></span>239 <span class="edit"><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>"><?php _e( 'Edit' ); ?></a></span> 240 240 <?php if ( ! in_array( $user['user_login'], $super_admins ) ) { ?> 241 | <span class="delete"><a href="<?php echo $delete = admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID']) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span>241 | <span class="delete"><a href="<?php echo $delete = esc_url( admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span> 242 242 <?php } ?> 243 243 </div> … … 274 274 foreach ( (array) $blogs as $key => $val ) { 275 275 $path = ( $val->path == '/' ) ? '' : $val->path; 276 echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&id=' . $val->userblog_id) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>';276 echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&id=' . $val->userblog_id ) ) .'">' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . '</a>'; 277 277 echo ' <small class="row-actions">'; 278 278 279 279 // Edit 280 echo '<a href="'. admin_url( 'ms-sites.php?action=editblog&id=' . $val->userblog_id) .'">' . __( 'Edit' ) . '</a> | ';280 echo '<a href="'. esc_url( admin_url( 'ms-sites.php?action=editblog&id=' . $val->userblog_id ) ) .'">' . __( 'Edit' ) . '</a> | '; 281 281 282 282 // View … … 284 284 if ( get_blog_status( $val->userblog_id, 'spam' ) == 1 ) 285 285 echo 'style="background-color: #faa" '; 286 echo 'href="' . get_home_url( $val->userblog_id ). '">' . __( 'View' ) . '</a>';286 echo 'href="' . esc_url( get_home_url( $val->userblog_id ) ) . '">' . __( 'View' ) . '</a>'; 287 287 288 288 echo '</small><br />'; -
trunk/wp-admin/my-sites.php
r14347 r14374 84 84 echo "<td valign='top' style='$s'>"; 85 85 echo "<h3>{$user_blog->blogname}</h3>"; 86 echo "<p>" . apply_filters( 'myblogs_blog_actions', "<a href='" . get_home_url( $user_blog->userblog_id ). "'>" . __( 'Visit' ) . "</a> | <a href='" . get_admin_url( $user_blog->userblog_id) . "'>" . __( 'Dashboard' ) . "</a>", $user_blog ) . "</p>";86 echo "<p>" . apply_filters( 'myblogs_blog_actions', "<a href='" . esc_url( get_home_url( $user_blog->userblog_id ) ). "'>" . __( 'Visit' ) . "</a> | <a href='" . esc_url( get_admin_url( $user_blog->userblog_id ) ) . "'>" . __( 'Dashboard' ) . "</a>", $user_blog ) . "</p>"; 87 87 echo apply_filters( 'myblogs_options', '', $user_blog ); 88 88 echo "</td>"; -
trunk/wp-admin/network.php
r14347 r14374 93 93 94 94 if ( get_option( 'siteurl' ) != get_option( 'home' ) ) { 95 echo '<div class="error"><p><strong>' . __('Error:') . '</strong> ' . sprintf( __( 'Your <strong>WordPress address</strong> must match your <strong>Site address</strong> before creating a Network. See <a href="%s">General Settings</a>.' ), admin_url( 'options-general.php') ) . '</strong></p></div>';95 echo '<div class="error"><p><strong>' . __('Error:') . '</strong> ' . sprintf( __( 'Your <strong>WordPress address</strong> must match your <strong>Site address</strong> before creating a Network. See <a href="%s">General Settings</a>.' ), esc_url( admin_url( 'options-general.php' ) ) ) . '</strong></p></div>'; 96 96 include ('./admin-footer.php' ); 97 97 die(); … … 114 114 else 115 115 echo '<p>' . sprintf( __( 'You cannot use port numbers such as <code>%s</code>.' ), $has_ports ) . '</p>'; 116 echo '<a href="' . admin_url() . '">' . __( 'Return to Dashboard' ) . '</a>';116 echo '<a href="' . esc_url( admin_url() ) . '">' . __( 'Return to Dashboard' ) . '</a>'; 117 117 include( './admin-footer.php' ); 118 118 die(); … … 334 334 </ol> 335 335 <?php if ( !is_multisite() ) { ?> 336 <p><?php printf( __( 'Once you complete these steps, your network is enabled and configured.') ); ?> <a href="<?php echo admin_url(); ?>"><?php _e( 'Return to Dashboard' ); ?></a></p>336 <p><?php printf( __( 'Once you complete these steps, your network is enabled and configured.') ); ?> <a href="<?php echo esc_url( admin_url() ); ?>"><?php _e( 'Return to Dashboard' ); ?></a></p> 337 337 <?php 338 338 } -
trunk/wp-admin/options-general.php
r14347 r14374 110 110 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?> 111 111 <div class="updated inline"> 112 <p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, admin_url( 'options.php?dismiss=new_admin_email') ); ?></p>112 <p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?></p> 113 113 </div> 114 114 <?php endif; ?> -
trunk/wp-admin/press-this.php
r14347 r14374 400 400 jQuery('#extra-fields').show(); 401 401 } 402 jQuery('#extra-fields').before('<div id="waiting"><img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></div>');402 jQuery('#extra-fields').before('<div id="waiting"><img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></div>'); 403 403 404 404 if(photostorage == false) { … … 476 476 <br /><br /><input class="button-primary" type="submit" name="review" value="<?php esc_attr_e('Submit for Review') ?>" id="review" /> 477 477 <?php } ?> 478 <img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" alt="" id="saving" style="display:none;" />478 <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" id="saving" style="display:none;" /> 479 479 </p> 480 480 </div> … … 564 564 <li id="photo_button"> 565 565 Add: <?php if ( current_user_can('upload_files') ) { ?><a title="<?php _e('Insert an Image'); ?>" href="#"> 566 <img alt="<?php _e('Insert an Image'); ?>" src="<?php echo admin_url( 'images/media-button-image.gif'); ?>"/></a>566 <img alt="<?php _e('Insert an Image'); ?>" src="<?php echo esc_url( admin_url( 'images/media-button-image.gif' ) ); ?>"/></a> 567 567 <?php } ?> 568 568 </li> 569 569 <li id="video_button"> 570 <a title="<?php _e('Embed a Video'); ?>" href="#"><img alt="<?php _e('Embed a Video'); ?>" src="<?php echo admin_url( 'images/media-button-video.gif'); ?>"/></a>570 <a title="<?php _e('Embed a Video'); ?>" href="#"><img alt="<?php _e('Embed a Video'); ?>" src="<?php echo esc_url( admin_url( 'images/media-button-video.gif' ) ); ?>"/></a> 571 571 </li> 572 572 <?php if ( user_can_richedit() ) { ?> -
trunk/wp-admin/themes.php
r14371 r14374 170 170 $theme_root = $themes[$theme_name]['Theme Root']; 171 171 $theme_root_uri = $themes[$theme_name]['Theme Root URI']; 172 $preview_link = trailingslashit( home_url());172 $preview_link = esc_url(get_option('home') . '/'); 173 173 if ( is_ssl() ) 174 174 $preview_link = str_replace( 'http://', 'https://', $preview_link ); -
trunk/wp-admin/update-core.php
r14347 r14374 335 335 } else { 336 336 show_message( __('WordPress updated successfully') ); 337 show_message( '<strong>' . __('Actions:') . '</strong> <a href="' . admin_url() . '">' . __('Go to Dashboard') . '</a>' );337 show_message( '<strong>' . __('Actions:') . '</strong> <a href="' . esc_url( admin_url() ) . '">' . __('Go to Dashboard') . '</a>' ); 338 338 } 339 339 echo '</div>'; -
trunk/wp-admin/upload.php
r14347 r14374 194 194 if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) { 195 195 $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) ); 196 $message .= ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media") . '">' . __('Undo') . '</a>';196 $message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>'; 197 197 $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']); 198 198 } … … 206 206 $messages[2] = __('Media permanently deleted.'); 207 207 $messages[3] = __('Error saving media attachment.'); 208 $messages[4] = __('Media moved to the trash.') . ' <a href="' . wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media") . '">' . __('Undo') . '</a>';208 $messages[4] = __('Media moved to the trash.') . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>'; 209 209 $messages[5] = __('Media restored from the trash.'); 210 210 -
trunk/wp-admin/user-edit.php
r14347 r14374 161 161 <h2><?php echo esc_html( $title ); ?></h2> 162 162 163 <form id="your-profile" action="<?php echo admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php'); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>163 <form id="your-profile" action="<?php echo esc_url( admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>> 164 164 <?php wp_nonce_field('update-user_' . $user_id) ?> 165 165 <?php if ( $wp_http_referer ) : ?> -
trunk/wp-admin/widgets.php
r14347 r14374 366 366 <div class="sidebar-name-arrow"><br /></div> 367 367 <h3><?php _e('Inactive Widgets'); ?> 368 <span><img src="<?php echo admin_url( 'images/wpspin_light.gif'); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>368 <span><img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div> 369 369 <div class="widget-holder inactive"> 370 370 <p class="description"><?php _e('Drag widgets here to remove them from the sidebar but keep their settings.'); ?></p> … … 388 388 <div class="sidebar-name-arrow"><br /></div> 389 389 <h3><?php echo esc_html( $registered_sidebar['name'] ); ?> 390 <span><img src="<?php echo admin_url( 'images/wpspin_dark.gif'); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div>390 <span><img src="<?php echo esc_url( admin_url( 'images/wpspin_dark.gif' ) ); ?>" class="ajax-feedback" title="" alt="" /></span></h3></div> 391 391 <?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?> 392 392 </div> -
trunk/wp-content/themes/twentyten/functions.php
r14347 r14374 269 269 <?php endif; ?> 270 270 271 <div class="comment-meta commentmetadata"><a href="<?php echo get_comment_link( $comment->comment_ID); ?>"><?php printf( __( '%1$s at %2$s', 'twentyten' ), get_comment_date(), get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)', 'twentyten' ),' ','' ); ?></div>271 <div class="comment-meta commentmetadata"><a href="<?php echo esc_url( get_comment_link( $comment->comment_ID ) ); ?>"><?php printf( __( '%1$s at %2$s', 'twentyten' ), get_comment_date(), get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)', 'twentyten' ),' ','' ); ?></div> 272 272 273 273 <div class="comment-body"><?php comment_text(); ?></div> -
trunk/wp-includes/comment-template.php
r14365 r14374 1033 1033 1034 1034 if ( get_option('comment_registration') && !$user_ID ) 1035 $link = '<a rel="nofollow" class="comment-reply-login" href="' . wp_login_url( get_permalink() ) . '">' . $login_text . '</a>';1035 $link = '<a rel="nofollow" class="comment-reply-login" href="' . esc_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>'; 1036 1036 else 1037 1037 $link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>"; -
trunk/wp-includes/default-widgets.php
r14347 r14374 645 645 <ul id="recentcomments"><?php 646 646 if ( $comments ) : foreach ( (array) $comments as $comment) : 647 echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . get_comment_link($comment->comment_ID) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';647 echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; 648 648 endforeach; endif;?></ul> 649 649 <?php echo $after_widget; ?> -
trunk/wp-includes/general-template.php
r14365 r14374 185 185 function wp_loginout($redirect = '', $echo = true) { 186 186 if ( ! is_user_logged_in() ) 187 $link = '<a href="' . wp_login_url($redirect) . '">' . __('Log in') . '</a>';187 $link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>'; 188 188 else 189 $link = '<a href="' . wp_logout_url($redirect) . '">' . __('Log out') . '</a>';189 $link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>'; 190 190 191 191 if ( $echo ) … … 2109 2109 } 2110 2110 2111 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . wp_admin_css_uri( $file) . "' type='text/css' />\n", $file );2111 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file ); 2112 2112 if ( is_rtl() ) 2113 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . wp_admin_css_uri( "$file-rtl") . "' type='text/css' />\n", "$file-rtl" );2113 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" ); 2114 2114 } 2115 2115 -
trunk/wp-includes/link-template.php
r14372 r14374 785 785 return; 786 786 787 if ( 'display' == $context ) 788 $action = '&action=edit'; 789 else 790 $action = '&action=edit'; 791 787 792 $post_type_object = get_post_type_object( $post->post_type ); 788 793 if ( !$post_type_object ) … … 792 797 return; 793 798 794 $url = admin_url( sprintf($post_type_object->_edit_link, $post->ID) ); 795 796 if ( 'display' == $context ) 797 $url .= '&action=edit'; 798 else 799 $url .= '&action=edit'; 800 801 return apply_filters( 'get_edit_post_link', $url , $post->ID, $context ); 799 return apply_filters( 'get_edit_post_link', admin_url( sprintf($post_type_object->_edit_link . $action, $post->ID) ), $post->ID, $context ); 802 800 } 803 801 … … 1827 1825 * @return string Home url link with optional path appended. 1828 1826 */ 1829 function home_url( $path = '', $scheme = null , $esc_url = true) {1830 return get_home_url(null, $path, $scheme , $esc_url);1827 function home_url( $path = '', $scheme = null ) { 1828 return get_home_url(null, $path, $scheme); 1831 1829 } 1832 1830 … … 1846 1844 * @return string Home url link with optional path appended. 1847 1845 */ 1848 function get_home_url( $blog_id = null, $path = '', $scheme = null , $esc_url = true) {1846 function get_home_url( $blog_id = null, $path = '', $scheme = null ) { 1849 1847 $orig_scheme = $scheme; 1850 1848 … … 1862 1860 $url .= '/' . ltrim( $path, '/' ); 1863 1861 1864 $url = apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id ); 1865 1866 if ( $esc_url ) 1867 $url = esc_url($url); 1868 1869 return $url; 1862 return apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id ); 1870 1863 } 1871 1864 … … 1886 1879 * @return string Site url link with optional path appended. 1887 1880 */ 1888 function site_url( $path = '', $scheme = null , $esc_url = true) {1889 return get_site_url(null, $path, $scheme , $esc_url);1881 function site_url( $path = '', $scheme = null ) { 1882 return get_site_url(null, $path, $scheme); 1890 1883 } 1891 1884 … … 1905 1898 * @return string Site url link with optional path appended. 1906 1899 */ 1907 function get_site_url( $blog_id = null, $path = '', $scheme = null , $esc_url = true) {1900 function get_site_url( $blog_id = null, $path = '', $scheme = null ) { 1908 1901 // should the list of allowed schemes be maintained elsewhere? 1909 1902 $orig_scheme = $scheme; … … 1929 1922 $url .= '/' . ltrim($path, '/'); 1930 1923 1931 $url = apply_filters('site_url', $url, $path, $orig_scheme, $blog_id); 1932 1933 if ( $esc_url ) 1934 $url = esc_url($url); 1935 1936 return $url; 1924 return apply_filters('site_url', $url, $path, $orig_scheme, $blog_id); 1937 1925 } 1938 1926 … … 1947 1935 * @return string Admin url link with optional path appended 1948 1936 */ 1949 function admin_url( $path = '', $scheme = 'admin' , $esc_url = true) {1950 return get_admin_url(null, $path, $scheme , $esc_url);1937 function admin_url( $path = '', $scheme = 'admin' ) { 1938 return get_admin_url(null, $path, $scheme); 1951 1939 } 1952 1940 … … 1962 1950 * @return string Admin url link with optional path appended 1963 1951 */ 1964 function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' , $esc_url = true) {1952 function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) { 1965 1953 $url = get_site_url($blog_id, 'wp-admin/', $scheme); 1966 1954 … … 1968 1956 $url .= ltrim($path, '/'); 1969 1957 1970 $url = apply_filters('admin_url', $url, $path, $blog_id); 1971 1972 if ( $esc_url ) 1973 $url = esc_url($url); 1974 1975 return $url; 1958 return apply_filters('admin_url', $url, $path, $blog_id); 1976 1959 } 1977 1960 … … 1985 1968 * @return string Includes url link with optional path appended. 1986 1969 */ 1987 function includes_url($path = '' , $esc_url = true) {1970 function includes_url($path = '') { 1988 1971 $url = site_url() . '/' . WPINC . '/'; 1989 1972 … … 1991 1974 $url .= ltrim($path, '/'); 1992 1975 1993 $url = apply_filters('includes_url', $url, $path); 1994 1995 if ( $esc_url ) 1996 $url = esc_url($url); 1997 1998 return $url; 1976 return apply_filters('includes_url', $url, $path); 1999 1977 } 2000 1978 … … 2008 1986 * @return string Content url link with optional path appended. 2009 1987 */ 2010 function content_url($path = '' , $esc_url = true) {1988 function content_url($path = '') { 2011 1989 $url = WP_CONTENT_URL; 2012 1990 if ( 0 === strpos($url, 'http') && is_ssl() ) … … 2016 1994 $url .= '/' . ltrim($path, '/'); 2017 1995 2018 $url = apply_filters('content_url', $url, $path); 2019 2020 if ( $esc_url ) 2021 $url = esc_url($url); 2022 2023 return $url; 1996 return apply_filters('content_url', $url, $path); 2024 1997 } 2025 1998 … … 2035 2008 * @return string Plugins url link with optional path appended. 2036 2009 */ 2037 function plugins_url($path = '', $plugin = '' , $esc_url = true) {2010 function plugins_url($path = '', $plugin = '') { 2038 2011 2039 2012 $mu_plugin_dir = WPMU_PLUGIN_DIR; … … 2060 2033 $url .= '/' . ltrim($path, '/'); 2061 2034 2062 $url = apply_filters('plugins_url', $url, $path, $plugin); 2063 2064 if ( $esc_url ) 2065 $url = esc_url($url); 2066 2067 return $url; 2068 2035 return apply_filters('plugins_url', $url, $path, $plugin); 2069 2036 } 2070 2037 … … 2083 2050 * @return string Site url link with optional path appended. 2084 2051 */ 2085 function network_site_url( $path = '', $scheme = null , $esc_url = true) {2052 function network_site_url( $path = '', $scheme = null ) { 2086 2053 global $current_site; 2087 2054 … … 2108 2075 $url .= ltrim($path, '/'); 2109 2076 2110 $url = apply_filters('network_site_url', $url, $path, $orig_scheme); 2111 2112 if ( $esc_url ) 2113 $url = esc_url($url); 2114 2115 return $url; 2077 return apply_filters('network_site_url', $url, $path, $orig_scheme); 2116 2078 } 2117 2079 … … 2130 2092 * @return string Home url link with optional path appended. 2131 2093 */ 2132 function network_home_url( $path = '', $scheme = null , $esc_url = true) {2094 function network_home_url( $path = '', $scheme = null ) { 2133 2095 global $current_site; 2134 2096 … … 2148 2110 $url .= ltrim( $path, '/' ); 2149 2111 2150 $url = apply_filters( 'network_home_url', $url, $path, $orig_scheme); 2151 2152 if ( $esc_url ) 2153 $url = esc_url($url); 2154 2155 return $url; 2112 return apply_filters( 'network_home_url', $url, $path, $orig_scheme); 2156 2113 } 2157 2114 … … 2166 2123 * @return string Admin url link with optional path appended 2167 2124 */ 2168 function network_admin_url( $path = '', $scheme = 'admin' , $esc_url = true) {2125 function network_admin_url( $path = '', $scheme = 'admin' ) { 2169 2126 $url = network_site_url('wp-admin/', $scheme); 2170 2127 … … 2172 2129 $url .= ltrim($path, '/'); 2173 2130 2174 $url = apply_filters('network_admin_url', $url, $path); 2175 2176 if ( $esc_url ) 2177 $url = esc_url($url); 2178 2179 return $url; 2131 return apply_filters('network_admin_url', $url, $path); 2180 2132 } 2181 2133 -
trunk/wp-includes/ms-functions.php
r14347 r14374 853 853 return false; 854 854 855 $options_site_url = network_admin_url('ms-options.php');855 $options_site_url = esc_url(network_admin_url('ms-options.php')); 856 856 857 857 switch_to_blog( $blog_id ); … … 882 882 $user = new WP_User($user_id); 883 883 884 $options_site_url = network_admin_url('ms-options.php');884 $options_site_url = esc_url(network_admin_url('ms-options.php')); 885 885 $msg = sprintf(__('New User: %1s 886 886 Remote IP: %2s
Note: See TracChangeset
for help on using the changeset viewer.