Changeset 16431
- Timestamp:
- 11/17/2010 05:12:01 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 22 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/edit-tag-form.php
r15830 r16431 62 62 <tr class="form-field"> 63 63 <th scope="row" valign="top"><label for="description"><?php _ex('Description', 'Taxonomy Description'); ?></label></th> 64 <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_ html($tag->description); ?></textarea><br />64 <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_textarea( $tag->description ); ?></textarea><br /> 65 65 <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td> 66 66 </tr> -
trunk/wp-admin/includes/class-wp-comments-list-table.php
r16375 r16431 351 351 if ( $user_can ) { ?> 352 352 <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden"> 353 <textarea class="comment" rows="1" cols="1"><?php echo esc_ html( apply_filters( 'comment_edit_pre', $comment->comment_content ) ); ?></textarea>353 <textarea class="comment" rows="1" cols="1"><?php echo esc_textarea( apply_filters( 'comment_edit_pre', $comment->comment_content ) ); ?></textarea> 354 354 <div class="author-email"><?php echo esc_attr( $comment->comment_author_email ); ?></div> 355 355 <div class="author"><?php echo esc_attr( $comment->comment_author ); ?></div> -
trunk/wp-admin/includes/dashboard.php
r16240 r16431 519 519 <h4 id="content-label"><label for="content"><?php _e('Content') ?></label></h4> 520 520 <div class="textarea-wrap"> 521 <textarea name="content" id="content" class="mceEditor" rows="3" cols="15" tabindex="2"><?php echo $post->post_content; ?></textarea>521 <textarea name="content" id="content" class="mceEditor" rows="3" cols="15" tabindex="2"><?php echo esc_textarea( $post->post_content ); ?></textarea> 522 522 </div> 523 523 -
trunk/wp-admin/includes/media.php
r16383 r16431 1283 1283 $item .= $field[ $field['input'] ]; 1284 1284 elseif ( $field['input'] == 'textarea' ) { 1285 $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_ html( $field['value'] ) . '</textarea>';1285 $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_textarea( $field['value'] ) . '</textarea>'; 1286 1286 } else { 1287 1287 $item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />"; -
trunk/wp-admin/includes/meta-boxes.php
r16324 r16431 286 286 <div class="nojs-tags hide-if-js"> 287 287 <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p> 288 <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_ attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>288 <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_textarea( get_terms_to_edit( $post->ID, $tax_name ) ); ?></textarea></div> 289 289 <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?> 290 290 <div class="ajaxtag hide-if-no-js"> … … 386 386 function post_excerpt_meta_box($post) { 387 387 ?> 388 <label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt?></textarea>388 <label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo esc_textarea( $post->post_excerpt ); ?></textarea> 389 389 <p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p> 390 390 <?php … … 895 895 <tr class="form-field"> 896 896 <th valign="top" scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th> 897 <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); ?></textarea></td>897 <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo esc_textarea( ( isset( $link->link_notes ) ? $link->link_notes : '') ); ?></textarea></td> 898 898 </tr> 899 899 <tr class="form-field"> -
trunk/wp-admin/includes/nav-menu.php
r16096 r16431 162 162 <label for="edit-menu-item-description-<?php echo $item_id; ?>"> 163 163 <?php _e( 'Description' ); ?><br /> 164 <textarea id="edit-menu-item-description-<?php echo $item_id; ?>" class="widefat edit-menu-item-description" rows="3" cols="20" name="menu-item-description[<?php echo $item_id; ?>]"><?php echo esc_ html( $item->description ); ?></textarea>164 <textarea id="edit-menu-item-description-<?php echo $item_id; ?>" class="widefat edit-menu-item-description" rows="3" cols="20" name="menu-item-description[<?php echo $item_id; ?>]"><?php echo esc_textarea( $item->description ); ?></textarea> 165 165 <span class="description"><?php _e('The description will be displayed in the menu if the current theme supports it.'); ?></span> 166 166 </label> -
trunk/wp-admin/includes/template.php
r16426 r16431 484 484 485 485 $entry['meta_key'] = esc_attr($entry['meta_key']); 486 $entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />486 $entry['meta_value'] = esc_textarea( $entry['meta_value'] ); // using a <textarea /> 487 487 $entry['meta_id'] = (int) $entry['meta_id']; 488 488 … … 719 719 <tr> 720 720 <th scope="row"><?php _e( 'URL' ) ?></th> 721 <td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><?php echo wp_get_attachment_url(); ?></textarea></td>721 <td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><?php echo esc_textarea( wp_get_attachment_url() ); ?></textarea></td> 722 722 </tr> 723 723 <?php if ( $icon ) : ?> -
trunk/wp-admin/maint/repair.php
r16049 r16431 73 73 foreach ( $problems as $table => $problem ) 74 74 $problem_output[] = "$table: $problem"; 75 echo '<textarea name="errors" id="errors" rows="20" cols="60">' . format_to_edit(implode("\n", $problem_output)) . '</textarea>';75 echo '<textarea name="errors" id="errors" rows="20" cols="60">' . esc_textarea( implode("\n", $problem_output) ) . '</textarea>'; 76 76 } else { 77 77 echo '<p>'.__('Repairs complete. Please remove the following line from wp-config.php to prevent this page from being used by unauthorized users.')."</p><code>define('WP_ALLOW_REPAIR', true);</code>"; -
trunk/wp-admin/network.php
r16094 r16431 369 369 <textarea class="code" readonly="readonly" cols="100" rows="<?php echo $num_keys_salts; ?>"><?php 370 370 foreach ( $keys_salts as $c => $v ) { 371 echo "\ndefine( '$c', '" . wp_htmledit_pre( $v ) . "' );";371 echo "\ndefine( '$c', '" . esc_textarea( $v ) . "' );"; 372 372 } 373 373 ?></textarea> … … 457 457 <li><p><?php printf( __( 'Add the following to your <code>web.config</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p> 458 458 <textarea class="code" readonly="readonly" cols="100" rows="20"> 459 <?php echo wp_htmledit_pre( $web_config_file ); ?>459 <?php echo esc_textarea( $web_config_file ); ?> 460 460 </textarea></li> 461 461 </ol> … … 486 486 <li><p><?php printf( __( 'Add the following to your <code>.htaccess</code> file in <code>%s</code>, replacing other WordPress rules:' ), ABSPATH ); ?></p> 487 487 <textarea class="code" readonly="readonly" cols="100" rows="<?php echo $subdomain_install ? 11 : 16; ?>"> 488 <?php echo wp_htmledit_pre( $htaccess_file ); ?></textarea></li>488 <?php echo esc_textarea( $htaccess_file ); ?></textarea></li> 489 489 </ol> 490 490 -
trunk/wp-admin/network/settings.php
r16406 r16431 122 122 $limited_email_domains = str_replace( ' ', "\n", $limited_email_domains ); ?> 123 123 <textarea name="limited_email_domains" id="limited_email_domains" cols="45" rows="5"> 124 <?php echo wp_htmledit_pre( $limited_email_domains == '' ? '' : implode( "\n", (array) $limited_email_domains ) ); ?></textarea>124 <?php echo esc_textarea( $limited_email_domains == '' ? '' : implode( "\n", (array) $limited_email_domains ) ); ?></textarea> 125 125 <br /> 126 126 <?php _e( 'If you want to limit site registrations to certain domains. One domain per line.' ) ?> … … 132 132 <td> 133 133 <textarea name="banned_email_domains" id="banned_email_domains" cols="45" rows="5"> 134 <?php echo wp_htmledit_pre( get_site_option( 'banned_email_domains' ) == '' ? '' : implode( "\n", (array) get_site_option( 'banned_email_domains' ) ) ); ?></textarea>134 <?php echo esc_textarea( get_site_option( 'banned_email_domains' ) == '' ? '' : implode( "\n", (array) get_site_option( 'banned_email_domains' ) ) ); ?></textarea> 135 135 <br /> 136 136 <?php _e( 'If you want to ban domains from site registrations. One domain per line.' ) ?> … … 146 146 <td> 147 147 <textarea name="welcome_email" id="welcome_email" rows="5" cols="45" class="large-text"> 148 <?php echo wp_htmledit_pre( stripslashes( get_site_option( 'welcome_email' ) ) ) ?></textarea>148 <?php echo esc_textarea( stripslashes( get_site_option( 'welcome_email' ) ) ) ?></textarea> 149 149 <br /> 150 150 <?php _e( 'The welcome email sent to new site owners.' ) ?> … … 155 155 <td> 156 156 <textarea name="welcome_user_email" id="welcome_user_email" rows="5" cols="45" class="large-text"> 157 <?php echo wp_htmledit_pre( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?></textarea>157 <?php echo esc_textarea( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?></textarea> 158 158 <br /> 159 159 <?php _e( 'The welcome email sent to new users.' ) ?> … … 164 164 <td> 165 165 <textarea name="first_post" id="first_post" rows="5" cols="45" class="large-text"> 166 <?php echo wp_htmledit_pre( stripslashes( get_site_option( 'first_post' ) ) ) ?></textarea>166 <?php echo esc_textarea( stripslashes( get_site_option( 'first_post' ) ) ) ?></textarea> 167 167 <br /> 168 168 <?php _e( 'The first post on a new site.' ) ?> … … 173 173 <td> 174 174 <textarea name="first_page" id="first_page" rows="5" cols="45" class="large-text"> 175 <?php echo wp_htmledit_pre( stripslashes( get_site_option('first_page') ) ) ?></textarea>175 <?php echo esc_textarea( stripslashes( get_site_option('first_page') ) ) ?></textarea> 176 176 <br /> 177 177 <?php _e( 'The first page on a new site.' ) ?> … … 182 182 <td> 183 183 <textarea name="first_comment" id="first_comment" rows="5" cols="45" class="large-text"> 184 <?php echo wp_htmledit_pre( stripslashes( get_site_option('first_comment') ) ) ?></textarea>184 <?php echo esc_textarea( stripslashes( get_site_option('first_comment') ) ) ?></textarea> 185 185 <br /> 186 186 <?php _e( 'The first comment on a new site.' ) ?> -
trunk/wp-admin/network/site-options.php
r16272 r16431 107 107 <tr class="form-field"> 108 108 <th scope="row"><?php echo ucwords( str_replace( "_", " ", $option->option_name ) ) ?></th> 109 <td><textarea class="<?php echo $class; ?>" rows="5" cols="40" name="option[<?php echo esc_attr( $option->option_name ) ?>]" id="<?php echo esc_attr( $option->option_name ) ?>"<?php disabled( $disabled ) ?>><?php echo wp_htmledit_pre( $option->option_value ) ?></textarea></td>109 <td><textarea class="<?php echo $class; ?>" rows="5" cols="40" name="option[<?php echo esc_attr( $option->option_name ) ?>]" id="<?php echo esc_attr( $option->option_name ) ?>"<?php disabled( $disabled ) ?>><?php echo esc_textarea( $option->option_value ) ?></textarea></td> 110 110 </tr> 111 111 <?php -
trunk/wp-admin/options-discussion.php
r15810 r16431 142 142 <p><label for="moderation_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the <a href="edit-comments.php?comment_status=moderated">moderation queue</a>. One word or IP per line. It will match inside words, so “press” will match “WordPress”.') ?></label></p> 143 143 <p> 144 <textarea name="moderation_keys" rows="10" cols="50" id="moderation_keys" class="large-text code"><?php form_option('moderation_keys'); ?></textarea>144 <textarea name="moderation_keys" rows="10" cols="50" id="moderation_keys" class="large-text code"><?php esc_textarea( get_option( 'moderation_keys' ) ); ?></textarea> 145 145 </p> 146 146 </fieldset></td> … … 151 151 <p><label for="blacklist_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.') ?></label></p> 152 152 <p> 153 <textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php form_option('blacklist_keys'); ?></textarea>153 <textarea name="blacklist_keys" rows="10" cols="50" id="blacklist_keys" class="large-text code"><?php esc_textarea( get_option( 'blacklist_keys' ) ); ?></textarea> 154 154 </p> 155 155 </fieldset></td> -
trunk/wp-admin/options-permalink.php
r15810 r16431 231 231 <form action="options-permalink.php" method="post"> 232 232 <?php wp_nonce_field('update-permalink') ?> 233 <p><textarea rows="9" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_ html($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>233 <p><textarea rows="9" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules() ); ?></textarea></p> 234 234 </form> 235 235 <p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p> … … 238 238 <form action="options-permalink.php" method="post"> 239 239 <?php wp_nonce_field('update-permalink') ?> 240 <p><textarea rows="18" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_ html($wp_rewrite->iis7_url_rewrite_rules(true)); ?></textarea></p>240 <p><textarea rows="18" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules(true) ); ?></textarea></p> 241 241 </form> 242 242 <p><?php _e('If you temporarily make your site’s root directory writable for us to generate the <code>web.config</code> file automatically, do not forget to revert the permissions after the file has been created.') ?></p> … … 248 248 <form action="options-permalink.php" method="post"> 249 249 <?php wp_nonce_field('update-permalink') ?> 250 <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_ html($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>250 <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->mod_rewrite_rules() ); ?></textarea></p> 251 251 </form> 252 252 <?php endif; ?> -
trunk/wp-admin/options-writing.php
r15810 r16431 138 138 <p><label for="ping_sites"><?php _e('When you publish a new post, WordPress automatically notifies the following site update services. For more about this, see <a href="http://codex.wordpress.org/Update_Services">Update Services</a> on the Codex. Separate multiple service <abbr title="Universal Resource Locator">URL</abbr>s with line breaks.') ?></label></p> 139 139 140 <textarea name="ping_sites" id="ping_sites" class="large-text code" rows="3"><?php form_option('ping_sites'); ?></textarea>140 <textarea name="ping_sites" id="ping_sites" class="large-text code" rows="3"><?php esc_textarea( get_option('ping_sites') ); ?></textarea> 141 141 142 142 <?php else : ?> -
trunk/wp-admin/options.php
r16061 r16431 202 202 <td>"; 203 203 if ( strpos( $value, "\n" ) !== false ) 204 echo "<textarea class='$class' name='$name' id='$name' cols='30' rows='5'>" . wp_htmledit_pre( $value ) . "</textarea>";204 echo "<textarea class='$class' name='$name' id='$name' cols='30' rows='5'>" . esc_textarea( $value ) . "</textarea>"; 205 205 else 206 206 echo "<input class='regular-text $class' type='text' name='$name' id='$name' value='" . esc_attr( $value ) . "'" . disabled( $disabled, true, false ) . " />"; -
trunk/wp-admin/plugin-editor.php
r16061 r16431 137 137 } 138 138 139 $content = htmlspecialchars( $content );139 $content = esc_textarea( $content ); 140 140 ?> 141 141 <?php if (isset($_GET['a'])) : ?> -
trunk/wp-admin/press-this.php
r16221 r16431 114 114 <h2><label for="embed-code"><?php _e('Embed Code') ?></label></h2> 115 115 <div class="inside"> 116 <textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo wp_htmledit_pre( $selection ); ?></textarea>116 <textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo esc_textarea( $selection ); ?></textarea> 117 117 <p id="options"><a href="#" class="select button"><?php _e('Insert Video'); ?></a> <a href="#" class="close button"><?php _e('Cancel'); ?></a></p> 118 118 </div> -
trunk/wp-admin/theme-editor.php
r16061 r16431 117 117 } 118 118 119 $content = htmlspecialchars( $content );119 $content = esc_textarea( $content ); 120 120 } 121 121 -
trunk/wp-admin/user-edit.php
r16210 r16431 341 341 <tr> 342 342 <th><label for="description"><?php _e('Biographical Info'); ?></label></th> 343 <td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_ html($profileuser->description); ?></textarea><br />343 <td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_textarea( $profileuser->description ); ?></textarea><br /> 344 344 <span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td> 345 345 </tr> -
trunk/wp-includes/default-widgets.php
r16013 r16431 400 400 $instance = wp_parse_args( (array) $instance, array( 'title' => '', 'text' => '' ) ); 401 401 $title = strip_tags($instance['title']); 402 $text = format_to_edit($instance['text']);402 $text = esc_textarea($instance['text']); 403 403 ?> 404 404 <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> -
trunk/wp-includes/formatting.php
r16409 r16431 2354 2354 2355 2355 /** 2356 * Escaping for textarea values. 2357 * 2358 * @since 3.1 2359 * 2360 * @param string $text 2361 * @return string 2362 */ 2363 function esc_textarea( $text ) { 2364 $safe_text = htmlspecialchars( $text ); 2365 return apply_filters( 'esc_textarea', $safe_text, $text ); 2366 } 2367 2368 /** 2356 2369 * Escape a HTML tag name. 2357 2370 * -
trunk/wp-includes/post.php
r16422 r16431 5124 5124 'output' => '<h4 id="%s-content-label"><label for="content">'. __('Content') .'</label></h4> 5125 5125 <div class="textarea-wrap"> 5126 <textarea name="content" id="%s-content" class="mceEditor" rows="3" cols="15" tabindex="%d">'. $post->post_content.'</textarea>5126 <textarea name="content" id="%s-content" class="mceEditor" rows="3" cols="15" tabindex="%d">'. esc_textarea( $post->post_content ) .'</textarea> 5127 5127 </div> 5128 5128 '." <script type='text/javascript'>edCanvas = document.getElementById('content');edInsertContent = null;</script>
Note: See TracChangeset
for help on using the changeset viewer.