Changeset 17141

Timestamp:

12/25/2010 05:58:01 PM (14 years ago)

Author:

nacin

Message:

Tag textareas escaped earlier with textarea_escaped. see #15454.

Location:

trunk/wp-admin

Files:

• edit-tag-form.php (modified) (1 diff)
• includes/media.php (modified) (1 diff)
• includes/meta-boxes.php (modified) (3 diffs)
• user-edit.php (modified) (1 diff)

trunk/wp-admin/edit-tag-form.php

@@ -62 +62 @@
         <tr class="form-field">
             <th scope="row" valign="top"><label for="description"><?php _ex('Description', 'Taxonomy Description'); ?></label></th>
-            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $tag->description; // already escaped ?></textarea><br />
+            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $tag->description; // textarea_escaped ?></textarea><br />
             <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
         </tr>

trunk/wp-admin/includes/media.php

@@ -1344 +1344 @@
             $item .= $field[ $field['input'] ];
         elseif ( $field['input'] == 'textarea' ) {
-            if ( user_can_richedit() ) { // already escaped when user_can_richedit() = false
+            if ( user_can_richedit() ) { // textarea_escaped when user_can_richedit() = false
                 $field['value'] = esc_textarea( $field['value'] );
             }

trunk/wp-admin/includes/meta-boxes.php

@@ -289 +289 @@
     <div class="nojs-tags hide-if-js">
     <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
-    <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // escaped by esc_attr() ?></textarea></div>
+    <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // textarea_escaped by esc_attr() ?></textarea></div>
     <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
     <div class="ajaxtag hide-if-no-js">
@@ -384 +384 @@
 function post_excerpt_meta_box($post) {
 ?>
-<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt; ?></textarea>
+<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt; // textarea_escaped ?></textarea>
 <p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p>
 <?php
@@ -887 +887 @@
     <tr class="form-field">
         <th valign="top"  scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
-        <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); // escaped ?></textarea></td>
+        <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); // textarea_escaped ?></textarea></td>
     </tr>
     <tr class="form-field">

trunk/wp-admin/user-edit.php

@@ -355 +355 @@
 <tr>
     <th><label for="description"><?php _e('Biographical Info'); ?></label></th>
-    <td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description; // escaped ?></textarea><br />
+    <td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description; // textarea_escaped ?></textarea><br />
     <span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
 </tr>