Changeset 1743

Timestamp:

10/05/2004 06:59:13 AM (21 years ago)

Author:

saxmatt

Message:

Input cleanup

Location:

trunk/wp-admin

Files:

• admin-header.php (modified) (1 diff)
• bookmarklet.php (modified) (3 diffs)
• categories.php (modified) (1 diff)
• edit-comments.php (modified) (2 diffs)
• edit.php (modified) (1 diff)

trunk/wp-admin/admin-header.php

@@ -42 +42 @@
 <link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
-<?php
-if ($redirect==1) {
-?>
-<script type="text/javascript">
-<!--
-function redirect() {
-  window.location = "<?php echo $redirect_url; ?>";
-}
-setTimeout("redirect();", 600);
-//-->
-</script>
-<?php
-} // redirect
-?>
 
 <?php if (isset($xfn)) : ?>

trunk/wp-admin/bookmarklet.php

@@ -1 +1 @@
 <?php
-/* <Bookmarklet> */
-
-// accepts 'post_title' and 'content' as vars passed in. Add-on from Alex King
-
 $mode = 'bookmarklet';
 
@@ -24 +20 @@
 </head>
 <body></body>
-</html><?php
-
+</html>
+<?php
 } else {
-
-    $popuptitle = stripslashes($popuptitle);
-    $text = stripslashes(urldecode($text));
+    $popuptitle = htmlspecialchars(stripslashes($popuptitle));
+    $text = htmlspecialchars(stripslashes(urldecode($text)));
     
     /* big funky fixes for browsers' javascript bugs */
@@ -58 +53 @@
 // the var instead of changing the assignment on the lines above. 
 // -- Alex King 2004-01-07
-    $edited_post_title = $post_title;
+    $edited_post_title = htmlspecialchars($post_title);
 
 // $post_pingback needs to be set in any file that includes edit-form.php

trunk/wp-admin/categories.php

@@ -98 +98 @@
     <form name="editcat" action="categories.php" method="post">
         <input type="hidden" name="action" value="editedcat" />
-        <input type="hidden" name="cat_ID" value="<?php echo $_GET['cat_ID'] ?>" />
+        <input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" />
         <p><?php _e('Category name:') ?><br />
         <input type="text" name="cat_name" value="<?php echo htmlspecialchars($cat_name); ?>" /></p>

trunk/wp-admin/edit-comments.php

@@ -29 +29 @@
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo $s; ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo htmlspecialchars($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
@@ -149 +149 @@
 </div>
 
-<?php 
-include('admin-footer.php');
-?>
+<?php include('admin-footer.php'); ?>

trunk/wp-admin/edit.php

@@ -66 +66 @@
     echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );
 } elseif ( isset( $_GET['s'] ) ) {
-    printf(__('Search for “%s”'), $_GET['s']);
+    printf(__('Search for “%s”'), htmlspecialchars($_GET['s']) );
 } else {
     _e('Last 15 Posts');