Make WordPress Core

Changeset 18010


Ignore:
Timestamp:
05/23/2011 11:33:30 PM (14 years ago)
Author:
ryan
Message:

Validation fixes. Props ocean90, peaceablewhale. see #17364

Location:
trunk
Files:
16 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r17994 r18010  
    509509    break;
    510510case 'add-tag' :
    511     check_ajax_referer( 'add-tag' );
     511    check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
    512512    $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
    513513    $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
  • trunk/wp-admin/custom-background.php

    r17999 r18010  
    238238<?php wp_nonce_field('custom-background-upload', '_wpnonce-custom-background-upload') ?>
    239239<?php submit_button( __( 'Upload' ), 'button', 'submit', false ); ?>
    240 </p>
    241240</form>
    242241</td>
     
    271270<th scope="row"><?php _e( 'Repeat' ); ?></th>
    272271<td><fieldset><legend class="screen-reader-text"><span><?php _e( 'Background Repeat' ); ?></span></legend>
    273 <label><input type="radio" name="background-repeat" value="no-repeat"<?php checked('no-repeat', get_theme_mod('background_repeat', 'repeat')); ?>> <?php _e('No Repeat'); ?></option></label>
    274     <label><input type="radio" name="background-repeat" value="repeat"<?php checked('repeat', get_theme_mod('background_repeat', 'repeat')); ?>> <?php _e('Tile'); ?></option></label>
    275     <label><input type="radio" name="background-repeat" value="repeat-x"<?php checked('repeat-x', get_theme_mod('background_repeat', 'repeat')); ?>> <?php _e('Tile Horizontally'); ?></option></label>
    276     <label><input type="radio" name="background-repeat" value="repeat-y"<?php checked('repeat-y', get_theme_mod('background_repeat', 'repeat')); ?>> <?php _e('Tile Vertically'); ?></option></label>
     272<label><input type="radio" name="background-repeat" value="no-repeat"<?php checked('no-repeat', get_theme_mod('background_repeat', 'repeat')); ?> /> <?php _e('No Repeat'); ?></label>
     273    <label><input type="radio" name="background-repeat" value="repeat"<?php checked('repeat', get_theme_mod('background_repeat', 'repeat')); ?> /> <?php _e('Tile'); ?></label>
     274    <label><input type="radio" name="background-repeat" value="repeat-x"<?php checked('repeat-x', get_theme_mod('background_repeat', 'repeat')); ?> /> <?php _e('Tile Horizontally'); ?></label>
     275    <label><input type="radio" name="background-repeat" value="repeat-y"<?php checked('repeat-y', get_theme_mod('background_repeat', 'repeat')); ?> /> <?php _e('Tile Vertically'); ?></label>
    277276</fieldset></td>
    278277</tr>
  • trunk/wp-admin/custom-header.php

    r17999 r18010  
    389389        toggle_text();
    390390        <?php } ?>
    391         });
     391    });
     392/* ]]> */
    392393</script>
    393394<?php
  • trunk/wp-admin/edit-tags.php

    r17748 r18010  
    3535case 'add-tag':
    3636
    37     check_admin_referer( 'add-tag' );
     37    check_admin_referer( 'add-tag', '_wpnonce_add-tag' );
    3838
    3939    if ( !current_user_can( $tax->cap->edit_terms ) )
     
    329329<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
    330330<input type="hidden" name="post_type" value="<?php echo esc_attr($post_type); ?>" />
    331 <?php wp_nonce_field('add-tag'); ?>
     331<?php wp_nonce_field('add-tag', '_wpnonce_add-tag'); ?>
    332332
    333333<div class="form-field form-required">
  • trunk/wp-admin/export.php

    r17748 r18010  
    110110
    111111        $month = zeroise( $date->month, 2 );
    112         echo '<option value="' . $date->year . '-' . $month . '" />' . $wp_locale->get_month( $month ) . ' ' . $date->year . '</option>';
     112        echo '<option value="' . $date->year . '-' . $month . '">' . $wp_locale->get_month( $month ) . ' ' . $date->year . '</option>';
    113113    }
    114114}
  • trunk/wp-admin/includes/class-wp-posts-list-table.php

    r17899 r18010  
    282282        $post_status = !empty( $_REQUEST['post_status'] ) ? $_REQUEST['post_status'] : 'all';
    283283        if ( post_type_supports( $post_type, 'comments' ) && !in_array( $post_status, array( 'pending', 'draft', 'future' ) ) )
    284             $posts_columns['comments'] = '<div class="vers"><img alt="' . esc_attr__( 'Comments' ) . '" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></div>';
     284            $posts_columns['comments'] = '<span class="vers"><img alt="' . esc_attr__( 'Comments' ) . '" src="' . esc_url( admin_url( 'images/comment-grey-bubble.png' ) ) . '" /></span>';
    285285
    286286        $posts_columns['date'] = __( 'Date' );
  • trunk/wp-admin/includes/class-wp-terms-list-table.php

    r17771 r18010  
    251251        $name = apply_filters( 'term_name', $pad . ' ' . $tag->name, $tag );
    252252        $qe_data = get_term( $tag->term_id, $taxonomy, OBJECT, 'edit' );
    253         $edit_link = get_edit_term_link( $tag->term_id, $taxonomy, $post_type );
     253        $edit_link = esc_url( get_edit_term_link( $tag->term_id, $taxonomy, $post_type ) );
    254254
    255255        $out = '<strong><a class="row-title" href="' . $edit_link . '" title="' . esc_attr( sprintf( __( 'Edit &#8220;%s&#8221;' ), $name ) ) . '">' . $name . '</a></strong><br />';
     
    270270        $out .= '<div class="name">' . $qe_data->name . '</div>';
    271271        $out .= '<div class="slug">' . apply_filters( 'editable_slug', $qe_data->slug ) . '</div>';
    272         $out .= '<div class="parent">' . $qe_data->parent . '</div></div></td>';
     272        $out .= '<div class="parent">' . $qe_data->parent . '</div></div>';
    273273
    274274        return $out;
     
    301301        $args['post_type'] = $post_type;
    302302
    303         return "<a href='" . add_query_arg( $args, 'edit.php' ) . "'>$count</a>";
     303        return "<a href='" . esc_url ( add_query_arg( $args, 'edit.php' ) ) . "'>$count</a>";
    304304    }
    305305
  • trunk/wp-admin/includes/class-wp-users-list-table.php

    r17771 r18010  
    113113            /* translators: User role name with count */
    114114            $name = sprintf( __('%1$s <span class="count">(%2$s)</span>'), $name, $avail_roles[$this_role] );
    115             $role_links[$this_role] = "<a href='" . add_query_arg( 'role', $this_role, $url ) . "'$class>$name</a>";
     115            $role_links[$this_role] = "<a href='" . esc_html( add_query_arg( 'role', $this_role, $url ) ) . "'$class>$name</a>";
    116116        }
    117117
  • trunk/wp-admin/includes/dashboard.php

    r17973 r18010  
    553553            <span id="publishing-action">
    554554                <input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php current_user_can('publish_posts') ? esc_attr_e('Publish') : esc_attr_e('Submit for Review'); ?>" />
    555                 <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" />
     555                <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    556556            </span>
    557557            <br class="clear" />
  • trunk/wp-admin/includes/nav-menu.php

    r17951 r18010  
    183183                        ),
    184184                        'delete-menu_item_' . $item_id
    185                     ); ?>"><?php _e('Remove'); ?></a> <span class="meta-sep"> | </span> <a class="item-cancel submitcancel" id="cancel-<?php echo $item_id; ?>" href="<?php echo add_query_arg( array('edit-menu-item' => $item_id, 'cancel' => time()), remove_query_arg( $removed_args, admin_url( 'nav-menus.php' ) ) );
     185                    ); ?>"><?php _e('Remove'); ?></a> <span class="meta-sep"> | </span> <a class="item-cancel submitcancel" id="cancel-<?php echo $item_id; ?>" href="<?php echo esc_url( add_query_arg( array('edit-menu-item' => $item_id, 'cancel' => time()), remove_query_arg( $removed_args, admin_url( 'nav-menus.php' ) ) ) );
    186186                        ?>#menu-item-settings-<?php echo $item_id; ?>"><?php _e('Cancel'); ?></a>
    187187                </div>
     
    691691                <input type="text" class="quick-search input-with-default-title" title="<?php esc_attr_e('Search'); ?>" value="<?php echo $searched; ?>" name="quick-search-posttype-<?php echo $post_type_name; ?>" />
    692692                <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    693                 <?php submit_button( __( 'Search' ), 'quick-search-submit button-secondary hide-if-js', 'submit', false ); ?>
     693                <?php submit_button( __( 'Search' ), 'quick-search-submit button-secondary hide-if-js', 'submit', false, array( 'id' => 'submit-quick-search-posttype-' . $post_type_name ) ); ?>
    694694            </p>
    695695
     
    925925                <input type="text" class="quick-search input-with-default-title" title="<?php esc_attr_e('Search'); ?>" value="<?php echo $searched; ?>" name="quick-search-taxonomy-<?php echo $taxonomy_name; ?>" />
    926926                <img class="waiting" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" />
    927                 <?php submit_button( __( 'Search' ), 'quick-search-submit button-secondary hide-if-js', 'submit', false ); ?>
     927                <?php submit_button( __( 'Search' ), 'quick-search-submit button-secondary hide-if-js', 'submit', false, array( 'id' => 'submit-quick-search-taxonomy-' . $taxonomy_name ) ); ?>
    928928            </p>
    929929
  • trunk/wp-admin/includes/widgets.php

    r16660 r18010  
    208208        </div>
    209209        <div class="alignright<?php if ( 'noform' === $has_form ) echo ' widget-control-noform'; ?>">
    210         <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback " title="" alt="" />
    211         <?php submit_button( __( 'Save' ), 'button-primary widget-control-save', 'savewidget', false ); ?>
     210        <img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-feedback" title="" alt="" />
     211        <?php submit_button( __( 'Save' ), 'button-primary widget-control-save', 'savewidget', false, array( 'id' => 'widget-' . esc_attr( $id_format ) . '-savewidget' ) ); ?>
    212212        </div>
    213213        <br class="clear" />
  • trunk/wp-admin/nav-menus.php

    r17748 r18010  
    557557                                <br class="clear" />
    558558                                <div class="publishing-action">
    559                                     <?php submit_button( empty( $nav_menu_selected_id ) ? __( 'Create Menu' ) : __( 'Save Menu' ), 'button-primary menu-save', 'save_menu', false ); ?>
     559                                    <?php submit_button( empty( $nav_menu_selected_id ) ? __( 'Create Menu' ) : __( 'Save Menu' ), 'button-primary menu-save', 'save_menu', false, array( 'id' => 'save_menu_header' ) ); ?>
    560560                                </div><!-- END .publishing-action -->
    561561
     
    596596                            <?php
    597597                            if ( ! empty( $nav_menu_selected_id ) )
    598                                 submit_button( __( 'Save Menu' ), 'button-primary menu-save', 'save_menu', false );
     598                                submit_button( __( 'Save Menu' ), 'button-primary menu-save', 'save_menu', false, array( 'id' => 'save_menu_footer' ) );
    599599                            ?>
    600600                        </div>
  • trunk/wp-admin/network/site-users.php

    r17322 r18010  
    265265    </table>
    266266    <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?>
    267     <?php submit_button( __('Add User'), 'primary', 'add-user' ); ?>
     267    <?php submit_button( __('Add User'), 'primary', 'add-user', false, array( 'id' => 'submit-add-existing-user' ) ); ?>
    268268</form>
    269269<?php endif; ?>
     
    301301    </table>
    302302    <?php wp_nonce_field( 'add-user', '_wpnonce_add-new-user' ) ?>
    303     <?php submit_button( __('Add New User'), 'primary', 'add-user' ); ?>
     303    <?php submit_button( __('Add New User'), 'primary', 'add-user', false, array( 'id' => 'submit-add-user' ) ); ?>
    304304</form>
    305305<?php endif; ?>
  • trunk/wp-admin/options-writing.php

    r17748 r18010  
    7070        <option<?php selected( get_option('default_post_format'), $format ); ?> value="<?php echo esc_attr( $format ); ?>"><?php echo esc_html( get_post_format_string( $format ) ); ?></option>
    7171<?php endforeach; ?>
    72     </select></label>
     72    </select>
    7373</td>
    7474</tr>
  • trunk/wp-admin/themes.php

    r17927 r18010  
    150150    <label class="screen-reader-text" for="theme-search-input"><?php _e('Search Installed Themes'); ?>:</label>
    151151    <input type="text" id="theme-search-input" name="s" value="<?php _admin_search_query(); ?>" />
    152     <?php submit_button( __( 'Search Installed Themes' ), 'button', 'submit', false ); ?>
     152    <?php submit_button( __( 'Search Installed Themes' ), 'button', false, false, array( 'id' => 'search-submit' ) ); ?>
    153153    <a id="filter-click" href="?filter=1"><?php _e( 'Feature Filter' ); ?></a>
    154154</p>
     
    185185
    186186    <div class="feature-container">
    187         <?php submit_button( __( 'Apply Filters' ), 'button-secondary submitter', 'submit', false, array( 'style' => 'margin-left: 120px' ) ); ?>
     187        <?php submit_button( __( 'Apply Filters' ), 'button-secondary submitter', false, false, array( 'style' => 'margin-left: 120px', 'id' => 'filter-submit' ) ); ?>
    188188        &nbsp;
    189189        <small><a id="mini-filter-click" href="<?php echo esc_url( remove_query_arg( array('filter', 'features', 'submit') ) ); ?>"><?php _e( 'Close filters' )?></a></small>
  • trunk/wp-content/themes/twentyeleven/inc/theme-options.php

    r17987 r18010  
    196196                                    <input type="radio" name="twentyeleven_theme_options[color_scheme]" value="<?php echo esc_attr( $color['value'] ); ?>" <?php checked( $options['color_scheme'], $color['value'] ); ?> />
    197197                                    <span>
    198                                         <img src="<?php echo esc_url( $color['thumbnail'] ); ?>"/>
     198                                        <img src="<?php echo esc_url( $color['thumbnail'] ); ?>" alt=""/>
    199199                                        <?php echo $color['label']; ?>
    200200                                    </span>
     
    213213                            <input type="text" name="twentyeleven_theme_options[link_color]" id="link-color" value="<?php echo esc_attr( $options['link_color'] ); ?>" />
    214214                            <a href="#" class="pickcolor hide-if-no-js" id="link-color-example"></a>
    215                             <input type="button" class="pickcolor button hide-if-no-js" value="<?php esc_attr_e( 'Select a Color', 'twentyeleven' ); ?>">
     215                            <input type="button" class="pickcolor button hide-if-no-js" value="<?php esc_attr_e( 'Select a Color', 'twentyeleven' ); ?>" />
    216216                            <div id="colorPickerDiv" style="z-index: 100; background:#eee; border:1px solid #ccc; position:absolute; display:none;"></div>
    217217                            <br />
     
    231231                                    <input type="radio" name="twentyeleven_theme_options[theme_layout]" value="<?php echo esc_attr( $layout['value'] ); ?>" <?php checked( $options['theme_layout'], $layout['value'] ); ?> />
    232232                                    <span>
    233                                         <img src="<?php echo esc_url( $layout['thumbnail'] ); ?>"/>
     233                                        <img src="<?php echo esc_url( $layout['thumbnail'] ); ?>" alt=""/>
    234234                                        <?php echo $layout['label']; ?>
    235235                                    </span>
Note: See TracChangeset for help on using the changeset viewer.