WordPress.org

Make WordPress Core

Changeset 19281


Ignore:
Timestamp:
11/14/11 21:08:33 (2 years ago)
Author:
nacin
Message:

Use wp_login_url() where possible in wp-login.php. props ramiy for initial patch. Escape with a tin foil hat. fixes #19199.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-login.php

    r19189 r19281  
    8080<body class="login"> 
    8181<?php   if ( !is_multisite() ) { ?> 
    82 <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', esc_attr__('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1> 
     82<div id="login"><h1><a href="<?php echo esc_url( apply_filters('login_headerurl', 'http://wordpress.org/') ); ?>" title="<?php echo esc_attr( apply_filters('login_headertitle', __( 'Powered by WordPress' ) ) ); ?>"><?php bloginfo('name'); ?></a></h1> 
    8383<?php   } else { ?> 
    84 <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', network_home_url() ); ?>" title="<?php echo apply_filters('login_headertitle', esc_attr($current_site->site_name) ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1> 
     84<div id="login"><h1><a href="<?php echo esc_url( apply_filters('login_headerurl', network_home_url() ) ); ?>" title="<?php echo esc_attr( apply_filters('login_headertitle', $current_site->site_name ) ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1> 
    8585<?php   } 
    8686 
     
    120120function login_footer($input_id = '') { 
    121121    ?> 
    122     <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php esc_attr_e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p> 
     122    <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '&larr; Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p> 
    123123    </div> 
    124124 
     
    401401?> 
    402402 
    403 <form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post"> 
     403<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post"> 
    404404    <p> 
    405405        <label for="user_login" ><?php _e('Username or E-mail:') ?><br /> 
     
    412412 
    413413<p id="nav"> 
    414 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 
    415 <?php if (get_option('users_can_register')) : ?> 
    416  | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 
     414<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a> 
     415<?php if ( get_option( 'users_can_register' ) ) : ?> 
     416 | <a href="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login' ) ); ?>"><?php _e( 'Register' ); ?></a> 
    417417<?php endif; ?> 
    418418</p> 
     
    437437    } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) { 
    438438        reset_password($user, $_POST['pass1']); 
    439         login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a></p>'); 
     439        login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); 
    440440        login_footer(); 
    441441        exit; 
     
    448448 
    449449?> 
    450 <form name="resetpassform" id="resetpassform" action="<?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode($_GET['key']) . '&login=' . urlencode($_GET['login']), 'login_post') ?>" method="post"> 
     450<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post"> 
    451451    <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" /> 
    452452 
     
    468468 
    469469<p id="nav"> 
    470 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 
    471 <?php if (get_option('users_can_register')) : ?> 
    472  | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 
     470<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> 
     471<?php if ( get_option( 'users_can_register' ) ) : ?> 
     472 | <a href="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login' ) ); ?>"><?php _e( 'Register' ); ?></a> 
    473473<?php endif; ?> 
    474474</p> 
     
    507507?> 
    508508 
    509 <form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post"> 
     509<form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post"> 
    510510    <p> 
    511511        <label for="user_login"><?php _e('Username') ?><br /> 
     
    524524 
    525525<p id="nav"> 
    526 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 
    527 <a href="<?php echo wp_lostpassword_url() ?>" title="<?php esc_attr_e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 
     526<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> | 
     527<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a> 
    528528</p> 
    529529 
     
    627627?> 
    628628 
    629 <form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post"> 
     629<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> 
    630630    <p> 
    631631        <label for="user_login"><?php _e('Username') ?><br /> 
     
    653653<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> 
    654654<?php elseif ( get_option('users_can_register') ) : ?> 
    655 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> | 
    656 <a href="<?php echo wp_lostpassword_url() ?>" title="<?php esc_attr_e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 
     655<a href="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login' ) ); ?>"><?php _e( 'Register' ); ?></a> | 
     656<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a> 
    657657<?php else : ?> 
    658 <a href="<?php echo wp_lostpassword_url() ?>" title="<?php esc_attr_e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 
     658<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a> 
    659659<?php endif; ?> 
    660660</p> 
Note: See TracChangeset for help on using the changeset viewer.