Changeset 4535

Timestamp:

11/28/2006 09:51:13 PM (19 years ago)

Author:

ryan

Message:

Use js_escape. Props nbachiyski. fixes #3399

Location:

trunk

Files:

• wp-admin/cat-js.php (modified) (1 diff)
• wp-admin/comment.php (modified) (6 diffs)
• wp-admin/dbx-admin-key-js.php (modified) (2 diffs)
• wp-admin/edit-comments.php (modified) (3 diffs)
• wp-admin/edit-form-advanced.php (modified) (1 diff)
• wp-admin/edit-page-form.php (modified) (1 diff)
• wp-admin/import/blogger.php (modified) (1 diff)
• wp-admin/link-add.php (modified) (1 diff)
• wp-admin/link-manager.php (modified) (2 diffs)
• wp-admin/moderation.php (modified) (1 diff)
• wp-admin/upload-js.php (modified) (3 diffs)
• wp-includes/bookmark-template.php (modified) (1 diff)
• wp-includes/js/autosave.js.php (modified) (3 diffs)
• wp-includes/js/list-manipulation-js.php (modified) (2 diffs)
• wp-includes/js/wp-ajax-js.php (modified) (1 diff)

trunk/wp-admin/cat-js.php

@@ -9 +9 @@
     if ( !jaxcat )
         return false;
-    jaxcat.update('<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="<?php _e('Add'); ?>"/><span id="howto"><?php _e('Separate multiple categories with commas.'); ?></span></span>');
+    jaxcat.update('<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="<?php echo js_escape(__('Add')); ?>"/><span id="howto"><?php js_escape(__('Separate multiple categories with commas.')); ?></span></span>');
     $('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); };
     $('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); };

trunk/wp-admin/comment.php

@@ -19 +19 @@
 
     if ( ! $comment = get_comment($comment) )
-        wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));
+        wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)'));
 
     if ( !current_user_can('edit_post', $comment->comment_post_ID) )
@@ -41 +41 @@
 
     if ( ! $comment = get_comment($comment) )
-        wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+        wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
 
     if ( !current_user_can('edit_post', $comment->comment_post_ID) )
@@ -50 +50 @@
 <div class="narrow">
 <?php if ( 'spam' == $_GET['dt'] ) { ?>
-<p><?php _e('<strong>Caution:</strong> You are about to mark the following comment as spam:'); ?></p>
+<p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to mark the following comment as spam:'); ?></p>
 <?php } elseif ( 'cdc' == $action ) { ?>
-<p><?php _e('<strong>Caution:</strong> You are about to delete the following comment:'); ?></p>
+<p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to delete the following comment:'); ?></p>
 <?php } else { ?>
-<p><?php _e('<strong>Caution:</strong> You are about to approve the following comment:'); ?></p>
+<p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to approve the following comment:'); ?></p>
 <?php } ?>
 
@@ -117 +117 @@
 
     if ( ! $comment = get_comment($comment) )
-             wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit-comments.php'));
+             wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php'));
 
     if ( !current_user_can('edit_post', $comment->comment_post_ID) )
@@ -146 +146 @@
 
     if ( ! $comment = get_comment($comment) )
-        wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+        wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
 
     if ( !current_user_can('edit_post', $comment->comment_post_ID) )
@@ -172 +172 @@
 
     if ( ! $comment = get_comment($comment) )
-        wp_die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+        wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
 
     if ( !current_user_can('edit_post', $comment->comment_post_ID) )

trunk/wp-admin/dbx-admin-key-js.php

@@ -33 +33 @@
         'yes',          // include open/close toggle buttons ['yes'|'no']
         'closed',       // default state ['open'|'closed']
-        'open',         // word for "open", as in "open this box"
-        'close',        // word for "close", as in "close this box"
-        'click-down and drag to move this box', // sentence for "move this box" by mouse
-        'click to %toggle% this box', // pattern-match sentence for "(open|close) this box" by mouse
-        'use the arrow keys to move this box', // sentence for "move this box" by keyboard
-        ', or press the enter key to %toggle% it',  // pattern-match sentence-fragment for "(open|close) this box" by keyboard
+        '<?php echo js_escape(__('open')); ?>',         // word for "open", as in "open this box"
+        '<?php echo js_escape(__('close')); ?>',        // word for "close", as in "close this box"
+        '<?php echo js_escape(__('click-down and drag to move this box')); ?>', // sentence for "move this box" by mouse
+        '<?php echo js_escape(__('click to %toggle% this box')); ?>', // pattern-match sentence for "(open|close) this box" by mouse
+        '<?php echo js_escape(__('use the arrow keys to move this box')); ?>', // sentence for "move this box" by keyboard
+        '<?php echo js_escape(__(', or press the enter key to %toggle% it')); ?>',  // pattern-match sentence-fragment for "(open|close) this box" by keyboard
         '%mytitle%  [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
         );
@@ -58 +58 @@
         'yes',          // include open/close toggle buttons ['yes'|'no']
         'closed',       // default state ['open'|'closed']
-        'open',         // word for "open", as in "open this box"
-        'close',        // word for "close", as in "close this box"
-        'click-down and drag to move this box', // sentence for "move this box" by mouse
-        'click to %toggle% this box', // pattern-match sentence for "(open|close) this box" by mouse
-        'use the arrow keys to move this box', // sentence for "move this box" by keyboard
-        ', or press the enter key to %toggle% it',  // pattern-match sentence-fragment for "(open|close) this box" by keyboard
+        '<?php echo js_escape(__('open')); ?>',         // word for "open", as in "open this box"
+        '<?php echo js_escape(__('close')); ?>',        // word for "close", as in "close this box"
+        '<?php echo js_escape(__('click-down and drag to move this box')); ?>', // sentence for "move this box" by mouse
+        '<?php echo js_escape(__('click to %toggle% this box')); ?>', // pattern-match sentence for "(open|close) this box" by mouse
+        '<?php echo js_escape(__('use the arrow keys to move this box')); ?>', // sentence for "move this box" by keyboard
+        '<?php echo js_escape(__(', or press the enter key to %toggle% it')); ?>',  // pattern-match sentence-fragment for "(open|close) this box" by keyboard
         '%mytitle%  [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
         );

trunk/wp-admin/edit-comments.php

@@ -158 +158 @@
 if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
     echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
-    echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
+    echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
     if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
         echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
         echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
     }
-    echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), js_escape( $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
+    echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
 }
 $post = get_post($comment->comment_post_ID);
@@ -224 +224 @@
     echo "<a href='comment.php?action=editcomment&amp;c=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
     <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-        echo "<a href=\"comment.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;c=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape( $comment->comment_author ))  . "', theCommentList );\" class='delete'>" . __('Delete') . "</a> ";
+        echo "<a href=\"comment.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;c=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $comment->comment_author ))  . "', theCommentList );\" class='delete'>" . __('Delete') . "</a> ";
         } ?></td>
   </tr>
@@ -230 +230 @@
         } // end foreach
     ?></table>
-<p class="submit"><input type="submit" name="delete_button" class="delete" value="<?php _e('Delete Checked Comments &raquo;') ?>" onclick="var numchecked = getNumChecked(document.getElementById('deletecomments')); if(numchecked < 1) { alert('<?php _e("Please select some comments to delete"); ?>'); return false } return confirm('<?php printf(__("You are about to delete %s comments permanently \\n  \'Cancel\' to stop, \'OK\' to delete."), "' + numchecked + '"); ?>')" />
-            <input type="submit" name="spam_button" value="<?php _e('Mark Checked Comments as Spam &raquo;') ?>" onclick="return confirm('<?php _e("You are about to mark these comments as spam \\n  \'Cancel\' to stop, \'OK\' to mark as spam.") ?>')" /></p>
+<p class="submit"><input type="submit" name="delete_button" class="delete" value="<?php _e('Delete Checked Comments &raquo;') ?>" onclick="var numchecked = getNumChecked(document.getElementById('deletecomments')); if(numchecked < 1) { alert('<?php echo js_escape(__("Please select some comments to delete")); ?>'); return false } return confirm('<?php echo js_escape(sprintf(__("You are about to delete %s comments permanently \\n  \'Cancel\' to stop, \'OK\' to delete.")), "' + numchecked + '"); ?>')" />
+            <input type="submit" name="spam_button" value="<?php _e('Mark Checked Comments as Spam &raquo;') ?>" onclick="return confirm('<?php echo js_escape(__("You are about to mark these comments as spam \\n  \'Cancel\' to stop, \'OK\' to mark as spam.")); ?>')" /></p>
   </form>
 <div id="ajax-response"></div>

trunk/wp-admin/edit-form-advanced.php

@@ -245 +245 @@
 
 <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
-<input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
+<input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
 

trunk/wp-admin/edit-page-form.php

@@ -189 +189 @@
     $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID );
     if ( current_user_can('delete_page', $post->ID) ) ?>
-        <input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
+        <input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
 </div>

trunk/wp-admin/import/blogger.php

@@ -11 +11 @@
         $welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
         $noiframes = __('This feature requires iframe support.');
-        $warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
+        $warning = js_escape(__('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?'));
         $reset = __('Reset this importer');
         $incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');

trunk/wp-admin/link-add.php

@@ -30 +30 @@
 <h3><?php _e('Add Link Bookmarklet'); ?></h3>
 <p><?php _e('Right click on the following link and choose "Bookmark This Link..." to create an add link shortcut. Right now this only works on Mozilla or Netscape, but we’re working on it.'); ?></p>
-<?php printf(__('<p><a href="%s" title="Link add bookmarklet">Link This</a></p>'), "javascript:void(linkmanpopup=window.open('" . get_option('siteurl') . "/wp-admin/link-add.php?action=popup&amp;linkurl='+escape(location.href)+'&amp;name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?>
+<?php printf('<p><a href="%s" title="'.__('Link add bookmarklet').'">'.__('Link This').'</a></p>'), "javascript:void(linkmanpopup=window.open('" . get_option('siteurl') . "/wp-admin/link-add.php?action=popup&amp;linkurl='+escape(location.href)+'&amp;name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?>
 </div>
 

trunk/wp-admin/link-manager.php

@@ -162 +162 @@
 
         echo '<td><a href="link.php?link_id='.$link->link_id.'&amp;action=edit" class="edit">'.__('Edit').'</a></td>';
-        echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; link to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
+        echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." onclick=\"return deleteSomething( 'link', $link->link_id , '".js_escape(sprintf(__("You are about to delete the &quot;%s&quot; link to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $link->link_name, $link->link_url )).'\' );" class="delete">'.__('Delete').'</a></td>';
         echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>';
         echo "\n    </tr>\n";
@@ -172 +172 @@
 <div id="ajax-response"></div>
 
-<p class="submit"><input type="submit" class="button" name="deletebookmarks" id="deletebookmarks" value="<?php _e('Delete Checked Links') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these links permanently \\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" /></p>
+<p class="submit"><input type="submit" class="button" name="deletebookmarks" id="deletebookmarks" value="<?php _e('Delete Checked Links') ?> &raquo;" onclick="return confirm('<?php echo js_escape(__("You are about to delete these links permanently \\n  \'Cancel\' to stop, \'OK\' to delete.")); ?>')" /></p>
 </form>
 </div>

trunk/wp-admin/moderation.php

@@ -136 +136 @@
 <p><?php comment_date('M j, g:i A'); ?> &#8212; [ <?php
 echo '<a href="comment.php?action=editcomment&amp;c='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';
-echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete ') . "</a> | "; ?>
+echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete ') . "</a> | "; ?>
 <?php
 $post = get_post($comment->comment_post_ID);

trunk/wp-admin/upload-js.php

@@ -98 +98 @@
             h += "<table>";
             if ( this.currentImage.thumb ) {
-                h += "<tr><th style='padding-bottom:.5em'><?php echo addslashes(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
-                h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo addslashes(__('Thumbnail')); ?></label><br />";
-                h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo addslashes(__('Full size')); ?></label>";
+                h += "<tr><th style='padding-bottom:.5em'><?php echo js_escape(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
+                h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo js_escape(__('Thumbnail')); ?></label><br />";
+                h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo js_escape(__('Full size')); ?></label>";
                 h += "</td></tr>";
             }
 
-            h += "<tr><th><?php echo addslashes(__('Link to:')); ?></th><td>";
-            h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo addslashes(__('File')); ?></label><br />";
-            h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo addslashes(__('Page')); ?></label><br />";
-            h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo addslashes(__('None')); ?></label>";
+            h += "<tr><th><?php echo js_escape(__('Link to:')); ?></th><td>";
+            h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo js_escape(__('File')); ?></label><br />";
+            h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo js_escape(__('Page')); ?></label><br />";
+            h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo js_escape(__('None')); ?></label>";
             h += "</td></tr>";
 
             h += "<tr><td colspan='2'><p class='submit'>";
-            h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo addslashes(__('Send to editor')); ?> &raquo;' />";
+            h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo js_escape(__('Send to editor &raquo;')); ?>' />";
             h += "</p></td></tr></table>";
             h += "</form>";
@@ -135 +135 @@
                 params.ID = '';
                 params.action = '';
-                h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'  title='Browse your files' class='back'>&laquo; Back</a>";
-            } else {
-                h += "<a href='#' onclick='return theFileList.cancelView();'  title='Browse your files' class='back'>&laquo; Back</a>";
+                h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'  title='<?php echo js_escape(__('Browse your files')); ?>' class='back'>&laquo;  <?php echo js_escape(__('Back')); ?></a>";
+            } else {
+                h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo js_escape(__('Browse your files')); ?>' class='back'>&laquo; <?php echo js_escape(__('Back')); ?></a>";
             }
             h += "<div id='file-title'>"
             if ( !this.currentImage.isImage )
-                h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='Direct link to file'>" + this.currentImage.title + "</a></h2>";
+                h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo js_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>";
             else
                 h += "<h2>" + this.currentImage.title + "</h2>";
             h += " &#8212; <span>";
-            h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'>Insert</a>"
+            h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php js_escape(__('Insert')); ?></a>"
             h += "</span>";
             h += '</div>'
             h += "<div id='upload-file-view' class='alignleft'>";
             if ( this.currentImage.isImage ) {
-                h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='Direct link to file'>";
+                h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo js_escape(__('Direct link to file')); ?>'>";
                 h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />";
                 h += "</a>";
@@ -159 +159 @@
 
             h += "<table><col /><col class='widefat' /><tr>"
-            h += "<th scope='row'><label for='url'>URL</label></th>";
+            h += "<th scope='row'><label for='url'><?php echo js_escape(__('URL')); ?></label></th>";
             h += "<td><input type='text' id='url' class='readonly' value='" + this.currentImage.srcBase + this.currentImage.src + "' readonly='readonly' /></td>";
             h += "</tr><tr>";
-            h += "<th scope='row'><label for='post_title'>Title</label></th>";
+            h += "<th scope='row'><label for='post_title'><?php echo js_escape(__('Title')); ?></label></th>";
             h += "<td><input type='text' id='post_title' name='post_title' value='" + this.currentImage.title + "' /></td>";
             h += "</tr><tr>";
-            h += "<th scope='row'><label for='post_content'>Description</label></th>";
+            h += "<th scope='row'><label for='post_content'><?php echo js_escape(__('Description')); ?></label></th>";
             h += "<td><textarea name='post_content' id='post_content'>" + this.currentImage.description + "</textarea></td>";
-            h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='Delete File' onclick='theFileList.deleteFile(" + id + ");' />";
+            h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo js_escape(__('Delete File')); ?>' onclick='theFileList.deleteFile(" + id + ");' />";
             h += "<input type='hidden' name='from_tab' value='" + this.tab + "' />";
             h += "<input type='hidden' name='action' id='action-value' value='save' />";
             h += "<input type='hidden' name='ID' value='" + id + "' />";
             h += "<input type='hidden' name='_wpnonce' value='" + this.nonce + "' />";
-            h += "<div class='submit'><input type='submit' value='Save &raquo;' /></div>";
+            h += "<div class='submit'><input type='submit' value='<?php echo js_escape(__('Save &raquo;')); ?>' /></div>";
             h += "</td></tr></table></form>";
 

trunk/wp-includes/bookmark-template.php

@@ -108 +108 @@
         if ( $show_updated )
             if (substr($row->link_updated_f, 0, 2) != '00')
-                $title .= ' (Last updated ' . date(get_option('links_updated_date_format'), $row->link_updated_f + (get_option('gmt_offset') * 3600)) . ')';
+                $title .= ' ('.__('Last updated') . ' ' . date(get_option('links_updated_date_format'), $row->link_updated_f + (get_option('gmt_offset') * 3600)) . ')';
 
         if ( '' != $title )

trunk/wp-includes/js/autosave.js.php

@@ -39 +39 @@
     
     if(isNaN(res)) {
-        message = "<?php _e('Error: '); ?>" + response;
+        message = "<?php js_escape(__('Error: ')); ?>" + response;
     } else {
-        message = "<?php _e('Saved at '); ?>" + autosave_cur_time();
+        message = "<?php js_escape(__('Saved at ')); ?>" + autosave_cur_time();
         $('post_ID').name = "post_ID";
         $('post_ID').value = res;
@@ -61 +61 @@
 
 function autosave_loading() {
-    $('autosave').innerHTML = "<?php _e('Saving Draft...'); ?>";
+    $('autosave').innerHTML = "<?php js_escape(__('Saving Draft...')); ?>";
 }
 
@@ -70 +70 @@
     
     if(isNaN(res)) {
-        message = "<?php _e('Error: '); ?>" + response;
+        message = "<?php js_escape(__('Error: ')); ?>" + response;
     } else {
-        message = "<?php _e('Saved at '); ?>" + autosave_cur_time() + ".";
+        message = "<?php js_escape(__('Saved at ')); ?>" + autosave_cur_time() + ".";
     }
     $('autosave').innerHTML = message;

trunk/wp-includes/js/list-manipulation-js.php

@@ -1 +1 @@
 <?php @require_once('../../wp-config.php'); cache_javascript_headers(); ?>
 addLoadEvent(function(){theList=new listMan();});
-function deleteSomething(what,id,message,obj){if(!obj)obj=theList;if(!message)message="<?php printf(__('Are you sure you want to delete this %s?'),"'+what+'"); ?>";if(confirm(message))return obj.ajaxDelete(what,id);else return false;}
+function deleteSomething(what,id,message,obj){if(!obj)obj=theList;if(!message)message="<?php printf(js_escape(__('Are you sure you want to delete this %s?')),"'+what+'"); ?>";if(confirm(message))return obj.ajaxDelete(what,id);else return false;}
 function dimSomething(what,id,dimClass,obj){if(!obj)obj=theList;return obj.ajaxDimmer(what,id,dimClass);}
 
@@ -48 +48 @@
                         tempObj.showLink = id;
                 });
-                ajaxAdd.myResponseElement.update(tempObj.showLink ? ( "<div id='jumplink' class='updated fade'><p><a href='#" + what + '-' + tempObj.showLink + "'><?php _e('Jump to new item'); ?></a></p></div>" ) : '');
+                ajaxAdd.myResponseElement.update(tempObj.showLink ? ( "<div id='jumplink' class='updated fade'><p><a href='#" + what + '-' + tempObj.showLink + "'><?php js_escape(__('Jump to new item')); ?></a></p></div>" ) : '');
             }
             if ( tempObj.addComplete && typeof tempObj.addComplete == 'function' )

trunk/wp-includes/js/wp-ajax-js.php

@@ -82 +82 @@
         wpBeforeUnload = window.onbeforeunload;
         window.onbeforeunload = function() {
-            return "<?php _e("Slow down, I'm still sending your data!"); ?>";
+            return "<?php js_escape(__("Slow down, I'm still sending your data!")); ?>";
         }
     },