Changeset 4656
- Timestamp:
- 12/21/2006 10:10:04 AM (18 years ago)
- Files:
-
- 70 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/wp-admin/admin-functions.php
r4640 r4656 290 290 $text = wp_specialchars(stripslashes(urldecode($_REQUEST['text']))); 291 291 $text = funky_javascript_fix($text); 292 $popupurl = wp_specialchars($_REQUEST['popupurl']);292 $popupurl = attribute_escape(stripslashes($_REQUEST['popupurl'])); 293 293 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 294 294 } … … 338 338 function get_user_to_edit($user_id) { 339 339 $user = new WP_User($user_id); 340 $user->user_login = wp_specialchars($user->user_login, 1);341 $user->user_email = wp_specialchars($user->user_email, 1);342 $user->user_url = wp_specialchars($user->user_url, 1);343 $user->first_name = wp_specialchars($user->first_name, 1);344 $user->last_name = wp_specialchars($user->last_name, 1);345 $user->display_name = wp_specialchars($user->display_name, 1);346 $user->nickname = wp_specialchars($user->nickname, 1);347 $user->aim = wp_specialchars($user->aim, 1);348 $user->yim = wp_specialchars($user->yim, 1);349 $user->jabber = wp_specialchars($user->jabber, 1);340 $user->user_login = attribute_escape($user->user_login); 341 $user->user_email = attribute_escape($user->user_email); 342 $user->user_url = attribute_escape($user->user_url); 343 $user->first_name = attribute_escape($user->first_name); 344 $user->last_name = attribute_escape($user->last_name); 345 $user->display_name = attribute_escape($user->display_name); 346 $user->nickname = attribute_escape($user->nickname); 347 $user->aim = attribute_escape($user->aim); 348 $user->yim = attribute_escape($user->yim); 349 $user->jabber = attribute_escape($user->jabber); 350 350 $user->description = wp_specialchars($user->description); 351 351 … … 468 468 $link = get_link($link_id); 469 469 470 $link->link_url = wp_specialchars($link->link_url, 1);471 $link->link_name = wp_specialchars($link->link_name, 1);472 $link->link_image = wp_specialchars($link->link_image, 1);473 $link->link_description = wp_specialchars($link->link_description, 1);470 $link->link_url = attribute_escape($link->link_url); 471 $link->link_name = attribute_escape($link->link_name); 472 $link->link_image = attribute_escape($link->link_image); 473 $link->link_description = attribute_escape($link->link_description); 474 474 $link->link_notes = wp_specialchars($link->link_notes); 475 $link->link_rss = wp_specialchars($link->link_rss, 1);476 $link->link_rel = wp_specialchars($link->link_rel, 1);475 $link->link_rss = attribute_escape($link->link_rss); 476 $link->link_rel = attribute_escape($link->link_rel); 477 477 $link->post_category = $link->link_category; 478 478 … … 482 482 function get_default_link_to_edit() { 483 483 if ( isset($_GET['linkurl']) ) 484 $link->link_url = wp_specialchars($_GET['linkurl'], 1);484 $link->link_url = attribute_escape($_GET['linkurl']); 485 485 else 486 486 $link->link_url = ''; 487 487 488 488 if ( isset($_GET['name']) ) 489 $link->link_name = wp_specialchars($_GET['name'], 1);489 $link->link_name = attribute_escape($_GET['name']); 490 490 else 491 491 $link->link_name = ''; … … 861 861 } 862 862 863 $entry['meta_key'] = wp_specialchars( $entry['meta_key'], true);864 $entry['meta_value'] = wp_specialchars( $entry['meta_value'], true);863 $entry['meta_key'] = attribute_escape( $entry['meta_key']); 864 $entry['meta_value'] = attribute_escape( $entry['meta_value']); 865 865 echo " 866 866 <tr class='$style'> … … 913 913 914 914 foreach ($keys as $key) { 915 $key = wp_specialchars($key, 1);915 $key = attribute_escape($key); 916 916 echo "\n\t<option value='$key'>$key</option>"; 917 917 } -
branches/2.0/wp-admin/bookmarklet.php
r2972 r4656 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = wp_specialchars($_REQUEST['popupurl']);40 $popupurl = attribute_escape(stripslashes($_REQUEST['popupurl'])); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); -
branches/2.0/wp-admin/categories.php
r4470 r4656 70 70 <tr> 71 71 <th width="33%" scope="row"><?php _e('Category name:') ?></th> 72 <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />72 <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" /> 73 73 <input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td> 74 74 </tr> 75 75 <tr> 76 76 <th scope="row"><?php _e('Category slug:') ?></th> 77 <td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>77 <td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td> 78 78 </tr> 79 79 <tr> … … 87 87 <tr> 88 88 <th scope="row"><?php _e('Description:') ?></th> 89 <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description , 1); ?></textarea></td>89 <td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td> 90 90 </tr> 91 91 </table> -
branches/2.0/wp-admin/edit-comments.php
r3945 r4656 8 8 require_once('admin-header.php'); 9 9 if (empty($_GET['mode'])) $mode = 'view'; 10 else $mode = wp_specialchars($_GET['mode'], 1);10 else $mode = attribute_escape($_GET['mode']); 11 11 ?> 12 12 … … 31 31 <fieldset> 32 32 <legend><?php _e('Show Comments That Contain...') ?></legend> 33 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />33 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 34 34 <input type="submit" name="submit" value="<?php _e('Search') ?>" /> 35 35 <input type="hidden" name="mode" value="<?php echo $mode; ?>" /> -
branches/2.0/wp-admin/edit-form-advanced.php
r4632 r4656 212 212 <input name="referredby" type="hidden" id="referredby" value="<?php 213 213 if ( !empty($_REQUEST['popupurl']) ) 214 echo wp_specialchars($_REQUEST['popupurl']);215 else if ( url_to_postid( wp_get_referer()) == $post_ID )214 echo attribute_escape(stripslashes($_REQUEST['popupurl'])); 215 else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID ) 216 216 echo 'redo'; 217 217 else 218 echo wp_specialchars(wp_get_referer());218 echo attribute_escape(stripslashes(wp_get_referer())); 219 219 ?>" /></p> 220 220 -
branches/2.0/wp-admin/edit-link-form.php
r3977 r4656 231 231 <input type="hidden" name="action" value="editlink" /> 232 232 <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" /> 233 <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />233 <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" /> 234 234 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> 235 235 <?php else: ?> -
branches/2.0/wp-admin/edit-page-form.php
r4242 r4656 15 15 } 16 16 17 $sendto = wp_get_referer();17 $sendto = attribute_escape(wp_get_referer()); 18 18 19 19 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) 20 20 $sendto = 'redo'; 21 $sendto = wp_specialchars( $sendto );22 21 23 22 ?> -
branches/2.0/wp-admin/edit-pages.php
r3906 r4656 14 14 <fieldset> 15 15 <legend><?php _e('Search Pages…') ?></legend> 16 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />16 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 17 17 <input type="submit" name="submit" value="<?php _e('Search') ?>" /> 18 18 </fieldset> -
branches/2.0/wp-admin/edit.php
r3805 r4656 80 80 <fieldset> 81 81 <legend><?php _e('Search Posts…') ?></legend> 82 <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" />82 <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 83 83 <input type="submit" name="submit" value="<?php _e('Search') ?>" /> 84 84 </fieldset> -
branches/2.0/wp-admin/inline-uploading.php
r4416 r4656 241 241 $ypadding = (96 - $image['uheight']) / 2; 242 242 $style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n"; 243 $title = wp_specialchars($image['post_title'], ENT_QUOTES);243 $title = attribute_escape($image['post_title']); 244 244 $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">'; 245 245 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">'; … … 261 261 "; 262 262 } else { 263 $title = wp_specialchars($attachment['post_title'], ENT_QUOTES);263 $title = attribute_escape($attachment['post_title']); 264 264 $filename = basename($attachment['guid']); 265 265 $icon = get_attachment_icon($ID); -
branches/2.0/wp-admin/link-categories.php
r4341 r4656 125 125 <tr> 126 126 <th width="33%" scope="row"><?php _e('Name:') ?></th> 127 <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>127 <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td> 128 128 </tr> 129 129 <tr> -
branches/2.0/wp-admin/link-manager.php
r4470 r4656 328 328 <input type="hidden" name="link_id" value="" /> 329 329 <input type="hidden" name="action" value="" /> 330 <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />330 <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" /> 331 331 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> 332 332 <table id="the-list-x" width="100%" cellpadding="3" cellspacing="3"> … … 358 358 if ($links) { 359 359 foreach ($links as $link) { 360 $link->link_name = wp_specialchars($link->link_name);360 $link->link_name = attribute_escape($link->link_name); 361 361 $link->link_category = wp_specialchars($link->link_category); 362 362 $link->link_description = wp_specialchars($link->link_description); 363 $link->link_url = wp_specialchars($link->link_url);363 $link->link_url = attribute_escape($link->link_url); 364 364 $short_url = str_replace('http://', '', $link->link_url); 365 365 $short_url = str_replace('www.', '', $short_url); -
branches/2.0/wp-admin/options-misc.php
r4229 r4656 18 18 <tr valign="top"> 19 19 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th> 20 <td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1); ?>" size="40" />20 <td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_settings('upload_path'))); ?>" size="40" /> 21 21 <br /> 22 22 <?php _e('Default is <code>wp-content/uploads</code>'); ?> -
branches/2.0/wp-admin/options-permalink.php
r4229 r4656 149 149 <br /> 150 150 </p> 151 <p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>151 <p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p> 152 152 153 153 <h3><?php _e('Optional'); ?></h3> … … 158 158 <?php endif; ?> 159 159 <p> 160 <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" />160 <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo attribute_escape($category_base); ?>" size="30" /> 161 161 </p> 162 162 <p class="submit"> -
branches/2.0/wp-admin/options.php
r4384 r4656 183 183 </table> 184 184 <?php $options_to_update = implode(',', $options_to_update); ?> 185 <p class="submit"><input type="hidden" name="page_options" value="<?php echo wp_specialchars($options_to_update, true); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>185 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> 186 186 </form> 187 187 </div> -
branches/2.0/wp-admin/post.php
r4470 r4656 82 82 <div id='preview' class='wrap'> 83 83 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit ↑'); ?></a></small></h2> 84 <iframe src="<?php echo wp_specialchars(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>84 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 85 85 </div> 86 86 <?php -
branches/2.0/wp-admin/templates.php
r4416 r4656 112 112 echo '<ol>'; 113 113 foreach ($recents as $recent) : 114 echo "<li><a href='templates.php?file=" . wp_specialchars($recent, true) . "'>" . get_file_description(basename($recent)) . "</a></li>";114 echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . get_file_description(basename($recent)) . "</a></li>"; 115 115 endforeach; 116 116 echo '</ol>'; -
branches/2.0/wp-admin/theme-editor.php
r4269 r4656 102 102 if ($theme_name == $theme) $selected = " selected='selected'"; 103 103 else $selected = ''; 104 $theme_name = wp_specialchars($theme_name, true);104 $theme_name = attribute_escape($theme_name); 105 105 echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>"; 106 106 } -
branches/2.0/wp-admin/upgrade.php
r3923 r4656 68 68 69 69 case 0: 70 $goback = wp_specialchars(wp_get_referer());70 $goback = attribute_escape(stripslashes(wp_get_referer())); 71 71 ?> 72 72 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> … … 87 87 $backto = __get_option('home'); 88 88 else 89 $backto = wp_specialchars( $_GET['backto'] , 1);89 $backto = attribute_escape(stripslashes($_GET['backto'])); 90 90 ?> 91 91 <h2><?php _e('Step 1'); ?></h2> -
branches/2.0/wp-content/themes/classic/comments-popup.php
r3903 r4656 61 61 <label for="author"><?php _e("Name"); ?></label> 62 62 <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 63 <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />63 <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" /> 64 64 </p> 65 65 -
branches/2.0/wp-content/themes/default/comments-popup.php
r3925 r4656 61 61 <label for="author">Name</label> 62 62 <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 63 <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />63 <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" /> 64 64 </p> 65 65 -
branches/2.0/wp-content/themes/default/searchform.php
r3134 r4656 1 1 <form method="get" id="searchform" action="<?php bloginfo('home'); ?>/"> 2 <div><input type="text" value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" />2 <div><input type="text" value="<?php echo attribute_escape($s); ?>" name="s" id="s" /> 3 3 <input type="submit" id="searchsubmit" value="Search" /> 4 4 </div> -
branches/2.0/wp-includes/comment-functions.php
r4300 r4656 316 316 echo ' class="'.$CSSclass.'"'; 317 317 } 318 $title = wp_specialchars(apply_filters('the_title', get_the_title()), true);318 $title = attribute_escape(apply_filters('the_title', get_the_title())); 319 319 echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">'; 320 320 comments_number($zero, $one, $more, $number); … … 898 898 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 899 899 $comment_author = stripslashes($comment_author); 900 $comment_author = wp_specialchars($comment_author, true);900 $comment_author = attribute_escape($comment_author); 901 901 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; 902 902 } … … 905 905 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 906 906 $comment_author_email = stripslashes($comment_author_email); 907 $comment_author_email = wp_specialchars($comment_author_email, true);907 $comment_author_email = attribute_escape($comment_author_email); 908 908 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; 909 909 } … … 912 912 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 913 913 $comment_author_url = stripslashes($comment_author_url); 914 $comment_author_url = wp_specialchars($comment_author_url, true);914 $comment_author_url = attribute_escape($comment_author_url); 915 915 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 916 916 } -
branches/2.0/wp-includes/functions-formatting.php
r4387 r4656 1051 1051 return preg_replace("/\r?\n/", "\\n", addslashes($text)); 1052 1052 } 1053 1054 // Escaping for HTML attributes like 1055 function attribute_escape($text) { 1056 return wp_specialchars($text, true); 1057 } 1058 1053 1059 ?> -
branches/2.0/wp-includes/functions.php
r4581 r4656 350 350 351 351 function form_option($option) { 352 echo wp_specialchars( get_option($option), 1);352 echo attribute_escape( get_option($option)); 353 353 } 354 354 … … 2363 2363 2364 2364 function wp_referer_field() { 2365 $ref = wp_specialchars($_SERVER['REQUEST_URI']);2365 $ref = attribute_escape(stripslashes($_SERVER['REQUEST_URI'])); 2366 2366 echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />'; 2367 2367 if ( wp_get_original_referer() ) { 2368 $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));2368 $original_ref = attribute_escape(stripslashes(wp_get_original_referer())); 2369 2369 echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />'; 2370 2370 } … … 2372 2372 2373 2373 function wp_original_referer_field() { 2374 echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';2374 echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 2375 2375 } 2376 2376 … … 2457 2457 $adminurl = get_settings('siteurl') . '/wp-admin'; 2458 2458 if ( wp_get_referer() ) 2459 $adminurl = wp_get_referer();2459 $adminurl = attribute_escape(stripslashes(wp_get_referer())); 2460 2460 2461 2461 $title = __('WordPress Confirmation'); … … 2469 2469 $v = substr(strstr($a, '='), 1); 2470 2470 $k = substr($a, 0, -(strlen($v)+1)); 2471 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1) . "' />\n";2471 $html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n"; 2472 2472 } 2473 2473 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 2474 2474 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 2475 2475 } else { 2476 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . a dd_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI']) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";2476 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 2477 2477 } 2478 2478 $html .= "</body>\n</html>"; -
branches/2.0/wp-includes/links.php
r3762 r4656 213 213 $the_link = '#'; 214 214 if (!empty($row->link_url)) 215 $the_link = wp_specialchars($row->link_url);215 $the_link = attribute_escape($row->link_url); 216 216 217 217 $rel = $row->link_rel; … … 220 220 } 221 221 222 $desc = wp_specialchars($row->link_description, ENT_QUOTES);223 $name = wp_specialchars($row->link_name, ENT_QUOTES);222 $desc = attribute_escape($row->link_description); 223 $name = attribute_escape($row->link_name); 224 224 $title = $desc; 225 225 -
branches/2.0/wp-includes/template-functions-author.php
r4496 r4656 132 132 global $authordata; 133 133 134 echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(get_the_author())) . '">' . get_the_author() . '</a>';134 echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape(get_the_author())) . '">' . get_the_author() . '</a>'; 135 135 } 136 136 … … 198 198 $link = $name; 199 199 } else { 200 $link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->display_name)) . '">' . $name . '</a>';200 $link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>'; 201 201 202 202 if ( (! empty($feed_image)) || (! empty($feed)) ) { -
branches/2.0/wp-includes/template-functions-category.php
r4280 r4656 324 324 $link = '<a href="'.get_category_link($category->cat_ID).'" '; 325 325 if ( $use_desc_for_title == 0 || empty($category->category_description) ) 326 $link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"';326 $link .= 'title="'. sprintf(__("View all posts filed under %s"), attribute_escape($category->cat_name)) . '"'; 327 327 else 328 $link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category)) . '"';328 $link .= 'title="' . attribute_escape(apply_filters('category_description',$category->category_description,$category)) . '"'; 329 329 $link .= '>'; 330 330 $link .= apply_filters('list_cats', $category->cat_name, $category).'</a>'; -
branches/2.0/wp-includes/template-functions-general.php
r4641 r4656 264 264 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 265 265 $text = wptexturize($text); 266 $title_text = wp_specialchars($text, 1);266 $title_text = attribute_escape($text); 267 267 268 268 if ('link' == $format) -
branches/2.0/wp-includes/template-functions-post.php
r4604 r4656 419 419 foreach ( $page_tree[$parent]['children'] as $page_id ) { 420 420 $cur_page = $page_tree[$page_id]; 421 $title = wp_specialchars($cur_page['title']);421 $title = attribute_escape($cur_page['title']); 422 422 423 423 $css_class = 'page_item'; -
branches/2.0/wp-links-opml.php
r3470 r4656 45 45 } // end if not first time 46 46 ?> 47 <outline type="category" title="<?php echo wp_specialchars($result->cat_name); ?>">47 <outline type="category" title="<?php echo attribute_escape($result->cat_name); ?>"> 48 48 <?php 49 49 $prev_cat_id = $result->link_category; 50 50 } // end if new category 51 51 ?> 52 <outline text="<?php echo wp_specialchars($result->link_name); ?>" type="link" xmlUrl="<?php echo wp_specialchars($result->link_rss); ?>" htmlUrl="<?php echo wp_specialchars($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" />52 <outline text="<?php echo attribute_escape($result->link_name); ?>" type="link" xmlUrl="<?php echo attribute_escape($result->link_rss); ?>" htmlUrl="<?php echo attribute_escape($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" /> 53 53 <?php 54 54 } // end foreach -
branches/2.0/wp-login.php
r4581 r4656 232 232 233 233 <form name="loginform" id="loginform" action="wp-login.php" method="post"> 234 <p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="1" /></label></p>234 <p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="1" /></label></p> 235 235 <p><label><?php _e('Password:') ?><br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label></p> 236 236 <p> … … 239 239 <p class="submit"> 240 240 <input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> »" tabindex="4" /> 241 <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />241 <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" /> 242 242 </p> 243 243 </form> -
branches/2.0/wp-register.php
r3630 r4656 114 114 <form method="post" action="wp-register.php" id="registerform"> 115 115 <p><input type="hidden" name="action" value="register" /> 116 <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>117 <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>116 <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo attribute_escape($user_login); ?>" /><br /></p> 117 <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo attribute_escape($user_email); ?>" /></p> 118 118 <p><?php _e('A password will be emailed to you.') ?></p> 119 119 <p class="submit"><input type="submit" value="<?php _e('Register') ?> »" id="submit" name="submit" /></p> -
trunk/wp-admin/admin-ajax.php
r4583 r4656 14 14 15 15 function wp_ajax_meta_row( $pid, $mid, $key, $value ) { 16 $value = wp_specialchars($value, true);16 $value = attribute_escape($value); 17 17 $key_js = addslashes(wp_specialchars($key, 'double')); 18 $key = wp_specialchars($key, true);18 $key = attribute_escape($key); 19 19 $r .= "<tr id='meta-$mid'><td valign='top'>"; 20 20 $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater('meta','meta-$mid');\",event);' type='text' size='20' value='$key' />"; … … 142 142 $level++; 143 143 } 144 $cat_full_name = wp_specialchars( $cat_full_name, 1);144 $cat_full_name = attribute_escape( $cat_full_name); 145 145 146 146 $x = new WP_Ajax_Response( array( -
trunk/wp-admin/admin-functions.php
r4651 r4656 324 324 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 325 325 $text = funky_javascript_fix( $text); 326 $popupurl = wp_specialchars( $_REQUEST['popupurl']);326 $popupurl = attribute_escape($_REQUEST['popupurl']); 327 327 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 328 328 } … … 381 381 function get_user_to_edit( $user_id ) { 382 382 $user = new WP_User( $user_id ); 383 $user->user_login = wp_specialchars( $user->user_login, 1);384 $user->user_email = wp_specialchars( $user->user_email, 1);385 $user->user_url = wp_specialchars( $user->user_url, 1);386 $user->first_name = wp_specialchars( $user->first_name, 1);387 $user->last_name = wp_specialchars( $user->last_name, 1);388 $user->display_name = wp_specialchars( $user->display_name, 1);389 $user->nickname = wp_specialchars( $user->nickname, 1);390 $user->aim = wp_specialchars( $user->aim, 1);391 $user->yim = wp_specialchars( $user->yim, 1);392 $user->jabber = wp_specialchars( $user->jabber, 1);383 $user->user_login = attribute_escape( $user->user_login); 384 $user->user_email = attribute_escape( $user->user_email); 385 $user->user_url = attribute_escape( $user->user_url); 386 $user->first_name = attribute_escape( $user->first_name); 387 $user->last_name = attribute_escape( $user->last_name); 388 $user->display_name = attribute_escape( $user->display_name); 389 $user->nickname = attribute_escape( $user->nickname); 390 $user->aim = attribute_escape( $user->aim); 391 $user->yim = attribute_escape( $user->yim); 392 $user->jabber = attribute_escape( $user->jabber); 393 393 $user->description = wp_specialchars( $user->description ); 394 394 … … 528 528 $link = get_link( $link_id ); 529 529 530 $link->link_url = wp_specialchars( $link->link_url, 1);531 $link->link_name = wp_specialchars( $link->link_name, 1);532 $link->link_image = wp_specialchars( $link->link_image, 1);533 $link->link_description = wp_specialchars( $link->link_description, 1);530 $link->link_url = attribute_escape( $link->link_url); 531 $link->link_name = attribute_escape( $link->link_name); 532 $link->link_image = attribute_escape( $link->link_image); 533 $link->link_description = attribute_escape( $link->link_description); 534 534 $link->link_notes = wp_specialchars( $link->link_notes ); 535 $link->link_rss = wp_specialchars( $link->link_rss, 1);536 $link->link_rel = wp_specialchars( $link->link_rel, 1);535 $link->link_rss = attribute_escape( $link->link_rss); 536 $link->link_rel = attribute_escape( $link->link_rel); 537 537 $link->post_category = $link->link_category; 538 538 … … 542 542 function get_default_link_to_edit() { 543 543 if ( isset( $_GET['linkurl'] ) ) 544 $link->link_url = wp_specialchars( $_GET['linkurl'], 1);544 $link->link_url = attribute_escape( $_GET['linkurl']); 545 545 else 546 546 $link->link_url = ''; 547 547 548 548 if ( isset( $_GET['name'] ) ) 549 $link->link_name = wp_specialchars( $_GET['name'], 1);549 $link->link_name = attribute_escape( $_GET['name']); 550 550 else 551 551 $link->link_name = ''; … … 832 832 $r .= "</td>\n\t\t<td>"; 833 833 if ( current_user_can( 'edit_user', $user_object->ID ) ) { 834 $edit_link = wp_specialchars( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));834 $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" )); 835 835 $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>"; 836 836 } … … 912 912 913 913 $key_js = js_escape( $entry['meta_key'] ); 914 $entry['meta_key'] = wp_specialchars( $entry['meta_key'], true);915 $entry['meta_value'] = wp_specialchars( $entry['meta_value'], true);914 $entry['meta_key'] = attribute_escape( $entry['meta_key']); 915 $entry['meta_value'] = attribute_escape( $entry['meta_value']); 916 916 $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; 917 917 $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; … … 966 966 967 967 foreach ( $keys as $key ) { 968 $key = wp_specialchars( $key, 1);968 $key = attribute_escape( $key); 969 969 echo "\n\t<option value='$key'>$key</option>"; 970 970 } … … 1993 1993 function wp_remember_old_slug() { 1994 1994 global $post; 1995 $name = wp_specialchars($post->post_name); // just in case1995 $name = attribute_escape($post->post_name); // just in case 1996 1996 if ( strlen($name) ) 1997 1997 echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />'; -
trunk/wp-admin/bookmarklet.php
r4495 r4656 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = wp_specialchars($_REQUEST['popupurl']);40 $popupurl = attribute_escape($_REQUEST['popupurl']); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); -
trunk/wp-admin/edit-category-form.php
r4595 r4656 27 27 <tr> 28 28 <th width="33%" scope="row" valign="top"><label for="cat_name"><?php _e('Category name:') ?></label></th> 29 <td width="67%"><input name="cat_name" id="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /></td>29 <td width="67%"><input name="cat_name" id="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /></td> 30 30 </tr> 31 31 <tr> 32 32 <th scope="row" valign="top"><label for="category_nicename"><?php _e('Category slug:') ?></label></th> 33 <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>33 <td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td> 34 34 </tr> 35 35 <tr> … … 41 41 <tr> 42 42 <th scope="row" valign="top"><label for="category_description"><?php _e('Description: (optional)') ?></label></th> 43 <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description , 1); ?></textarea></td>43 <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td> 44 44 </tr> 45 45 </table> -
trunk/wp-admin/edit-comments.php
r4655 r4656 8 8 require_once('admin-header.php'); 9 9 if (empty($_GET['mode'])) $mode = 'view'; 10 else $mode = wp_specialchars($_GET['mode'], 1);10 else $mode = attribute_escape($_GET['mode']); 11 11 ?> 12 12 … … 43 43 <fieldset> 44 44 <legend><?php _e('Show Comments That Contain...') ?></legend> 45 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />45 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 46 46 <input type="submit" name="submit" value="<?php _e('Search') ?>" /> 47 47 <input type="hidden" name="mode" value="<?php echo $mode; ?>" /> -
trunk/wp-admin/edit-form-advanced.php
r4621 r4656 169 169 <input name="referredby" type="hidden" id="referredby" value="<?php 170 170 if ( !empty($_REQUEST['popupurl']) ) 171 echo wp_specialchars($_REQUEST['popupurl']);171 echo attribute_escape(stripslashes($_REQUEST['popupurl'])); 172 172 else if ( url_to_postid(wp_get_referer()) == $post_ID ) 173 173 echo 'redo'; 174 174 else 175 echo wp_specialchars(wp_get_referer());175 echo attribute_escape(stripslashes(wp_get_referer())); 176 176 ?>" /></p> 177 177 -
trunk/wp-admin/edit-link-form.php
r4495 r4656 248 248 <input type="hidden" name="action" value="save" /> 249 249 <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" /> 250 <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />250 <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" /> 251 251 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> 252 252 <?php else: ?> -
trunk/wp-admin/edit-page-form.php
r4655 r4656 14 14 } 15 15 16 $sendto = wp_get_referer();16 $sendto = attribute_escape(stripslashes(wp_get_referer())); 17 17 18 18 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) 19 19 $sendto = 'redo'; 20 $sendto = wp_specialchars( $sendto );21 22 20 ?> 23 21 -
trunk/wp-admin/edit-pages.php
r4495 r4656 14 14 <fieldset> 15 15 <legend><?php _e('Search Pages…') ?></legend> 16 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />16 <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 17 17 <input type="submit" name="submit" value="<?php _e('Search') ?>" /> 18 18 </fieldset> -
trunk/wp-admin/edit.php
r4615 r4656 77 77 <fieldset> 78 78 <legend><?php _e('Search Posts…') ?></legend> 79 <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" />79 <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 80 80 <input type="submit" name="submit" value="<?php _e('Search') ?>" class="button" /> 81 81 </fieldset> -
trunk/wp-admin/link-manager.php
r4617 r4656 117 117 <input type="hidden" name="link_id" value="" /> 118 118 <input type="hidden" name="action" value="" /> 119 <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />119 <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" /> 120 120 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> 121 121 <table class="widefat"> … … 131 131 <?php 132 132 foreach ($links as $link) { 133 $link->link_name = wp_specialchars($link->link_name);133 $link->link_name = attribute_escape($link->link_name); 134 134 $link->link_description = wp_specialchars($link->link_description); 135 $link->link_url = wp_specialchars($link->link_url);135 $link->link_url = attribute_escape($link->link_url); 136 136 $link->link_category = wp_get_link_cats($link->link_id); 137 137 $short_url = str_replace('http://', '', $link->link_url); -
trunk/wp-admin/options-misc.php
r4495 r4656 19 19 <tr valign="top"> 20 20 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th> 21 <td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_option('upload_path')), 1); ?>" size="40" />21 <td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" size="40" /> 22 22 <br /> 23 23 <?php _e('Default is <code>wp-content/uploads</code>'); ?> -
trunk/wp-admin/options-permalink.php
r4495 r4656 150 150 <br /> 151 151 </p> 152 <p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>152 <p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p> 153 153 154 154 <h3><?php _e('Optional'); ?></h3> … … 159 159 <?php endif; ?> 160 160 <p> 161 <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" />161 <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code" value="<?php echo attribute_escape($category_base); ?>" size="30" /> 162 162 </p> 163 163 <p class="submit"> -
trunk/wp-admin/options.php
r4480 r4656 159 159 </table> 160 160 <?php $options_to_update = implode(',', $options_to_update); ?> 161 <p class="submit"><input type="hidden" name="page_options" value="<?php echo wp_specialchars($options_to_update, true); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>161 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> 162 162 </form> 163 163 </div> -
trunk/wp-admin/page.php
r4612 r4656 58 58 <div id='preview' class='wrap'> 59 59 <h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2> 60 <iframe src="<?php echo wp_specialchars(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>60 <iframe src="<?php echo attribute_escape(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 61 61 </div> 62 62 <?php -
trunk/wp-admin/post.php
r4612 r4656 64 64 <div id='preview' class='wrap'> 65 65 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2> 66 <iframe src="<?php echo wp_specialchars(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>66 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 67 67 </div> 68 68 <?php -
trunk/wp-admin/templates.php
r4495 r4656 99 99 echo '<ol>'; 100 100 foreach ($recents as $recent) : 101 echo "<li><a href='templates.php?file=" . wp_specialchars($recent, true) . "'>" . get_file_description(basename($recent)) . "</a></li>";101 echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . get_file_description(basename($recent)) . "</a></li>"; 102 102 endforeach; 103 103 echo '</ol>'; -
trunk/wp-admin/theme-editor.php
r4495 r4656 89 89 if ($theme_name == $theme) $selected = " selected='selected'"; 90 90 else $selected = ''; 91 $theme_name = wp_specialchars($theme_name, true);91 $theme_name = attribute_escape($theme_name); 92 92 echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>"; 93 93 } -
trunk/wp-admin/upgrade.php
r4495 r4656 29 29 switch($step) { 30 30 case 0: 31 $goback = wp_specialchars(wp_get_referer());31 $goback = attribute_escape(stripslashes(wp_get_referer())); 32 32 ?> 33 33 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> … … 41 41 $backto = __get_option('home'); 42 42 else 43 $backto = wp_specialchars( $_GET['backto'] , 1);43 $backto = attribute_escape(stripslashes($_GET['backto'])); 44 44 ?> 45 45 <h2><?php _e('Step 1'); ?></h2> -
trunk/wp-admin/upload-functions.php
r4628 r4656 8 8 ob_start(); 9 9 the_title(); 10 $post_title = wp_specialchars( ob_get_contents(), 1);10 $post_title = attribute_escape( ob_get_contents()); 11 11 ob_end_clean(); 12 12 $post_content = apply_filters( 'content_edit_pre', $post->post_content ); … … 72 72 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 73 73 echo ' | '; 74 echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'edit' ), 1) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';74 echo '<a href="' . attribute_escape( add_query_arg( 'action', 'edit' )) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; 75 75 echo ' | '; 76 echo '<a href="' . wp_specialchars( remove_query_arg( array('action', 'ID') ), 1) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';76 echo '<a href="' . attribute_escape( remove_query_arg( array('action', 'ID') )) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 77 77 echo ' ]'; ?></span> 78 78 </div> … … 112 112 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 113 113 echo ' | '; 114 echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'view' ), 1) . '">' . __('links') . '</a>';114 echo '<a href="' . attribute_escape( add_query_arg( 'action', 'view' )) . '">' . __('links') . '</a>'; 115 115 echo ' | '; 116 echo '<a href="' . wp_specialchars( remove_query_arg( array('action','ID') ), 1) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';116 echo '<a href="' . attribute_escape( remove_query_arg( array('action','ID') )) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 117 117 echo ' ]'; ?></span> 118 118 </div> -
trunk/wp-admin/upload-js.php
r4613 r4656 73 73 params.ID = ''; 74 74 params.action = ''; 75 h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1); ?></a>";76 } else { 77 h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1) ?></a>";75 h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')); ?></a>"; 76 } else { 77 h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')) ?></a>"; 78 78 } 79 79 h += "<div id='file-title'>" 80 80 if ( !this.currentImage.isImage ) 81 h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>" + this.currentImage.title + "</a></h2>";81 h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>"; 82 82 else 83 83 h += "<h2>" + this.currentImage.title + "</h2>"; 84 84 h += " — <span>"; 85 h += "<a href='#' onclick='return theFileList.editView(" + id + ");'><?php echo wp_specialchars(__('Edit'), 1); ?></a>"85 h += "<a href='#' onclick='return theFileList.editView(" + id + ");'><?php echo attribute_escape(__('Edit')); ?></a>" 86 86 h += "</span>"; 87 87 h += '</div>' 88 88 h += "<div id='upload-file-view' class='alignleft'>"; 89 89 if ( this.currentImage.isImage ) { 90 h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>";90 h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>"; 91 91 h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />"; 92 92 h += "</a>"; … … 98 98 h += "<table>"; 99 99 if ( this.currentImage.thumb ) { 100 h += "<tr><th style='padding-bottom:.5em'><?php echo wp_specialchars(__('Show:'), 1); ?></th><td style='padding-bottom:.5em'>";101 h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo wp_specialchars(__('Thumbnail'), 1); ?></label><br />";102 h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo wp_specialchars(__('Full size'), 1); ?></label>";100 h += "<tr><th style='padding-bottom:.5em'><?php echo attribute_escape(__('Show:')); ?></th><td style='padding-bottom:.5em'>"; 101 h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo attribute_escape(__('Thumbnail')); ?></label><br />"; 102 h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo attribute_escape(__('Full size')); ?></label>"; 103 103 h += "</td></tr>"; 104 104 } 105 105 106 h += "<tr><th><?php echo wp_specialchars(__('Link to:'), 1); ?></th><td>";107 h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo wp_specialchars(__('File'), 1); ?></label><br />";108 h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo wp_specialchars(__('Page'), 1); ?></label><br />";109 h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo wp_specialchars(__('None'), 1); ?></label>";106 h += "<tr><th><?php echo attribute_escape(__('Link to:')); ?></th><td>"; 107 h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo attribute_escape(__('File')); ?></label><br />"; 108 h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo attribute_escape(__('Page')); ?></label><br />"; 109 h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo attribute_escape(__('None')); ?></label>"; 110 110 h += "</td></tr>"; 111 111 112 112 h += "<tr><td colspan='2'><p class='submit'>"; 113 h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo wp_specialchars(__('Send to editor »'), 1); ?>' />";113 h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo attribute_escape(__('Send to editor »')); ?>' />"; 114 114 h += "</p></td></tr></table>"; 115 115 h += "</form>"; … … 135 135 params.ID = ''; 136 136 params.action = ''; 137 h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1); ?></a>";138 } else { 139 h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1); ?></a>";137 h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')); ?></a>"; 138 } else { 139 h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')); ?></a>"; 140 140 } 141 141 h += "<div id='file-title'>" 142 142 if ( !this.currentImage.isImage ) 143 h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>" + this.currentImage.title + "</a></h2>";143 h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>"; 144 144 else 145 145 h += "<h2>" + this.currentImage.title + "</h2>"; 146 146 h += " — <span>"; 147 h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php wp_specialchars(__('Insert'), 1); ?></a>"147 h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php attribute_escape(__('Insert')); ?></a>" 148 148 h += "</span>"; 149 149 h += '</div>' … … 159 159 160 160 h += "<table><col /><col class='widefat' /><tr>" 161 h += "<th scope='row'><label for='url'><?php echo wp_specialchars(__('URL'), 1); ?></label></th>";161 h += "<th scope='row'><label for='url'><?php echo attribute_escape(__('URL')); ?></label></th>"; 162 162 h += "<td><input type='text' id='url' class='readonly' value='" + this.currentImage.srcBase + this.currentImage.src + "' readonly='readonly' /></td>"; 163 163 h += "</tr><tr>"; 164 h += "<th scope='row'><label for='post_title'><?php echo wp_specialchars(__('Title'), 1); ?></label></th>";164 h += "<th scope='row'><label for='post_title'><?php echo attribute_escape(__('Title')); ?></label></th>"; 165 165 h += "<td><input type='text' id='post_title' name='post_title' value='" + this.currentImage.title + "' /></td>"; 166 166 h += "</tr><tr>"; 167 h += "<th scope='row'><label for='post_content'><?php echo wp_specialchars(__('Description'), 1); ?></label></th>";167 h += "<th scope='row'><label for='post_content'><?php echo attribute_escape(__('Description')); ?></label></th>"; 168 168 h += "<td><textarea name='post_content' id='post_content'>" + this.currentImage.description + "</textarea></td>"; 169 h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo wp_specialchars(__('Delete File'), 1); ?>' onclick='theFileList.deleteFile(" + id + ");' />";169 h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo attribute_escape(__('Delete File')); ?>' onclick='theFileList.deleteFile(" + id + ");' />"; 170 170 h += "<input type='hidden' name='from_tab' value='" + this.tab + "' />"; 171 171 h += "<input type='hidden' name='action' id='action-value' value='save' />"; 172 172 h += "<input type='hidden' name='ID' value='" + id + "' />"; 173 173 h += "<input type='hidden' name='_wpnonce' value='" + this.nonce + "' />"; 174 h += "<div class='submit'><input type='submit' value='<?php echo wp_specialchars(__('Save »'), 1); ?>' /></div>";174 h += "<div class='submit'><input type='submit' value='<?php echo attribute_escape(__('Save »')); ?>' /></div>"; 175 175 h += "</td></tr></table></form>"; 176 176 -
trunk/wp-admin/upload.php
r4600 r4656 88 88 if ( isset($tab_array[4]) && is_array($tab_array[4]) ) 89 89 add_query_arg( $tab_array[4], $href ); 90 $_href = wp_specialchars( $href, 1);90 $_href = attribute_escape( $href); 91 91 $page_links = ''; 92 92 $class = 'upload-tab alignleft'; -
trunk/wp-admin/user-edit.php
r4495 r4656 56 56 <p><strong><?php _e('User updated.') ?></strong></p> 57 57 <?php if ( $wp_http_referer ) : ?> 58 <p><a href="<?php echo wp_specialchars($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p>58 <p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p> 59 59 <?php endif; ?> 60 60 </div> -
trunk/wp-admin/users.php
r4583 r4656 13 13 14 14 if ( empty($_POST) ) { 15 $referer = '<input type="hidden" name="wp_http_referer" value="'. wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';15 $referer = '<input type="hidden" name="wp_http_referer" value="'. attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 16 16 } elseif ( isset($_POST['wp_http_referer']) ) { 17 17 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_POST['wp_http_referer'])); 18 $referer = '<input type="hidden" name="wp_http_referer" value="' . wp_specialchars($redirect) . '" />';18 $referer = '<input type="hidden" name="wp_http_referer" value="' . attribute_escape($redirect) . '" />'; 19 19 } else { 20 20 $redirect = 'users.php'; … … 339 339 340 340 <form action="" method="get" name="search" id="search"> 341 <p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term, 1); ?>" /> <input type="submit" value="<?php _e('Search users »'); ?>" class="button" /></p>341 <p><input type="text" name="usersearch" id="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search users »'); ?>" class="button" /></p> 342 342 </form> 343 343 … … 430 430 foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { 431 431 $var = 'new_' . $var; 432 $$var = wp_specialchars(stripslashes($_POST[$formpost]));432 $$var = attribute_escape(stripslashes($_POST[$formpost])); 433 433 } 434 434 unset($name); -
trunk/wp-content/themes/classic/comments-popup.php
r4495 r4656 61 61 <label for="author"><?php _e("Name"); ?></label> 62 62 <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 63 <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />63 <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" /> 64 64 </p> 65 65 -
trunk/wp-content/themes/default/comments-popup.php
r4495 r4656 61 61 <label for="author">Name</label> 62 62 <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> 63 <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />63 <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" /> 64 64 </p> 65 65 -
trunk/wp-includes/author-template.php
r4497 r4656 140 140 global $authordata; 141 141 142 echo '<a href="' . get_author_posts_url($authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(get_the_author())) . '">' . get_the_author() . '</a>';142 echo '<a href="' . get_author_posts_url($authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape(get_the_author())) . '">' . get_the_author() . '</a>'; 143 143 } 144 144 … … 203 203 $link = $name; 204 204 } else { 205 $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->display_name)) . '">' . $name . '</a>';205 $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>'; 206 206 207 207 if ( (! empty($feed_image)) || (! empty($feed)) ) { -
trunk/wp-includes/bookmark-template.php
r4535 r4656 102 102 $rel = ' rel="' . $rel . '"'; 103 103 104 $desc = wp_specialchars($row->link_description, ENT_QUOTES);105 $name = wp_specialchars($row->link_name, ENT_QUOTES);104 $desc = attribute_escape($row->link_description); 105 $name = attribute_escape($row->link_name); 106 106 $title = $desc; 107 107 … … 267 267 $rel = ' rel="' . $rel . '"'; 268 268 269 $desc = wp_specialchars($bookmark->link_description, ENT_QUOTES);270 $name = wp_specialchars($bookmark->link_name, ENT_QUOTES);269 $desc = attribute_escape($bookmark->link_description); 270 $name = attribute_escape($bookmark->link_name); 271 271 $title = $desc; 272 272 -
trunk/wp-includes/classes.php
r4598 r4656 510 510 $css_class .= ' current_page_parent'; 511 511 512 $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($page->post_title, 1) . '">' . $page->post_title . '</a>';512 $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attribute_escape($page->post_title) . '">' . $page->post_title . '</a>'; 513 513 514 514 if ( !empty($show_date) ) { … … 576 576 extract($args); 577 577 578 $cat_name = wp_specialchars( $category->cat_name, 1);578 $cat_name = attribute_escape( $category->cat_name); 579 579 $link = '<a href="' . get_category_link( $category->cat_ID ) . '" '; 580 580 if ( $use_desc_for_title == 0 || empty($category->category_description) ) 581 581 $link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"'; 582 582 else 583 $link .= 'title="' . wp_specialchars( apply_filters( 'category_description', $category->category_description, $category ), 1) . '"';583 $link .= 'title="' . attribute_escape( apply_filters( 'category_description', $category->category_description, $category )) . '"'; 584 584 $link .= '>'; 585 585 $link .= apply_filters( 'list_cats', $category->cat_name, $category ).'</a>'; -
trunk/wp-includes/comment-template.php
r4568 r4656 354 354 echo ' class="'.$CSSclass.'"'; 355 355 } 356 $title = wp_specialchars(apply_filters('the_title', get_the_title()), true);356 $title = attribute_escape(apply_filters('the_title', get_the_title())); 357 357 echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">'; 358 358 comments_number($zero, $one, $more, $number); -
trunk/wp-includes/comment.php
r4631 r4656 156 156 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 157 157 $comment_author = stripslashes($comment_author); 158 $comment_author = wp_specialchars($comment_author, true);158 $comment_author = attribute_escape($comment_author); 159 159 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; 160 160 } … … 163 163 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 164 164 $comment_author_email = stripslashes($comment_author_email); 165 $comment_author_email = wp_specialchars($comment_author_email, true);165 $comment_author_email = attribute_escape($comment_author_email); 166 166 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; 167 167 } … … 170 170 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 171 171 $comment_author_url = stripslashes($comment_author_url); 172 $comment_author_url = wp_specialchars($comment_author_url, true);172 $comment_author_url = attribute_escape($comment_author_url); 173 173 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 174 174 } -
trunk/wp-includes/formatting.php
r4593 r4656 1082 1082 } 1083 1083 1084 // Escaping for HTML attributes like 1085 function attribute_escape($text) { 1086 return wp_specialchars($text, true); 1087 } 1088 1084 1089 function wp_make_link_relative( $link ) { 1085 1090 return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link ); -
trunk/wp-includes/functions.php
r4643 r4656 232 232 233 233 function form_option($option) { 234 echo wp_specialchars( get_option($option), 1);234 echo attribute_escape( get_option($option)); 235 235 } 236 236 … … 915 915 916 916 function wp_referer_field() { 917 $ref = wp_specialchars($_SERVER['REQUEST_URI']);917 $ref = attribute_escape($_SERVER['REQUEST_URI']); 918 918 echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />'; 919 919 if ( wp_get_original_referer() ) { 920 $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));920 $original_ref = attribute_escape(stripslashes(wp_get_original_referer())); 921 921 echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />'; 922 922 } … … 924 924 925 925 function wp_original_referer_field() { 926 echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';926 echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 927 927 } 928 928 … … 1191 1191 $v = substr(strstr($a, '='), 1); 1192 1192 $k = substr($a, 0, -(strlen($v)+1)); 1193 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1) . "' />\n";1193 $html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n"; 1194 1194 } 1195 1195 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; -
trunk/wp-includes/general-template.php
r4636 r4656 280 280 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 281 281 $text = wptexturize($text); 282 $title_text = wp_specialchars($text, 1);282 $title_text = attribute_escape($text); 283 283 284 284 if ('link' == $format) … … 902 902 function the_search_query() { 903 903 global $s; 904 echo wp_specialchars( stripslashes($s), 1);904 echo attribute_escape( stripslashes($s)); 905 905 } 906 906 … … 957 957 if ( $add_args ) 958 958 $link = add_query_arg( $add_args, $link ); 959 $page_links[] = "<a class='prev page-numbers' href='" . wp_specialchars( $link, 1) . "'>$prev_text</a>";959 $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape( $link) . "'>$prev_text</a>"; 960 960 endif; 961 961 for ( $n = 1; $n <= $total; $n++ ) : … … 969 969 if ( $add_args ) 970 970 $link = add_query_arg( $add_args, $link ); 971 $page_links[] = "<a class='page-numbers' href='" . wp_specialchars( $link, 1) . "'>$n</a>";971 $page_links[] = "<a class='page-numbers' href='" . attribute_escape( $link) . "'>$n</a>"; 972 972 $dots = true; 973 973 elseif ( $dots && !$show_all ) : … … 982 982 if ( $add_args ) 983 983 $link = add_query_arg( $add_args, $link ); 984 $page_links[] = "<a class='next page-numbers' href='" . wp_specialchars( $link, 1) . "'>$next_text</a>";984 $page_links[] = "<a class='next page-numbers' href='" . attribute_escape( $link) . "'>$next_text</a>"; 985 985 endif; 986 986 switch ( $type ) : -
trunk/wp-includes/post-template.php
r4612 r4656 335 335 return __('Missing Attachment'); 336 336 337 $post_title = wp_specialchars( $_post->post_title, 1);337 $post_title = attribute_escape( $_post->post_title); 338 338 339 339 if (! empty($_post->guid) ) { … … 421 421 } 422 422 423 $post_title = wp_specialchars( $post->post_title, 1);423 $post_title = attribute_escape( $post->post_title); 424 424 425 425 $icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>"; … … 436 436 $post = & get_post($id); 437 437 438 $innerHTML = wp_specialchars( $post->post_title, 1);438 $innerHTML = attribute_escape( $post->post_title); 439 439 440 440 return apply_filters('attachment_innerHTML', $innerHTML, $post->ID); -
trunk/wp-links-opml.php
r4495 r4656 31 31 foreach ((array) $cats as $cat) { 32 32 ?> 33 <outline type="category" title="<?php echo wp_specialchars($cat->cat_name); ?>">33 <outline type="category" title="<?php echo attribute_escape($cat->cat_name); ?>"> 34 34 <?php 35 35 … … 37 37 foreach ((array) $bookmarks as $bookmark) { 38 38 ?> 39 <outline text="<?php echo wp_specialchars($bookmark->link_name); ?>" type="link" xmlUrl="<?php echo wp_specialchars($bookmark->link_rss); ?>" htmlUrl="<?php echo wp_specialchars($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />39 <outline text="<?php echo attribute_escape($bookmark->link_name); ?>" type="link" xmlUrl="<?php echo attribute_escape($bookmark->link_rss); ?>" htmlUrl="<?php echo attribute_escape($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" /> 40 40 <?php 41 41 -
trunk/wp-login.php
r4652 r4656 139 139 <p> 140 140 <label><?php _e('Username:') ?><br /> 141 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($_POST['user_login']), 1); ?>" size="20" tabindex="10" /></label>141 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label> 142 142 </p> 143 143 <p> 144 144 <label><?php _e('E-mail:') ?><br /> 145 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo wp_specialchars(stripslashes($_POST['user_email']), 1); ?>" size="25" tabindex="20" /></label>145 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_email'])); ?>" size="25" tabindex="20" /></label> 146 146 </p> 147 147 <?php do_action('lostpassword_form'); ?> … … 258 258 <p> 259 259 <label><?php _e('Username:') ?><br /> 260 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="10" /></label>260 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label> 261 261 </p> 262 262 <p> 263 263 <label><?php _e('E-mail:') ?><br /> 264 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo wp_specialchars(stripslashes($user_email), 1); ?>" size="25" tabindex="20" /></label>264 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label> 265 265 </p> 266 266 <?php do_action('register_form'); ?> … … 345 345 <p> 346 346 <label><?php _e('Username:') ?><br /> 347 <input type="text" name="log" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="10" /></label>347 <input type="text" name="log" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label> 348 348 </p> 349 349 <p> … … 355 355 <p class="submit"> 356 356 <input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> »" tabindex="100" /> 357 <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />357 <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" /> 358 358 </p> 359 359 </form>
Note: See TracChangeset
for help on using the changeset viewer.