WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
12/21/2006 10:10:04 AM (19 years ago)
Author:
markjaquith
Message:

new function for escaping within attributes: attribute_escape()

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/admin-functions.php

    r4651 r4656  
    324324        $text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
    325325        $text       = funky_javascript_fix( $text);
    326         $popupurl   = wp_specialchars( $_REQUEST['popupurl'] );
     326        $popupurl   = attribute_escape($_REQUEST['popupurl']);
    327327        $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
    328328    }
     
    381381function get_user_to_edit( $user_id ) {
    382382    $user = new WP_User( $user_id );
    383     $user->user_login = wp_specialchars( $user->user_login, 1 );
    384     $user->user_email = wp_specialchars( $user->user_email, 1 );
    385     $user->user_url = wp_specialchars( $user->user_url, 1 );
    386     $user->first_name = wp_specialchars( $user->first_name, 1 );
    387     $user->last_name = wp_specialchars( $user->last_name, 1 );
    388     $user->display_name = wp_specialchars( $user->display_name, 1 );
    389     $user->nickname = wp_specialchars( $user->nickname, 1 );
    390     $user->aim = wp_specialchars( $user->aim, 1 );
    391     $user->yim = wp_specialchars( $user->yim, 1 );
    392     $user->jabber = wp_specialchars( $user->jabber, 1 );
     383    $user->user_login = attribute_escape( $user->user_login);
     384    $user->user_email = attribute_escape( $user->user_email);
     385    $user->user_url = attribute_escape( $user->user_url);
     386    $user->first_name = attribute_escape( $user->first_name);
     387    $user->last_name = attribute_escape( $user->last_name);
     388    $user->display_name = attribute_escape( $user->display_name);
     389    $user->nickname = attribute_escape( $user->nickname);
     390    $user->aim = attribute_escape( $user->aim);
     391    $user->yim = attribute_escape( $user->yim);
     392    $user->jabber = attribute_escape( $user->jabber);
    393393    $user->description = wp_specialchars( $user->description );
    394394
     
    528528    $link = get_link( $link_id );
    529529
    530     $link->link_url = wp_specialchars( $link->link_url, 1 );
    531     $link->link_name = wp_specialchars( $link->link_name, 1 );
    532     $link->link_image = wp_specialchars( $link->link_image, 1 );
    533     $link->link_description = wp_specialchars( $link->link_description, 1 );
     530    $link->link_url = attribute_escape( $link->link_url);
     531    $link->link_name = attribute_escape( $link->link_name);
     532    $link->link_image = attribute_escape( $link->link_image);
     533    $link->link_description = attribute_escape( $link->link_description);
    534534    $link->link_notes = wp_specialchars( $link->link_notes );
    535     $link->link_rss = wp_specialchars( $link->link_rss, 1 );
    536     $link->link_rel = wp_specialchars( $link->link_rel, 1 );
     535    $link->link_rss = attribute_escape( $link->link_rss);
     536    $link->link_rel = attribute_escape( $link->link_rel);
    537537    $link->post_category = $link->link_category;
    538538
     
    542542function get_default_link_to_edit() {
    543543    if ( isset( $_GET['linkurl'] ) )
    544         $link->link_url = wp_specialchars( $_GET['linkurl'], 1 );
     544        $link->link_url = attribute_escape( $_GET['linkurl']);
    545545    else
    546546        $link->link_url = '';
    547547
    548548    if ( isset( $_GET['name'] ) )
    549         $link->link_name = wp_specialchars( $_GET['name'], 1 );
     549        $link->link_name = attribute_escape( $_GET['name']);
    550550    else
    551551        $link->link_name = '';
     
    832832    $r .= "</td>\n\t\t<td>";
    833833    if ( current_user_can( 'edit_user', $user_object->ID ) ) {
    834         $edit_link = wp_specialchars( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) );
     834        $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
    835835        $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
    836836    }
     
    912912
    913913        $key_js = js_escape( $entry['meta_key'] );
    914         $entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
    915         $entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
     914        $entry['meta_key'] = attribute_escape( $entry['meta_key']);
     915        $entry['meta_value'] = attribute_escape( $entry['meta_value']);
    916916        $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
    917917        $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
     
    966966
    967967    foreach ( $keys as $key ) {
    968         $key = wp_specialchars( $key, 1 );
     968        $key = attribute_escape( $key);
    969969        echo "\n\t<option value='$key'>$key</option>";
    970970    }
     
    19931993function wp_remember_old_slug() {
    19941994    global $post;
    1995     $name = wp_specialchars($post->post_name); // just in case
     1995    $name = attribute_escape($post->post_name); // just in case
    19961996    if ( strlen($name) )
    19971997        echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
Note: See TracChangeset for help on using the changeset viewer.