Changeset 4657
- Timestamp:
- 12/21/2006 10:45:58 AM (18 years ago)
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/wp-admin/admin-functions.php
r4656 r4657 338 338 function get_user_to_edit($user_id) { 339 339 $user = new WP_User($user_id); 340 $user->user_login = attribute_escape($user->user_login);341 $user->user_email = attribute_escape($user->user_email);342 $user->user_url = attribute_escape($user->user_url);343 $user->first_name = attribute_escape($user->first_name);344 $user->last_name = attribute_escape($user->last_name);340 $user->user_login = attribute_escape($user->user_login); 341 $user->user_email = attribute_escape($user->user_email); 342 $user->user_url = attribute_escape($user->user_url); 343 $user->first_name = attribute_escape($user->first_name); 344 $user->last_name = attribute_escape($user->last_name); 345 345 $user->display_name = attribute_escape($user->display_name); 346 $user->nickname = attribute_escape($user->nickname);347 $user->aim = attribute_escape($user->aim);348 $user->yim = attribute_escape($user->yim);349 $user->jabber = attribute_escape($user->jabber);350 $user->description =wp_specialchars($user->description);346 $user->nickname = attribute_escape($user->nickname); 347 $user->aim = attribute_escape($user->aim); 348 $user->yim = attribute_escape($user->yim); 349 $user->jabber = attribute_escape($user->jabber); 350 $user->description = wp_specialchars($user->description); 351 351 352 352 return $user; … … 468 468 $link = get_link($link_id); 469 469 470 $link->link_url = attribute_escape($link->link_url);471 $link->link_name = attribute_escape($link->link_name);472 $link->link_image = attribute_escape($link->link_image);470 $link->link_url = attribute_escape($link->link_url); 471 $link->link_name = attribute_escape($link->link_name); 472 $link->link_image = attribute_escape($link->link_image); 473 473 $link->link_description = attribute_escape($link->link_description); 474 $link->link_ notes = wp_specialchars($link->link_notes);475 $link->link_r ss = attribute_escape($link->link_rss);476 $link->link_ rel = attribute_escape($link->link_rel);477 $link->post_category = $link->link_category;474 $link->link_rss = attribute_escape($link->link_rss); 475 $link->link_rel = attribute_escape($link->link_rel); 476 $link->link_notes = wp_specialchars($link->link_notes); 477 $link->post_category = $link->link_category; 478 478 479 479 return $link; -
branches/2.0/wp-includes/functions-formatting.php
r4656 r4657 1052 1052 } 1053 1053 1054 // Escaping for HTML attributes like1054 // Escaping for HTML attributes 1055 1055 function attribute_escape($text) { 1056 1056 return wp_specialchars($text, true); -
trunk/wp-admin/admin-ajax.php
r4656 r4657 142 142 $level++; 143 143 } 144 $cat_full_name = attribute_escape( 144 $cat_full_name = attribute_escape($cat_full_name); 145 145 146 146 $x = new WP_Ajax_Response( array( -
trunk/wp-admin/admin-functions.php
r4656 r4657 381 381 function get_user_to_edit( $user_id ) { 382 382 $user = new WP_User( $user_id ); 383 $user->user_login = attribute_escape($user->user_login);384 $user->user_email = attribute_escape($user->user_email);385 $user->user_url = attribute_escape($user->user_url);386 $user->first_name = attribute_escape($user->first_name);387 $user->last_name = attribute_escape($user->last_name);388 $user->display_name = attribute_escape( 389 $user->nickname = attribute_escape($user->nickname);390 $user->aim = attribute_escape($user->aim);391 $user->yim = attribute_escape($user->yim);392 $user->jabber = attribute_escape($user->jabber);393 $user->description = wp_specialchars( $user->description);383 $user->user_login = attribute_escape($user->user_login); 384 $user->user_email = attribute_escape($user->user_email); 385 $user->user_url = attribute_escape($user->user_url); 386 $user->first_name = attribute_escape($user->first_name); 387 $user->last_name = attribute_escape($user->last_name); 388 $user->display_name = attribute_escape($user->display_name); 389 $user->nickname = attribute_escape($user->nickname); 390 $user->aim = attribute_escape($user->aim); 391 $user->yim = attribute_escape($user->yim); 392 $user->jabber = attribute_escape($user->jabber); 393 $user->description = wp_specialchars($user->description); 394 394 395 395 return $user; … … 528 528 $link = get_link( $link_id ); 529 529 530 $link->link_url = attribute_escape($link->link_url);531 $link->link_name = attribute_escape($link->link_name);532 $link->link_image = attribute_escape($link->link_image);533 $link->link_description = attribute_escape( 534 $link->link_ notes = wp_specialchars( $link->link_notes);535 $link->link_r ss = attribute_escape( $link->link_rss);536 $link->link_ rel = attribute_escape( $link->link_rel);537 $link->post_category = $link->link_category;530 $link->link_url = attribute_escape($link->link_url); 531 $link->link_name = attribute_escape($link->link_name); 532 $link->link_image = attribute_escape($link->link_image); 533 $link->link_description = attribute_escape($link->link_description); 534 $link->link_rss = attribute_escape($link->link_rss); 535 $link->link_rel = attribute_escape($link->link_rel); 536 $link->link_notes = wp_specialchars($link->link_notes); 537 $link->post_category = $link->link_category; 538 538 539 539 return $link; … … 912 912 913 913 $key_js = js_escape( $entry['meta_key'] ); 914 $entry['meta_key'] = attribute_escape($entry['meta_key']);915 $entry['meta_value'] = attribute_escape( 914 $entry['meta_key'] = attribute_escape($entry['meta_key']); 915 $entry['meta_value'] = attribute_escape($entry['meta_value']); 916 916 $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; 917 917 $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; -
trunk/wp-admin/upload-functions.php
r4656 r4657 8 8 ob_start(); 9 9 the_title(); 10 $post_title = attribute_escape( 10 $post_title = attribute_escape(ob_get_contents()); 11 11 ob_end_clean(); 12 12 $post_content = apply_filters( 'content_edit_pre', $post->post_content ); … … 72 72 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 73 73 echo ' | '; 74 echo '<a href="' . attribute_escape( add_query_arg( 'action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';74 echo '<a href="' . attribute_escape(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; 75 75 echo ' | '; 76 echo '<a href="' . attribute_escape( remove_query_arg( array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';76 echo '<a href="' . attribute_escape(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 77 77 echo ' ]'; ?></span> 78 78 </div> … … 112 112 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 113 113 echo ' | '; 114 echo '<a href="' . attribute_escape( add_query_arg( 'action', 'view')) . '">' . __('links') . '</a>';114 echo '<a href="' . attribute_escape(add_query_arg('action', 'view')) . '">' . __('links') . '</a>'; 115 115 echo ' | '; 116 echo '<a href="' . attribute_escape( remove_query_arg( array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';116 echo '<a href="' . attribute_escape(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 117 117 echo ' ]'; ?></span> 118 118 </div> -
trunk/wp-includes/formatting.php
r4656 r4657 1082 1082 } 1083 1083 1084 // Escaping for HTML attributes like1084 // Escaping for HTML attributes 1085 1085 function attribute_escape($text) { 1086 1086 return wp_specialchars($text, true); -
trunk/wp-includes/functions.php
r4656 r4657 232 232 233 233 function form_option($option) { 234 echo attribute_escape( 234 echo attribute_escape(get_option($option)); 235 235 } 236 236 … … 1191 1191 $v = substr(strstr($a, '='), 1); 1192 1192 $k = substr($a, 0, -(strlen($v)+1)); 1193 $html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape(urldecode($v)) . "' />\n";1193 $html .= "\t\t<input type='hidden' name='" . attribute_escape(urldecode($k)) . "' value='" . attribute_escape(urldecode($v)) . "' />\n"; 1194 1194 } 1195 1195 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; -
trunk/wp-includes/general-template.php
r4656 r4657 902 902 function the_search_query() { 903 903 global $s; 904 echo attribute_escape( 904 echo attribute_escape(stripslashes($s)); 905 905 } 906 906 … … 957 957 if ( $add_args ) 958 958 $link = add_query_arg( $add_args, $link ); 959 $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape( 959 $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape($link) . "'>$prev_text</a>"; 960 960 endif; 961 961 for ( $n = 1; $n <= $total; $n++ ) : … … 969 969 if ( $add_args ) 970 970 $link = add_query_arg( $add_args, $link ); 971 $page_links[] = "<a class='page-numbers' href='" . attribute_escape( 971 $page_links[] = "<a class='page-numbers' href='" . attribute_escape($link) . "'>$n</a>"; 972 972 $dots = true; 973 973 elseif ( $dots && !$show_all ) : … … 982 982 if ( $add_args ) 983 983 $link = add_query_arg( $add_args, $link ); 984 $page_links[] = "<a class='next page-numbers' href='" . attribute_escape( 984 $page_links[] = "<a class='next page-numbers' href='" . attribute_escape($link) . "'>$next_text</a>"; 985 985 endif; 986 986 switch ( $type ) : -
trunk/wp-includes/post-template.php
r4656 r4657 335 335 return __('Missing Attachment'); 336 336 337 $post_title = attribute_escape( 337 $post_title = attribute_escape($_post->post_title); 338 338 339 339 if (! empty($_post->guid) ) { … … 421 421 } 422 422 423 $post_title = attribute_escape( 423 $post_title = attribute_escape($post->post_title); 424 424 425 425 $icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>"; … … 436 436 $post = & get_post($id); 437 437 438 $innerHTML = attribute_escape( 438 $innerHTML = attribute_escape($post->post_title); 439 439 440 440 return apply_filters('attachment_innerHTML', $innerHTML, $post->ID);
Note: See TracChangeset
for help on using the changeset viewer.