Make WordPress Core

Changeset 49375


Ignore:
Timestamp:
10/29/2020 04:56:34 PM (4 years ago)
Author:
whyisjake
Message:

Coding standards: Modify escaping functions to avoid potential false positives.

Props xknown, zieladam, peterwilsoncc.Y

Location:
branches/5.5/src/wp-admin
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • branches/5.5/src/wp-admin/admin-header.php

    r48955 r49375  
    8383<script type="text/javascript">
    8484addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
    85 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
    86     pagenow = '<?php echo $current_screen->id; ?>',
    87     typenow = '<?php echo $current_screen->post_type; ?>',
    88     adminpage = '<?php echo $admin_body_class; ?>',
    89     thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
    90     decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
     85var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
     86    pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
     87    typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
     88    adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
     89    thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
     90    decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
    9191    isRtl = <?php echo (int) is_rtl(); ?>;
    9292</script>
  • branches/5.5/src/wp-admin/includes/class-custom-image-header.php

    r48110 r49375  
    344344<script type="text/javascript">
    345345(function($){
    346     var default_color = '<?php echo $default_color; ?>',
     346    var default_color = '<?php echo esc_js( $default_color ); ?>',
    347347        header_text_fields;
    348348
  • branches/5.5/src/wp-admin/includes/media.php

    r48586 r49375  
    531531    <script type="text/javascript">
    532532    addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
    533     var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
     533    var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
    534534    isRtl = <?php echo (int) is_rtl(); ?>;
    535535    </script>
  • branches/5.5/src/wp-admin/includes/ms.php

    r48508 r49375  
    843843    ?>
    844844<script type="text/javascript">
    845 var tb_pathToImage = "<?php echo includes_url( 'js/thickbox/loadingAnimation.gif', 'relative' ); ?>";
     845var tb_pathToImage = "<?php echo esc_js( includes_url( 'js/thickbox/loadingAnimation.gif', 'relative' ) ); ?>";
    846846</script>
    847847    <?php
  • branches/5.5/src/wp-admin/includes/template.php

    r48915 r49375  
    20192019addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
    20202020function tb_close(){var win=window.dialogArguments||opener||parent||top;win.tb_remove();}
    2021 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
    2022     pagenow = '<?php echo $current_screen->id; ?>',
    2023     typenow = '<?php echo $current_screen->post_type; ?>',
    2024     adminpage = '<?php echo $admin_body_class; ?>',
    2025     thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
    2026     decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
     2021var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
     2022    pagenow = '<?php echo esc_js( $current_screen->id ); ?>',
     2023    typenow = '<?php echo esc_js( $current_screen->post_type ); ?>',
     2024    adminpage = '<?php echo esc_js( $admin_body_class ); ?>',
     2025    thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>',
     2026    decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>',
    20272027    isRtl = <?php echo (int) is_rtl(); ?>;
    20282028</script>
  • branches/5.5/src/wp-admin/media-new.php

    r47198 r49375  
    7878
    7979    <script type="text/javascript">
    80     var post_id = <?php echo $post_id; ?>, shortform = 3;
     80    var post_id = <?php echo absint( $post_id ); ?>, shortform = 3;
    8181    </script>
    82     <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
     82    <input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" />
    8383    <?php wp_nonce_field( 'media-form' ); ?>
    8484    <div id="media-items" class="hide-if-no-js"></div>
  • branches/5.5/src/wp-admin/network/site-users.php

    r47855 r49375  
    221221
    222222<script type="text/javascript">
    223 var current_site_id = <?php echo $id; ?>;
     223var current_site_id = <?php echo absint( $id ); ?>;
    224224</script>
    225225
Note: See TracChangeset for help on using the changeset viewer.