Make WordPress Core

Changeset 5007


Ignore:
Timestamp:
03/09/2007 04:36:24 AM (18 years ago)
Author:
markjaquith
Message:

Sanitize browser-bound add_query_arg() outputs. fixes #3937

Files:
10 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-admin/admin-functions.php

    r4657 r5007  
    18111811}
    18121812</script>
    1813 <form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
     1813<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo attribute_escape($action) ?>">
    18141814<label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
    18151815<input type="hidden" name="action" value="save" />
  • branches/2.1/wp-admin/admin-functions.php

    r4988 r5007  
    19231923        $bytes = $size * 1024 * 1024 * 1024;
    19241924?>
    1925 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action ?>">
     1925<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
    19261926<p>
    19271927<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
  • branches/2.1/wp-admin/custom-header.php

    r4909 r5007  
    175175<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
    176176
    177 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo add_query_arg('step', 2) ?>" style="margin: auto; width: 50%;">
     177<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
    178178<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
    179179<input type="hidden" name="action" value="save" />
     
    189189<h2><?php _e('Reset Header Image and Color'); ?></h2>
    190190<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
    191 <form method="post" action="<?php echo add_query_arg('step', 1) ?>">
     191<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
    192192<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
    193193</form>
     
    241241<div class="wrap">
    242242
    243 <form method="POST" action="<?php echo add_query_arg('step', 3) ?>">
     243<form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
    244244
    245245<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
  • branches/2.1/wp-admin/edit-comments.php

    r4781 r5007  
    102102if ( 1 < $page ) {
    103103    $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
    104     $r .=  '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
     104    $r .=  '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
    105105}
    106106if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
     
    112112            if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
    113113                $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
    114                 $r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
     114                $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
    115115                $in = true;
    116116            elseif ( $in == true ) :
     
    123123if ( ( $page ) * 20 < $total || -1 == $total ) {
    124124    $args['apage'] = $page + 1;
    125     $r .=  '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
     125    $r .=  '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
    126126}
    127127echo "<p class='pagenav'>$r</p>";
     
    249249if ( 1 < $page ) {
    250250    $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
    251     $r .=  '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
     251    $r .=  '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
    252252}
    253253if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
     
    259259            if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
    260260                $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
    261                 $r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
     261                $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
    262262                $in = true;
    263263            elseif ( $in == true ) :
     
    270270if ( ( $page ) * 20 < $total || -1 == $total ) {
    271271    $args['apage'] = $page + 1;
    272     $r .=  '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
     272    $r .=  '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
    273273}
    274274echo "<p class='pagenav'>$r</p>";
  • branches/2.1/wp-admin/upload-functions.php

    r4767 r5007  
    3636
    3737    if ( $href )
    38         $r .= "<a id='file-link-$id' href='$href' title='$post_title' class='file-link $class'>\n";
     38        $r .= "<a id='file-link-$id' href='" . attribute_escape($href) ."' title='$post_title' class='file-link $class'>\n";
    3939    if ( $href || $image_src )
    4040        $r .= "\t\t\t$innerHTML";
  • branches/2.1/wp-includes/script-loader.php

    r4949 r5007  
    7979                        $ver .= '&amp;' . $this->args[$handle];
    8080                    $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
    81                     $src = add_query_arg('ver', $ver, $src);
     81                    $src = attribute_escape(add_query_arg('ver', $ver, $src));
    8282                    echo "<script type='text/javascript' src='$src'></script>\n";
    8383                }
  • trunk/wp-admin/admin-functions.php

    r4990 r5007  
    19361936        $bytes = $size * 1024 * 1024 * 1024;
    19371937?>
    1938 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action ?>">
     1938<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
    19391939<p>
    19401940<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
  • trunk/wp-admin/custom-header.php

    r4953 r5007  
    175175<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
    176176
    177 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo add_query_arg('step', 2) ?>" style="margin: auto; width: 50%;">
     177<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
    178178<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
    179179<input type="hidden" name="action" value="save" />
     
    189189<h2><?php _e('Reset Header Image and Color'); ?></h2>
    190190<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
    191 <form method="post" action="<?php echo add_query_arg('step', 1) ?>">
     191<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
    192192<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
    193193</form>
     
    241241<div class="wrap">
    242242
    243 <form method="POST" action="<?php echo add_query_arg('step', 3) ?>">
     243<form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
    244244
    245245<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
  • trunk/wp-admin/edit-comments.php

    r4974 r5007  
    102102if ( 1 < $page ) {
    103103    $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
    104     $r .=  '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
     104    $r .=  '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
    105105}
    106106if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
     
    112112            if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
    113113                $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
    114                 $r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
     114                $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
    115115                $in = true;
    116116            elseif ( $in == true ) :
     
    123123if ( ( $page ) * 20 < $total || -1 == $total ) {
    124124    $args['apage'] = $page + 1;
    125     $r .=  '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
     125    $r .=  '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
    126126}
    127127echo "<p class='pagenav'>$r</p>";
     
    249249if ( 1 < $page ) {
    250250    $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
    251     $r .=  '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
     251    $r .=  '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
    252252}
    253253if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
     
    259259            if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
    260260                $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
    261                 $r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
     261                $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
    262262                $in = true;
    263263            elseif ( $in == true ) :
     
    270270if ( ( $page ) * 20 < $total || -1 == $total ) {
    271271    $args['apage'] = $page + 1;
    272     $r .=  '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
     272    $r .=  '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
    273273}
    274274echo "<p class='pagenav'>$r</p>";
  • trunk/wp-includes/script-loader.php

    r4970 r5007  
    151151                    $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
    152152                    $src = add_query_arg('ver', $ver, $src);
    153                     $src = apply_filters( 'script_loader_src', $src );
     153                    $src = attribute_escape(apply_filters( 'script_loader_src', $src ));
    154154                    echo "<script type='text/javascript' src='$src'></script>\n";
    155155                    $this->print_scripts_l10n( $handle );
Note: See TracChangeset for help on using the changeset viewer.