Changeset 5057
- Timestamp:
- 03/17/2007 08:47:29 AM (18 years ago)
- Location:
- branches/2.1
- Files:
-
- 18 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.1/wp-admin/admin-functions.php
r5007 r5057 359 359 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 360 360 $text = funky_javascript_fix( $text); 361 $popupurl = attribute_escape($_REQUEST['popupurl']);361 $popupurl = clean_url($_REQUEST['popupurl']); 362 362 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 363 363 } … … 418 418 $user->user_login = attribute_escape($user->user_login); 419 419 $user->user_email = attribute_escape($user->user_email); 420 $user->user_url = attribute_escape($user->user_url);420 $user->user_url = clean_url($user->user_url); 421 421 $user->first_name = attribute_escape($user->first_name); 422 422 $user->last_name = attribute_escape($user->last_name); … … 563 563 $link = get_link( $link_id ); 564 564 565 $link->link_url = attribute_escape($link->link_url);565 $link->link_url = clean_url($link->link_url); 566 566 $link->link_name = attribute_escape($link->link_name); 567 567 $link->link_image = attribute_escape($link->link_image); 568 568 $link->link_description = attribute_escape($link->link_description); 569 $link->link_rss = attribute_escape($link->link_rss);569 $link->link_rss = clean_url($link->link_rss); 570 570 $link->link_rel = attribute_escape($link->link_rel); 571 571 $link->link_notes = wp_specialchars($link->link_notes); … … 577 577 function get_default_link_to_edit() { 578 578 if ( isset( $_GET['linkurl'] ) ) 579 $link->link_url = attribute_escape( $_GET['linkurl']);579 $link->link_url = clean_url( $_GET['linkurl']); 580 580 else 581 581 $link->link_url = ''; … … 868 868 $r .= "</td>\n\t\t<td>"; 869 869 if ( current_user_can( 'edit_user', $user_object->ID ) ) { 870 $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));870 $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" )); 871 871 $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>"; 872 872 } -
branches/2.1/wp-admin/bookmarklet.php
r4656 r5057 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = attribute_escape($_REQUEST['popupurl']);40 $popupurl = clean_url($_REQUEST['popupurl']); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); -
branches/2.1/wp-admin/edit-comments.php
r5007 r5057 102 102 if ( 1 < $page ) { 103 103 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 104 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";104 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 105 105 } 106 106 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { … … 112 112 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 113 113 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 114 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";114 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 115 115 $in = true; 116 116 elseif ( $in == true ) : … … 123 123 if ( ( $page ) * 20 < $total || -1 == $total ) { 124 124 $args['apage'] = $page + 1; 125 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";125 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 126 126 } 127 127 echo "<p class='pagenav'>$r</p>"; … … 249 249 if ( 1 < $page ) { 250 250 $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1; 251 $r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n";251 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 252 252 } 253 253 if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) { … … 259 259 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 260 260 $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num; 261 $r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";261 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 262 262 $in = true; 263 263 elseif ( $in == true ) : … … 270 270 if ( ( $page ) * 20 < $total || -1 == $total ) { 271 271 $args['apage'] = $page + 1; 272 $r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n";272 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 273 273 } 274 274 echo "<p class='pagenav'>$r</p>"; -
branches/2.1/wp-admin/edit-form-advanced.php
r4760 r5057 169 169 <input name="referredby" type="hidden" id="referredby" value="<?php 170 170 if ( !empty($_REQUEST['popupurl']) ) 171 echo attribute_escape(stripslashes($_REQUEST['popupurl']));171 echo clean_url(stripslashes($_REQUEST['popupurl'])); 172 172 else if ( url_to_postid(wp_get_referer()) == $post_ID ) 173 173 echo 'redo'; 174 174 else 175 echo attribute_escape(stripslashes(wp_get_referer()));175 echo clean_url(stripslashes(wp_get_referer())); 176 176 ?>" /></p> 177 177 -
branches/2.1/wp-admin/edit-page-form.php
r4760 r5057 14 14 } 15 15 16 $sendto = attribute_escape(stripslashes(wp_get_referer()));16 $sendto = clean_url(stripslashes(wp_get_referer())); 17 17 18 18 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) -
branches/2.1/wp-admin/link-manager.php
r4700 r5057 134 134 $link->link_name = attribute_escape($link->link_name); 135 135 $link->link_description = wp_specialchars($link->link_description); 136 $link->link_url = attribute_escape($link->link_url);136 $link->link_url = clean_url($link->link_url); 137 137 $link->link_category = wp_get_link_cats($link->link_id); 138 138 $short_url = str_replace('http://', '', $link->link_url); -
branches/2.1/wp-admin/page.php
r4780 r5057 64 64 <div id='preview' class='wrap'> 65 65 <h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2> 66 <iframe src="<?php echo attribute_escape(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>66 <iframe src="<?php echo clean_url(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 67 67 </div> 68 68 <?php -
branches/2.1/wp-admin/post.php
r4780 r5057 70 70 <div id='preview' class='wrap'> 71 71 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2> 72 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>72 <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 73 73 </div> 74 74 <?php -
branches/2.1/wp-admin/upgrade.php
r4656 r5057 29 29 switch($step) { 30 30 case 0: 31 $goback = attribute_escape(stripslashes(wp_get_referer()));31 $goback = clean_url(stripslashes(wp_get_referer())); 32 32 ?> 33 33 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> … … 41 41 $backto = __get_option('home'); 42 42 else 43 $backto = attribute_escape(stripslashes($_GET['backto']));43 $backto = clean_url(stripslashes($_GET['backto'])); 44 44 ?> 45 45 <h2><?php _e('Step 1'); ?></h2> -
branches/2.1/wp-admin/upload-functions.php
r5007 r5057 36 36 37 37 if ( $href ) 38 $r .= "<a id='file-link-$id' href='" . attribute_escape($href) ."' title='$post_title' class='file-link $class'>\n";38 $r .= "<a id='file-link-$id' href='" . clean_url($href) ."' title='$post_title' class='file-link $class'>\n"; 39 39 if ( $href || $image_src ) 40 40 $r .= "\t\t\t$innerHTML"; … … 84 84 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 85 85 echo ' | '; 86 echo '<a href="' . attribute_escape(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';86 echo '<a href="' . clean_url(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; 87 87 echo ' | '; 88 echo '<a href="' . attribute_escape(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';88 echo '<a href="' . clean_url(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 89 89 echo ' ]'; ?></span> 90 90 </div> … … 124 124 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 125 125 echo ' | '; 126 echo '<a href="' . attribute_escape(add_query_arg('action', 'view')) . '">' . __('links') . '</a>';126 echo '<a href="' . clean_url(add_query_arg('action', 'view')) . '">' . __('links') . '</a>'; 127 127 echo ' | '; 128 echo '<a href="' . attribute_escape(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';128 echo '<a href="' . clean_url(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 129 129 echo ' ]'; ?></span> 130 130 </div> -
branches/2.1/wp-admin/upload.php
r4708 r5057 91 91 if ( isset($tab_array[4]) && is_array($tab_array[4]) ) 92 92 add_query_arg( $tab_array[4], $href ); 93 $_href = attribute_escape( $href);93 $_href = clean_url( $href); 94 94 $page_links = ''; 95 95 $class = 'upload-tab alignleft'; -
branches/2.1/wp-admin/user-edit.php
r4758 r5057 56 56 <p><strong><?php _e('User updated.') ?></strong></p> 57 57 <?php if ( $wp_http_referer ) : ?> 58 <p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p>58 <p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p> 59 59 <?php endif; ?> 60 60 </div> -
branches/2.1/wp-includes/bookmark-template.php
r4800 r5057 97 97 $the_link = '#'; 98 98 if ( !empty($row->link_url) ) 99 $the_link = wp_specialchars($row->link_url);99 $the_link = clean_url($row->link_url); 100 100 $rel = $row->link_rel; 101 101 if ( '' != $rel ) … … 261 261 $the_link = '#'; 262 262 if ( !empty($bookmark->link_url) ) 263 $the_link = wp_specialchars($bookmark->link_url);263 $the_link = clean_url($bookmark->link_url); 264 264 265 265 $rel = $bookmark->link_rel; -
branches/2.1/wp-includes/comment.php
r4705 r5057 170 170 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 171 171 $comment_author_url = stripslashes($comment_author_url); 172 $comment_author_url = attribute_escape($comment_author_url);172 $comment_author_url = clean_url($comment_author_url); 173 173 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 174 174 } -
branches/2.1/wp-includes/functions.php
r5050 r5057 1193 1193 $adminurl = get_option('siteurl') . '/wp-admin'; 1194 1194 if ( wp_get_referer() ) 1195 $adminurl = attribute_escape(wp_get_referer());1195 $adminurl = clean_url(wp_get_referer()); 1196 1196 1197 1197 $title = __('WordPress Confirmation'); … … 1210 1210 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 1211 1211 } else { 1212 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";1212 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 1213 1213 } 1214 1214 $html .= "</body>\n</html>"; -
branches/2.1/wp-includes/general-template.php
r5027 r5057 290 290 $text = wptexturize($text); 291 291 $title_text = attribute_escape($text); 292 $url = clean_url($url); 292 293 293 294 if ('link' == $format) … … 972 973 if ( $add_args ) 973 974 $link = add_query_arg( $add_args, $link ); 974 $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape($link) . "'>$prev_text</a>";975 $page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>"; 975 976 endif; 976 977 for ( $n = 1; $n <= $total; $n++ ) : … … 984 985 if ( $add_args ) 985 986 $link = add_query_arg( $add_args, $link ); 986 $page_links[] = "<a class='page-numbers' href='" . attribute_escape($link) . "'>$n</a>";987 $page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n</a>"; 987 988 $dots = true; 988 989 elseif ( $dots && !$show_all ) : … … 997 998 if ( $add_args ) 998 999 $link = add_query_arg( $add_args, $link ); 999 $page_links[] = "<a class='next page-numbers' href='" . attribute_escape($link) . "'>$next_text</a>";1000 $page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>"; 1000 1001 endif; 1001 1002 switch ( $type ) : -
branches/2.1/wp-includes/link-template.php
r5046 r5057 460 460 461 461 function next_posts($max_page = 0) { 462 echo attribute_escape(get_next_posts_page_link($max_page));462 echo clean_url(get_next_posts_page_link($max_page)); 463 463 } 464 464 … … 490 490 491 491 function previous_posts() { 492 echo attribute_escape(get_previous_posts_page_link());492 echo clean_url(get_previous_posts_page_link()); 493 493 } 494 494 -
branches/2.1/wp-includes/script-loader.php
r5007 r5057 79 79 $ver .= '&' . $this->args[$handle]; 80 80 $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src; 81 $src = attribute_escape(add_query_arg('ver', $ver, $src));81 $src = clean_url(add_query_arg('ver', $ver, $src)); 82 82 echo "<script type='text/javascript' src='$src'></script>\n"; 83 83 }
Note: See TracChangeset
for help on using the changeset viewer.