Changeset 5550
- Timestamp:
- 05/25/2007 10:33:48 PM (18 years ago)
- Location:
- branches/2.0/wp-admin
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/wp-admin/admin-functions.php
r5406 r5550 320 320 $comment = get_comment($id); 321 321 322 $comment->comment_ID = (int) $comment->comment_ID; 323 $comment->comment_post_ID = (int) $comment->comment_post_ID; 324 322 325 $comment->comment_content = format_to_edit($comment->comment_content, $richedit); 323 326 $comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content); 327 $comment->comment_content = apply_filters( 'comment_text', $comment->comment_content ); 324 328 325 329 $comment->comment_author = format_to_edit($comment->comment_author); 326 330 $comment->comment_author_email = format_to_edit($comment->comment_author_email); 331 $comment->comment_author_url = clean_url($comment->comment_author_url); 327 332 $comment->comment_author_url = format_to_edit($comment->comment_author_url); 328 333 … … 863 868 $entry['meta_key'] = attribute_escape( $entry['meta_key']); 864 869 $entry['meta_value'] = attribute_escape( $entry['meta_value']); 870 $entry['meta_id'] = (int) $entry['meta_id']; 865 871 echo " 866 872 <tr class='$style'> -
branches/2.0/wp-admin/edit-form-advanced.php
r4843 r5550 1 1 <?php 2 if ( isset($_GET['message']) ) 3 $_GET['message'] = (int) $_GET['message']; 2 4 $messages[1] = __('Post updated'); 3 5 $messages[2] = __('Custom field updated'); … … 5 7 ?> 6 8 <?php if (isset($_GET['message'])) : ?> 7 <div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>9 <div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div> 8 10 <?php endif; ?> 9 11 … … 25 27 wp_nonce_field('add-post'); 26 28 } else { 29 $post_ID = (int) $post_ID; 27 30 $form_action = 'editpost'; 28 31 $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />"; … … 30 33 } 31 34 32 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';33 34 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';35 36 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';35 $form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />'; 36 37 $form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />'; 38 39 $form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />'; 37 40 38 41 if ('' != $post->pinged) { … … 45 48 } 46 49 47 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';50 $saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape(__('Save and Continue Editing')) . '" />'; 48 51 49 52 if (empty($post->post_status)) $post->post_status = 'draft'; … … 51 54 ?> 52 55 53 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />56 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 54 57 <input type="hidden" name="action" value="<?php echo $form_action ?>" /> 55 <input type="hidden" name="post_author" value="<?php echo $post->post_author?>" />58 <input type="hidden" name="post_author" value="<?php echo attribute_escape($post->post_author) ?>" /> 56 59 57 60 <?php echo $form_extra ?> … … 83 86 <fieldset id="passworddiv" class="dbx-box"> 84 87 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 85 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password?>" /></div>88 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password) ?>" /></div> 86 89 </fieldset> 87 90 88 91 <fieldset id="slugdiv" class="dbx-box"> 89 92 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 90 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name?>" /></div>93 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name) ?>" /></div> 91 94 </fieldset> 92 95 … … 124 127 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 125 128 else $selected = ''; 126 echo "<option value=' $o->ID' $selected>$o->display_name</option>";129 echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars($o->display_name) . "</option>"; 127 130 endforeach; 128 131 ?> … … 139 142 <fieldset id="titlediv"> 140 143 <legend><?php _e('Title') ?></legend> 141 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>144 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div> 142 145 </fieldset> 143 146 … … 222 225 <?php 223 226 if (current_user_can('upload_files')) { 224 $uploading_iframe_ID = ( 0 == $post_ID ? $temp_ID : $post_ID);227 $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID); 225 228 $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading'); 226 229 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); -
branches/2.0/wp-admin/edit-form-comment.php
r3923 r5550 9 9 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> 10 10 <div class="wrap"> 11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />11 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 12 12 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' /> 13 13 … … 21 21 <legend><?php _e('Name:') ?></legend> 22 22 <div> 23 <input type="text" name="newcomment_author" size="22" value="<?php echo $comment->comment_author?>" tabindex="1" id="name" />23 <input type="text" name="newcomment_author" size="22" value="<?php echo attribute_escape($comment->comment_author); ?>" tabindex="1" id="name" /> 24 24 </div> 25 25 </fieldset> … … 27 27 <legend><?php _e('E-mail:') ?></legend> 28 28 <div> 29 <input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email?>" tabindex="2" id="email" />29 <input type="text" name="newcomment_author_email" size="30" value="<?php echo attribute_escape($comment->comment_author_email); ?>" tabindex="2" id="email" /> 30 30 </div> 31 31 </fieldset> … … 33 33 <legend><?php _e('URI:') ?></legend> 34 34 <div> 35 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url?>" tabindex="3" id="URL" />35 <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape($comment->comment_author_url); ?>" tabindex="3" id="URL" /> 36 36 </div> 37 37 </fieldset> -
branches/2.0/wp-admin/edit-form.php
r3943 r5550 7 7 <input type="hidden" name="mode" value="bookmarklet" /> 8 8 <?php endif; ?> 9 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />9 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 10 10 <input type="hidden" name="action" value='post' /> 11 11 … … 22 22 <fieldset id="titlediv"> 23 23 <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 24 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>24 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div> 25 25 </fieldset> 26 26 … … 50 50 </script> 51 51 52 <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />52 <input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" /> 53 53 54 54 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Identifier">URI</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Identifier">URI</abbr>s with spaces.)<br />'), 'http://wordpress.org/docs/reference/post/#trackback') ?> … … 65 65 echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' . __('Advanced Editing »') . '" />'; 66 66 } ?> 67 <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />67 <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" /> 68 68 </p> 69 69 -
branches/2.0/wp-admin/edit-page-form.php
r4656 r5550 10 10 $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />"; 11 11 } else { 12 $post_ID = (int) $post_ID; 12 13 $form_action = 'editpost'; 13 14 $nonce_action = 'update-post_' . $post_ID; 14 15 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 15 16 } 17 18 $temp_ID = (int) $temp_ID; 19 $user_ID = (int) $user_ID; 16 20 17 21 $sendto = attribute_escape(wp_get_referer()); … … 61 65 <fieldset id="passworddiv" class="dbx-box"> 62 66 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 63 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password?>" /></div>67 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div> 64 68 </fieldset> 65 69 … … 86 90 <fieldset id="slugdiv" class="dbx-box"> 87 91 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 88 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name?>" /></div>92 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div> 89 93 </fieldset> 90 94 … … 99 103 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; 100 104 else $selected = ''; 105 $o->ID = (int) $o->ID; 106 $o->display_name = wp_specialchars( $o->display_name ); 101 107 echo "<option value='$o->ID' $selected>$o->display_name</option>"; 102 108 endforeach; … … 119 125 <fieldset id="titlediv"> 120 126 <legend><?php _e('Page Title') ?></legend> 121 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>127 <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div> 122 128 </fieldset> 123 129 -
branches/2.0/wp-admin/post.php
r5058 r5550 195 195 $p = (int) $_GET['p']; 196 196 197 if ( ! $comment = get_comment ($comment) )197 if ( ! $comment = get_comment_to_edit($comment) ) 198 198 die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php')); 199 199
Note: See TracChangeset
for help on using the changeset viewer.