Make WordPress Core


Ignore:
Timestamp:
05/25/2007 10:33:48 PM (17 years ago)
Author:
markjaquith
Message:

attribute_escape()s and int casts for 2.0.x: see #4333

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-admin/edit-page-form.php

    r4656 r5550  
    1010    $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
    1111} else {
     12    $post_ID = (int) $post_ID;
    1213    $form_action = 'editpost';
    1314    $nonce_action = 'update-post_' . $post_ID;
    1415    $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
    1516}
     17
     18$temp_ID = (int) $temp_ID;
     19$user_ID = (int) $user_ID;
    1620
    1721$sendto = attribute_escape(wp_get_referer());
     
    6165<fieldset id="passworddiv" class="dbx-box">
    6266<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>
    63 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
     67<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div>
    6468</fieldset>
    6569
     
    8690<fieldset id="slugdiv" class="dbx-box">
    8791<h3 class="dbx-handle"><?php _e('Post slug') ?></h3>
    88 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
     92<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div>
    8993</fieldset>
    9094
     
    99103if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
    100104else $selected = '';
     105$o->ID = (int) $o->ID;
     106$o->display_name = wp_specialchars( $o->display_name );
    101107echo "<option value='$o->ID' $selected>$o->display_name</option>";
    102108endforeach;
     
    119125<fieldset id="titlediv">
    120126  <legend><?php _e('Page Title') ?></legend>
    121   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     127  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
    122128</fieldset>
    123129
Note: See TracChangeset for help on using the changeset viewer.