Context Navigation

← Previous Change
Next Change →

edit-page-form.php

Timestamp:

05/25/2007 10:33:48 PM (16 years ago)

Author:

markjaquith

Message:

attribute_escape()s and int casts for 2.0.x: see #4333

File:

: 1 edited

branches/2.0/wp-admin/edit-page-form.php (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/2.0/wp-admin/edit-page-form.php

-                      r4656
+                      r5550
     $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
+    $post_ID = (int) $post_ID;
     $form_action = 'editpost';
     $nonce_action = 'update-post_' . $post_ID;
     $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
+}
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
 $sendto = attribute_escape(wp_get_referer());
 …
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>
 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div>
 </fieldset>
 …
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3>
 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div>
 </fieldset>
 …
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
 endforeach;
 …
 <fieldset id="titlediv">
   <legend><?php _e('Page Title') ?></legend>
   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 5550 for branches/2.0/wp-admin/edit-page-form.php

Legend:

branches/2.0/wp-admin/edit-page-form.php

Download in other formats: