WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/29/2007 04:37:35 AM (14 years ago)
Author:
markjaquith
Message:

Int casting and misc escaping for 2.2 Props g30rg3x. fixes #4333 for 2.2

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.2/wp-admin/edit-page-form.php

    r5159 r5589  
    33<h2 id="write-post"><?php _e('Write Page'); ?></h2>
    44<?php
     5
    56if (0 == $post_ID) {
    67    $form_action = 'post';
     
    910    $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
    1011} else {
     12    $post_ID = (int) $post_ID;
    1113    $form_action = 'editpost';
    1214    $nonce_action = 'update-page_' . $post_ID;
    1315    $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
    1416}
     17
     18$temp_ID = (int) $temp_ID;
     19$user_ID = (int) $user_ID;
    1520
    1621$sendto = clean_url(stripslashes(wp_get_referer()));
     
    6974<fieldset id="passworddiv" class="dbx-box">
    7075<h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
    71 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
     76<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
    7277</fieldset>
    7378
     
    9499<fieldset id="slugdiv" class="dbx-box">
    95100<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
    96 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
     101<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
    97102</fieldset>
    98103
     
    107112if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
    108113else $selected = '';
     114$o->ID = (int) $o->ID;
     115$o->display_name = wp_specialchars( $o->display_name );
    109116echo "<option value='$o->ID' $selected>$o->display_name</option>";
    110117endforeach;
     
    127134<fieldset id="titlediv">
    128135  <legend><?php _e('Page Title') ?></legend>
    129   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
     136  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
    130137</fieldset>
    131138
Note: See TracChangeset for help on using the changeset viewer.