WordPress.org

Make WordPress Core

Changeset 7945


Ignore:
Timestamp:
05/16/2008 11:20:56 PM (13 years ago)
Author:
ryan
Message:

Some escaping. see #6813

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/press-this.php

    r7934 r7945  
    169169
    170170// Clean up the data being passed in
    171 $title = stripslashes($_GET['t']);
     171$title = wp_specialchars(stripslashes($_GET['t']));
     172$selection = wp_specialchars(stripslashes($_GET['s']));
     173$url = clean_url($_GET['u']);
    172174
    173175if ( empty($_GET['tab']) ) {
     
    286288            jQuery(document).ready(function() {
    287289                var img, img_tag, aspect, w, h, skip, i, strtoappend = "";
    288                 var my_src = [<?php echo get_images_from_uri(clean_url($_GET['u'])); ?>];
     290                var my_src = [<?php echo get_images_from_uri($url); ?>];
    289291
    290292                for (i = 0; i < my_src.length; i++) {
     
    332334                    <h2><?php _e('Caption') ?></h2>
    333335                    <div class="editor-container">
    334                         <textarea name="content" id="photo_post_two" style="height:130px;width:100%;" class="mceEditor"><?php echo stripslashes($_GET['s']);?>
    335                         <br>&lt;a href="<?php echo clean_url($_GET['u']);?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
     336                        <textarea name="content" id="photo_post_two" style="height:130px;width:100%;" class="mceEditor"><?php echo $selection;?>
     337                        <br>&lt;a href="<?php echo $url;?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
    336338                    </div>
    337339
     
    354356
    355357                    <h2><?php _e('Link Photo to following URL') ?></h2><?php _e('(leave blank to leave the photo unlinked)') ?>
    356                     <input name="photo_link" id="photo_link" class="text" value="<?php echo attribute_escape($_GET['u']);?>"/>
     358                    <input name="photo_link" id="photo_link" class="text" value="<?php echo attribute_escape($url);?>"/>
    357359
    358360                    <?php tag_div(); ?>
     
    385387                    <h2><?php _e('Post') ?></h2>
    386388                    <div class="editor-container">
    387                         <textarea name="content" id="regular_post_two" style="height:170px;width:100%;" class="mceEditor"><?php echo stripslashes($_GET['s']);?><br>&lt;a href="<?php echo $_GET['u'];?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
     389                        <textarea name="content" id="regular_post_two" style="height:170px;width:100%;" class="mceEditor"><?php echo $selection;?><br>&lt;a href="<?php echo $url;?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
    388390                    </div>       
    389391
     
    416418                    <h2><?php _e('Quote') ?></h2>
    417419                    <div class="editor-container">
    418                         <textarea name="content" id="quote_post_one" style="height:130px;width:100%;" class="mceEditor"><?php echo stripslashes($_GET['s']);?></textarea>
     420                        <textarea name="content" id="quote_post_one" style="height:130px;width:100%;" class="mceEditor"><?php echo $selection;?></textarea>
    419421                    </div>
    420422
    421423                    <h2><?php _e('Source <span class="optional">(optional)</span>') ?></h2>
    422424                    <div class="editor-container">
    423                         <textarea name="content2" id="quote_post_two" style="height:130px;width:100%;" class="mceEditor"><br>&lt;a href="<?php echo clean_url($_GET['u']);?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
     425                        <textarea name="content2" id="quote_post_two" style="height:130px;width:100%;" class="mceEditor"><br>&lt;a href="<?php echo $url;?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
    424426                    </div>
    425427
     
    451453
    452454                    <?php
    453                     if ( preg_match("/youtube\.com\/watch/i", $_GET['u']) ) {
    454                         list($domain, $video_id) = split("v=", $_GET['u']);
     455                    if ( preg_match("/youtube\.com\/watch/i", $url) ) {
     456                        list($domain, $video_id) = split("v=", $url);
    455457                    ?>
    456                     <input type="hidden" name="content" value="<?php echo attribute_escape($_GET['u']); ?>" />
     458                    <input type="hidden" name="content" value="<?php echo attribute_escape($url); ?>" />
    457459                    <img src="http://img.youtube.com/vi/<?php echo $video_id; ?>/default.jpg" align="right" style="border:solid 1px #aaa;" width="130" height="97"/><br clear="all" />
    458460                    <?php } else { ?>
     
    464466
    465467                    <div class="editor-container">
    466                         <textarea name="content2" id="video_post_two" style="height:130px;width:100%;" class="mceEditor"><?php echo stripslashes($_GET['s']);?><br>&lt;a href="<?php echo clean_url($_GET['u']);?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
     468                        <textarea name="content2" id="video_post_two" style="height:130px;width:100%;" class="mceEditor"><?php echo $selection;?><br>&lt;a href="<?php echo $url;?>"&gt;<?php echo $title;?>&lt;/a&gt;</textarea>
    467469                    </div>
    468470
Note: See TracChangeset for help on using the changeset viewer.