WordPress.org

Make WordPress Core

Changeset 9233


Ignore:
Timestamp:
10/17/08 20:06:22 (6 years ago)
Author:
markjaquith
Message:

Covering our XSS bases

Location:
trunk/wp-admin
Files:
31 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/categories.php

    r9232 r9233  
    141141 
    142142<div class="wrap"> 
    143 <h2><?php echo $title ?></h2>  
     143<h2><?php echo wp_specialchars( $title ); ?></h2>  
    144144 
    145145<ul class="subsubsub"><li class="current"><a class="current"><br /></a></li></ul> 
  • trunk/wp-admin/edit-comments.php

    r9232 r9233  
    122122 
    123123<div class="wrap"> 
    124 <h2><?php echo $title ?></h2>  
     124<h2><?php echo wp_specialchars( $title ); ?></h2>  
    125125 
    126126<ul class="subsubsub"> 
  • trunk/wp-admin/edit-form-advanced.php

    r9225 r9233  
    458458 
    459459<div class="wrap"> 
    460 <h2><?php echo $title ?></h2> 
     460<h2><?php echo wp_specialchars( $title ); ?></h2> 
    461461<form name="post" action="post.php" method="post" id="post"> 
    462462<?php 
  • trunk/wp-admin/edit-link-categories.php

    r9232 r9233  
    7777 
    7878<div class="wrap"> 
    79 <h2><?php echo $title ?></h2>  
     79<h2><?php echo wp_specialchars( $title ); ?></h2>  
    8080 
    8181<ul class="subsubsub"><li><a class="current"><br /></a></li></ul> 
  • trunk/wp-admin/edit-link-form.php

    r9232 r9233  
    321321 
    322322<div class="wrap"> 
    323 <h2><?php echo $title ?></h2>  
     323<h2><?php echo wp_specialchars( $title ); ?></h2>  
    324324 
    325325<!-- 
  • trunk/wp-admin/edit-page-form.php

    r9232 r9233  
    359359 
    360360<div class="wrap"> 
    361 <h2><?php echo $title ?></h2>  
     361<h2><?php echo wp_specialchars( $title ); ?></h2>  
    362362 
    363363<form name="post" action="page.php" method="post" id="post"> 
  • trunk/wp-admin/edit-pages.php

    r9232 r9233  
    136136 
    137137<div class="wrap"> 
    138 <h2><?php echo $title ?></h2>  
     138<h2><?php echo wp_specialchars( $title ); ?></h2>  
    139139 
    140140<ul class="subsubsub"> 
  • trunk/wp-admin/edit-tags.php

    r9232 r9233  
    144144 
    145145<div class="wrap"> 
    146 <h2><?php echo $title ?></h2>  
     146<h2><?php echo wp_specialchars( $title ); ?></h2>  
    147147 
    148148<ul class="subsubsub"><li class="current"><a class="current"><br /></a></li></ul> 
  • trunk/wp-admin/export.php

    r9232 r9233  
    2323 
    2424<div class="wrap"> 
    25 <h2><?php echo $title ?></h2>  
     25<h2><?php echo wp_specialchars( $title ); ?></h2>  
    2626 
    2727<p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p> 
  • trunk/wp-admin/import.php

    r9232 r9233  
    1414 
    1515<div class="wrap"> 
    16 <h2><?php echo $title ?></h2>  
     16<h2><?php echo wp_specialchars( $title ); ?></h2>  
    1717<p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p> 
    1818 
  • trunk/wp-admin/index.php

    r9232 r9233  
    3939 
    4040<div class="wrap"> 
    41 <h2><?php echo $title ?></h2> 
     41<h2><?php echo wp_specialchars( $title ); ?></h2> 
    4242 
    4343<div id="dashboard-widgets-wrap"> 
  • trunk/wp-admin/link-manager.php

    r9232 r9233  
    9696 
    9797<div class="wrap"> 
    98 <h2><?php echo $title ?></h2>  
     98<h2><?php echo wp_specialchars( $title ); ?></h2>  
    9999 
    100100<div class="filter"> 
  • trunk/wp-admin/media-upload.php

    r9232 r9233  
    5757    require_once('admin-header.php'); ?> 
    5858    <div class="wrap"> 
    59     <h2><?php echo $title ?></h2>  
     59    <h2><?php echo wp_specialchars( $title ); ?></h2>  
    6060 
    6161    <form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&amp;upload-page-form=" class="media-upload-form type-form validate" id="file-form"> 
  • trunk/wp-admin/options-discussion.php

    r9232 r9233  
    1717 
    1818<div class="wrap"> 
    19 <h2><?php echo $title ?></h2>  
     19<h2><?php echo wp_specialchars( $title ); ?></h2>  
    2020 
    2121<form method="post" action="options.php"> 
  • trunk/wp-admin/options-general.php

    r9232 r9233  
    5050 
    5151<div class="wrap"> 
    52 <h2><?php echo $title ?></h2>  
     52<h2><?php echo wp_specialchars( $title ); ?></h2>  
    5353 
    5454<form method="post" action="options.php"> 
  • trunk/wp-admin/options-media.php

    r9232 r9233  
    1818 
    1919<div class="wrap"> 
    20 <h2><?php echo $title ?></h2>  
     20<h2><?php echo wp_specialchars( $title ); ?></h2>  
    2121 
    2222<form action="options.php" method="post"> 
  • trunk/wp-admin/options-misc.php

    r9232 r9233  
    1818 
    1919<div class="wrap"> 
    20 <h2><?php echo $title ?></h2>  
     20<h2><?php echo wp_specialchars( $title ); ?></h2>  
    2121 
    2222<form method="post" action="options.php"> 
  • trunk/wp-admin/options-permalink.php

    r9232 r9233  
    124124 
    125125<div class="wrap"> 
    126 <h2><?php echo $title ?></h2>  
     126<h2><?php echo wp_specialchars( $title ); ?></h2>  
    127127 
    128128<form name="form" action="options-permalink.php" method="post"> 
  • trunk/wp-admin/options-privacy.php

    r9232 r9233  
    1717 
    1818<div class="wrap"> 
    19 <h2><?php echo $title ?></h2>  
     19<h2><?php echo wp_specialchars( $title ); ?></h2>  
    2020 
    2121<form method="post" action="options.php"> 
  • trunk/wp-admin/options-reading.php

    r9232 r9233  
    1717 
    1818<div class="wrap"> 
    19 <h2><?php echo $title ?></h2>  
     19<h2><?php echo wp_specialchars( $title ); ?></h2>  
    2020 
    2121<form name="form1" method="post" action="options.php"> 
  • trunk/wp-admin/options-writing.php

    r9232 r9233  
    1717 
    1818<div class="wrap"> 
    19 <h2><?php echo $title ?></h2>  
     19<h2><?php echo wp_specialchars( $title ); ?></h2>  
    2020 
    2121<form method="post" action="options.php"> 
  • trunk/wp-admin/plugin-editor.php

    r9232 r9233  
    9797<?php endif; ?> 
    9898<div class="wrap"> 
    99     <h2><?php echo $title ?></h2>  
     99    <h2><?php echo wp_specialchars( $title ); ?></h2>  
    100100 
    101101<div class="tablenav"> 
  • trunk/wp-admin/plugin-install.php

    r9232 r9233  
    5353?> 
    5454<div class="wrap"> 
    55 <h2><?php echo $title ?></h2>  
     55<h2><?php echo wp_specialchars( $title ); ?></h2>  
    5656 
    5757    <ul class="subsubsub"> 
  • trunk/wp-admin/plugins.php

    r9232 r9233  
    204204 
    205205<div class="wrap"> 
    206     <h2><?php echo $title ?></h2>  
     206    <h2><?php echo wp_specialchars( $title ); ?></h2>  
    207207 
    208208<p><?php _e('Plugins extend and expand the functionality of WordPress. Once a plugin is installed, you may activate it or deactivate it here.'); ?></p> 
  • trunk/wp-admin/theme-editor.php

    r9232 r9233  
    100100?> 
    101101<div class="wrap"> 
    102 <h2><?php echo $title ?></h2>  
     102<h2><?php echo wp_specialchars( $title ); ?></h2>  
    103103<div class="bordertitle"> 
    104104    <form id="themeselector" action="theme-editor.php" method="post"> 
  • trunk/wp-admin/themes.php

    r9232 r9233  
    9999 
    100100<div class="wrap"> 
    101 <h2><?php echo $title ?></h2>  
     101<h2><?php echo wp_specialchars( $title ); ?></h2>  
    102102 
    103103<h2><?php _e('Current Theme'); ?></h2> 
  • trunk/wp-admin/turbo.php

    r9232 r9233  
    1818?> 
    1919    <div id="gears-info-box" class="wrap"> 
    20     <h2><?php echo $title ?></h2>  
     20    <h2><?php echo wp_specialchars( $title ); ?></h2>  
    2121 
    2222    <img src="images/gear.png" title="Gear" alt="" class="gears-img" /> 
  • trunk/wp-admin/upload.php

    r9232 r9233  
    184184 
    185185<div class="wrap"> 
    186 <h2><?php echo $title ?></h2>  
     186<h2><?php echo wp_specialchars( $title ); ?></h2>  
    187187 
    188188<ul class="subsubsub"> 
  • trunk/wp-admin/user-edit.php

    r9232 r9233  
    178178 
    179179<div class="wrap" id="profile-page"> 
    180     <h2><?php echo $title ?></h2>  
     180    <h2><?php echo wp_specialchars( $title ); ?></h2>  
    181181 
    182182<form id="your-profile" action="" method="post"> 
  • trunk/wp-admin/users.php

    r9232 r9233  
    265265 
    266266<div class="wrap"> 
    267 <h2><?php echo $title ?></h2>  
     267<h2><?php echo wp_specialchars( $title ); ?></h2>  
    268268 
    269269<form id="posts-filter" action="" method="get"> 
  • trunk/wp-admin/widgets.php

    r9232 r9233  
    234234 
    235235<div class="wrap"> 
    236 <h2><?php echo $title ?></h2>  
     236<h2><?php echo wp_specialchars( $title ); ?></h2>  
    237237 
    238238    <form id="widgets-filter" action="" method="get"> 
Note: See TracChangeset for help on using the changeset viewer.