Make WordPress Core

Changeset 9233


Ignore:
Timestamp:
10/17/2008 08:06:22 PM (17 years ago)
Author:
markjaquith
Message:

Covering our XSS bases

Location:
trunk/wp-admin
Files:
31 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/categories.php

    r9232 r9233  
    141141
    142142<div class="wrap">
    143 <h2><?php echo $title ?></h2>
     143<h2><?php echo wp_specialchars( $title ); ?></h2>
    144144
    145145<ul class="subsubsub"><li class="current"><a class="current"><br /></a></li></ul>
  • trunk/wp-admin/edit-comments.php

    r9232 r9233  
    122122
    123123<div class="wrap">
    124 <h2><?php echo $title ?></h2>
     124<h2><?php echo wp_specialchars( $title ); ?></h2>
    125125
    126126<ul class="subsubsub">
  • trunk/wp-admin/edit-form-advanced.php

    r9225 r9233  
    458458
    459459<div class="wrap">
    460 <h2><?php echo $title ?></h2>
     460<h2><?php echo wp_specialchars( $title ); ?></h2>
    461461<form name="post" action="post.php" method="post" id="post">
    462462<?php
  • trunk/wp-admin/edit-link-categories.php

    r9232 r9233  
    7777
    7878<div class="wrap">
    79 <h2><?php echo $title ?></h2>
     79<h2><?php echo wp_specialchars( $title ); ?></h2>
    8080
    8181<ul class="subsubsub"><li><a class="current"><br /></a></li></ul>
  • trunk/wp-admin/edit-link-form.php

    r9232 r9233  
    321321
    322322<div class="wrap">
    323 <h2><?php echo $title ?></h2>
     323<h2><?php echo wp_specialchars( $title ); ?></h2>
    324324
    325325<!--
  • trunk/wp-admin/edit-page-form.php

    r9232 r9233  
    359359
    360360<div class="wrap">
    361 <h2><?php echo $title ?></h2>
     361<h2><?php echo wp_specialchars( $title ); ?></h2>
    362362
    363363<form name="post" action="page.php" method="post" id="post">
  • trunk/wp-admin/edit-pages.php

    r9232 r9233  
    136136
    137137<div class="wrap">
    138 <h2><?php echo $title ?></h2>
     138<h2><?php echo wp_specialchars( $title ); ?></h2>
    139139
    140140<ul class="subsubsub">
  • trunk/wp-admin/edit-tags.php

    r9232 r9233  
    144144
    145145<div class="wrap">
    146 <h2><?php echo $title ?></h2>
     146<h2><?php echo wp_specialchars( $title ); ?></h2>
    147147
    148148<ul class="subsubsub"><li class="current"><a class="current"><br /></a></li></ul>
  • trunk/wp-admin/export.php

    r9232 r9233  
    2323
    2424<div class="wrap">
    25 <h2><?php echo $title ?></h2>
     25<h2><?php echo wp_specialchars( $title ); ?></h2>
    2626
    2727<p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>
  • trunk/wp-admin/import.php

    r9232 r9233  
    1414
    1515<div class="wrap">
    16 <h2><?php echo $title ?></h2>
     16<h2><?php echo wp_specialchars( $title ); ?></h2>
    1717<p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p>
    1818
  • trunk/wp-admin/index.php

    r9232 r9233  
    3939
    4040<div class="wrap">
    41 <h2><?php echo $title ?></h2>
     41<h2><?php echo wp_specialchars( $title ); ?></h2>
    4242
    4343<div id="dashboard-widgets-wrap">
  • trunk/wp-admin/link-manager.php

    r9232 r9233  
    9696
    9797<div class="wrap">
    98 <h2><?php echo $title ?></h2>
     98<h2><?php echo wp_specialchars( $title ); ?></h2>
    9999
    100100<div class="filter">
  • trunk/wp-admin/media-upload.php

    r9232 r9233  
    5757    require_once('admin-header.php'); ?>
    5858    <div class="wrap">
    59     <h2><?php echo $title ?></h2>
     59    <h2><?php echo wp_specialchars( $title ); ?></h2>
    6060
    6161    <form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&amp;upload-page-form=" class="media-upload-form type-form validate" id="file-form">
  • trunk/wp-admin/options-discussion.php

    r9232 r9233  
    1717
    1818<div class="wrap">
    19 <h2><?php echo $title ?></h2>
     19<h2><?php echo wp_specialchars( $title ); ?></h2>
    2020
    2121<form method="post" action="options.php">
  • trunk/wp-admin/options-general.php

    r9232 r9233  
    5050
    5151<div class="wrap">
    52 <h2><?php echo $title ?></h2>
     52<h2><?php echo wp_specialchars( $title ); ?></h2>
    5353
    5454<form method="post" action="options.php">
  • trunk/wp-admin/options-media.php

    r9232 r9233  
    1818
    1919<div class="wrap">
    20 <h2><?php echo $title ?></h2>
     20<h2><?php echo wp_specialchars( $title ); ?></h2>
    2121
    2222<form action="options.php" method="post">
  • trunk/wp-admin/options-misc.php

    r9232 r9233  
    1818
    1919<div class="wrap">
    20 <h2><?php echo $title ?></h2>
     20<h2><?php echo wp_specialchars( $title ); ?></h2>
    2121
    2222<form method="post" action="options.php">
  • trunk/wp-admin/options-permalink.php

    r9232 r9233  
    124124
    125125<div class="wrap">
    126 <h2><?php echo $title ?></h2>
     126<h2><?php echo wp_specialchars( $title ); ?></h2>
    127127
    128128<form name="form" action="options-permalink.php" method="post">
  • trunk/wp-admin/options-privacy.php

    r9232 r9233  
    1717
    1818<div class="wrap">
    19 <h2><?php echo $title ?></h2>
     19<h2><?php echo wp_specialchars( $title ); ?></h2>
    2020
    2121<form method="post" action="options.php">
  • trunk/wp-admin/options-reading.php

    r9232 r9233  
    1717
    1818<div class="wrap">
    19 <h2><?php echo $title ?></h2>
     19<h2><?php echo wp_specialchars( $title ); ?></h2>
    2020
    2121<form name="form1" method="post" action="options.php">
  • trunk/wp-admin/options-writing.php

    r9232 r9233  
    1717
    1818<div class="wrap">
    19 <h2><?php echo $title ?></h2>
     19<h2><?php echo wp_specialchars( $title ); ?></h2>
    2020
    2121<form method="post" action="options.php">
  • trunk/wp-admin/plugin-editor.php

    r9232 r9233  
    9797<?php endif; ?>
    9898<div class="wrap">
    99     <h2><?php echo $title ?></h2>
     99    <h2><?php echo wp_specialchars( $title ); ?></h2>
    100100
    101101<div class="tablenav">
  • trunk/wp-admin/plugin-install.php

    r9232 r9233  
    5353?>
    5454<div class="wrap">
    55 <h2><?php echo $title ?></h2>
     55<h2><?php echo wp_specialchars( $title ); ?></h2>
    5656
    5757    <ul class="subsubsub">
  • trunk/wp-admin/plugins.php

    r9232 r9233  
    204204
    205205<div class="wrap">
    206     <h2><?php echo $title ?></h2>
     206    <h2><?php echo wp_specialchars( $title ); ?></h2>
    207207
    208208<p><?php _e('Plugins extend and expand the functionality of WordPress. Once a plugin is installed, you may activate it or deactivate it here.'); ?></p>
  • trunk/wp-admin/theme-editor.php

    r9232 r9233  
    100100?>
    101101<div class="wrap">
    102 <h2><?php echo $title ?></h2>
     102<h2><?php echo wp_specialchars( $title ); ?></h2>
    103103<div class="bordertitle">
    104104    <form id="themeselector" action="theme-editor.php" method="post">
  • trunk/wp-admin/themes.php

    r9232 r9233  
    9999
    100100<div class="wrap">
    101 <h2><?php echo $title ?></h2>
     101<h2><?php echo wp_specialchars( $title ); ?></h2>
    102102
    103103<h2><?php _e('Current Theme'); ?></h2>
  • trunk/wp-admin/turbo.php

    r9232 r9233  
    1818?>
    1919    <div id="gears-info-box" class="wrap">
    20     <h2><?php echo $title ?></h2>
     20    <h2><?php echo wp_specialchars( $title ); ?></h2>
    2121
    2222    <img src="images/gear.png" title="Gear" alt="" class="gears-img" />
  • trunk/wp-admin/upload.php

    r9232 r9233  
    184184
    185185<div class="wrap">
    186 <h2><?php echo $title ?></h2>
     186<h2><?php echo wp_specialchars( $title ); ?></h2>
    187187
    188188<ul class="subsubsub">
  • trunk/wp-admin/user-edit.php

    r9232 r9233  
    178178
    179179<div class="wrap" id="profile-page">
    180     <h2><?php echo $title ?></h2>
     180    <h2><?php echo wp_specialchars( $title ); ?></h2>
    181181
    182182<form id="your-profile" action="" method="post">
  • trunk/wp-admin/users.php

    r9232 r9233  
    265265
    266266<div class="wrap">
    267 <h2><?php echo $title ?></h2>
     267<h2><?php echo wp_specialchars( $title ); ?></h2>
    268268
    269269<form id="posts-filter" action="" method="get">
  • trunk/wp-admin/widgets.php

    r9232 r9233  
    234234
    235235<div class="wrap">
    236 <h2><?php echo $title ?></h2>
     236<h2><?php echo wp_specialchars( $title ); ?></h2>
    237237
    238238    <form id="widgets-filter" action="" method="get">
Note: See TracChangeset for help on using the changeset viewer.