Changeset 9233

Timestamp:

10/17/2008 08:06:22 PM (17 years ago)

Author:

markjaquith

Message:

Covering our XSS bases

Location:

trunk/wp-admin

Files:

• categories.php (modified) (1 diff)
• edit-comments.php (modified) (1 diff)
• edit-form-advanced.php (modified) (1 diff)
• edit-link-categories.php (modified) (1 diff)
• edit-link-form.php (modified) (1 diff)
• edit-page-form.php (modified) (1 diff)
• edit-pages.php (modified) (1 diff)
• edit-tags.php (modified) (1 diff)
• export.php (modified) (1 diff)
• import.php (modified) (1 diff)
• index.php (modified) (1 diff)
• link-manager.php (modified) (1 diff)
• media-upload.php (modified) (1 diff)
• options-discussion.php (modified) (1 diff)
• options-general.php (modified) (1 diff)
• options-media.php (modified) (1 diff)
• options-misc.php (modified) (1 diff)
• options-permalink.php (modified) (1 diff)
• options-privacy.php (modified) (1 diff)
• options-reading.php (modified) (1 diff)
• options-writing.php (modified) (1 diff)
• plugin-editor.php (modified) (1 diff)
• plugin-install.php (modified) (1 diff)
• plugins.php (modified) (1 diff)
• theme-editor.php (modified) (1 diff)
• themes.php (modified) (1 diff)
• turbo.php (modified) (1 diff)
• upload.php (modified) (1 diff)
• user-edit.php (modified) (1 diff)
• users.php (modified) (1 diff)
• widgets.php (modified) (1 diff)

trunk/wp-admin/categories.php

@@ -141 +141 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <ul class="subsubsub"><li class="current"><a class="current"><br /></a></li></ul>

trunk/wp-admin/edit-comments.php

@@ -122 +122 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <ul class="subsubsub">

trunk/wp-admin/edit-form-advanced.php

@@ -458 +458 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2>
+<h2><?php echo wp_specialchars( $title ); ?></h2>
 <form name="post" action="post.php" method="post" id="post">
 <?php

trunk/wp-admin/edit-link-categories.php

@@ -77 +77 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <ul class="subsubsub"><li><a class="current"><br /></a></li></ul>

trunk/wp-admin/edit-link-form.php

@@ -321 +321 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <!--

trunk/wp-admin/edit-page-form.php

@@ -359 +359 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form name="post" action="page.php" method="post" id="post">

trunk/wp-admin/edit-pages.php

@@ -136 +136 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <ul class="subsubsub">

trunk/wp-admin/edit-tags.php

@@ -144 +144 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <ul class="subsubsub"><li class="current"><a class="current"><br /></a></li></ul>

trunk/wp-admin/export.php

@@ -23 +23 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>

trunk/wp-admin/import.php

@@ -14 +14 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 <p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p>
 

trunk/wp-admin/index.php

@@ -39 +39 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2>
+<h2><?php echo wp_specialchars( $title ); ?></h2>
 
 <div id="dashboard-widgets-wrap">

trunk/wp-admin/link-manager.php

@@ -96 +96 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <div class="filter">

trunk/wp-admin/media-upload.php

@@ -57 +57 @@
     require_once('admin-header.php'); ?>
     <div class="wrap">
-    <h2><?php echo $title ?></h2> 
+    <h2><?php echo wp_specialchars( $title ); ?></h2> 
 
     <form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&amp;upload-page-form=" class="media-upload-form type-form validate" id="file-form">

trunk/wp-admin/options-discussion.php

@@ -17 +17 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form method="post" action="options.php">

trunk/wp-admin/options-general.php

@@ -50 +50 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form method="post" action="options.php">

trunk/wp-admin/options-media.php

@@ -18 +18 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form action="options.php" method="post">

trunk/wp-admin/options-misc.php

@@ -18 +18 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form method="post" action="options.php">

trunk/wp-admin/options-permalink.php

@@ -124 +124 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form name="form" action="options-permalink.php" method="post">

trunk/wp-admin/options-privacy.php

@@ -17 +17 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form method="post" action="options.php">

trunk/wp-admin/options-reading.php

@@ -17 +17 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form name="form1" method="post" action="options.php">

trunk/wp-admin/options-writing.php

@@ -17 +17 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form method="post" action="options.php">

trunk/wp-admin/plugin-editor.php

@@ -97 +97 @@
 <?php endif; ?>
 <div class="wrap">
-    <h2><?php echo $title ?></h2> 
+    <h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <div class="tablenav">

trunk/wp-admin/plugin-install.php

@@ -53 +53 @@
 ?>
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
     <ul class="subsubsub">

trunk/wp-admin/plugins.php

@@ -204 +204 @@
 
 <div class="wrap">
-    <h2><?php echo $title ?></h2> 
+    <h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <p><?php _e('Plugins extend and expand the functionality of WordPress. Once a plugin is installed, you may activate it or deactivate it here.'); ?></p>

trunk/wp-admin/theme-editor.php

@@ -100 +100 @@
 ?>
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 <div class="bordertitle">
     <form id="themeselector" action="theme-editor.php" method="post">

trunk/wp-admin/themes.php

@@ -99 +99 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <h2><?php _e('Current Theme'); ?></h2>

trunk/wp-admin/turbo.php

@@ -18 +18 @@
 ?>
     <div id="gears-info-box" class="wrap">
-    <h2><?php echo $title ?></h2> 
+    <h2><?php echo wp_specialchars( $title ); ?></h2> 
 
     <img src="images/gear.png" title="Gear" alt="" class="gears-img" />

trunk/wp-admin/upload.php

@@ -184 +184 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <ul class="subsubsub">

trunk/wp-admin/user-edit.php

@@ -178 +178 @@
 
 <div class="wrap" id="profile-page">
-    <h2><?php echo $title ?></h2> 
+    <h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form id="your-profile" action="" method="post">

trunk/wp-admin/users.php

@@ -265 +265 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
 <form id="posts-filter" action="" method="get">

trunk/wp-admin/widgets.php

@@ -234 +234 @@
 
 <div class="wrap">
-<h2><?php echo $title ?></h2> 
+<h2><?php echo wp_specialchars( $title ); ?></h2> 
 
     <form id="widgets-filter" action="" method="get">