mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-20 15:21:28 +01:00
deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e2802f7f3b
commit
119b39cec2
@ -422,7 +422,7 @@ case 'add-link-category' : // On the Fly
|
|||||||
$cat_id = wp_insert_term( $cat_name, 'link_category' );
|
$cat_id = wp_insert_term( $cat_name, 'link_category' );
|
||||||
}
|
}
|
||||||
$cat_id = $cat_id['term_id'];
|
$cat_id = $cat_id['term_id'];
|
||||||
$cat_name = wp_specialchars(stripslashes($cat_name));
|
$cat_name = esc_html(stripslashes($cat_name));
|
||||||
$x->add( array(
|
$x->add( array(
|
||||||
'what' => 'link-category',
|
'what' => 'link-category',
|
||||||
'id' => $cat_id,
|
'id' => $cat_id,
|
||||||
@ -898,7 +898,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
|
|||||||
$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
|
$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
|
||||||
$data = new WP_Error( 'locked', sprintf(
|
$data = new WP_Error( 'locked', sprintf(
|
||||||
$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
|
$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
|
||||||
wp_specialchars( $last_user_name )
|
esc_html( $last_user_name )
|
||||||
) );
|
) );
|
||||||
|
|
||||||
$supplemental['disable_autosave'] = 'disable';
|
$supplemental['disable_autosave'] = 'disable';
|
||||||
@ -1057,7 +1057,7 @@ case 'inline-save':
|
|||||||
if ( $last = wp_check_post_lock( $post_ID ) ) {
|
if ( $last = wp_check_post_lock( $post_ID ) ) {
|
||||||
$last_user = get_userdata( $last );
|
$last_user = get_userdata( $last );
|
||||||
$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
|
$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
|
||||||
printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), wp_specialchars( $last_user_name ) );
|
printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1217,7 +1217,7 @@ case 'find_posts':
|
|||||||
}
|
}
|
||||||
|
|
||||||
$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
|
$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
|
||||||
$html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";
|
$html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
|
||||||
}
|
}
|
||||||
$html .= '</tbody></table>';
|
$html .= '</tbody></table>';
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
if (!isset($_GET["page"])) require_once('admin.php');
|
if (!isset($_GET["page"])) require_once('admin.php');
|
||||||
|
|
||||||
get_admin_page_title();
|
get_admin_page_title();
|
||||||
$title = wp_specialchars( strip_tags( $title ) );
|
$title = esc_html( strip_tags( $title ) );
|
||||||
wp_user_settings();
|
wp_user_settings();
|
||||||
wp_menu_unfold();
|
wp_menu_unfold();
|
||||||
?>
|
?>
|
||||||
|
@ -42,7 +42,7 @@ check_admin_referer('media-form');
|
|||||||
|
|
||||||
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
||||||
if (is_wp_error($id)) {
|
if (is_wp_error($id)) {
|
||||||
echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
|
echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -129,9 +129,9 @@ $messages[5] = __('Category not updated.');
|
|||||||
|
|
||||||
<div class="wrap nosubsub">
|
<div class="wrap nosubsub">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
@ -24,7 +24,7 @@ if ( have_posts() ) { ?>
|
|||||||
|
|
||||||
<tbody id="the-list" class="list:post">
|
<tbody id="the-list" class="list:post">
|
||||||
<?php
|
<?php
|
||||||
add_filter('the_title','wp_specialchars');
|
add_filter('the_title','esc_html');
|
||||||
$alt = '';
|
$alt = '';
|
||||||
$posts_columns = get_column_headers('upload');
|
$posts_columns = get_column_headers('upload');
|
||||||
$hidden = get_hidden_columns('upload');
|
$hidden = get_hidden_columns('upload');
|
||||||
@ -110,7 +110,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
|
|||||||
if ( !empty( $tags ) ) {
|
if ( !empty( $tags ) ) {
|
||||||
$out = array();
|
$out = array();
|
||||||
foreach ( $tags as $c )
|
foreach ( $tags as $c )
|
||||||
$out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
|
$out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
|
||||||
echo join( ', ', $out );
|
echo join( ', ', $out );
|
||||||
} else {
|
} else {
|
||||||
_e('No Tags');
|
_e('No Tags');
|
||||||
|
@ -66,7 +66,7 @@ _fill_empty_category($category);
|
|||||||
</tr>
|
</tr>
|
||||||
<tr class="form-field">
|
<tr class="form-field">
|
||||||
<th scope="row" valign="top"><label for="category_description"><?php _e('Description') ?></label></th>
|
<th scope="row" valign="top"><label for="category_description"><?php _e('Description') ?></label></th>
|
||||||
<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->description); ?></textarea><br />
|
<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($category->description); ?></textarea><br />
|
||||||
<?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
|
<?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
@ -96,9 +96,9 @@ $search = esc_attr( $search_dirty ); ?>
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( wp_specialchars( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
|
printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
@ -166,7 +166,7 @@ if ( 'private' == $post->post_status ) {
|
|||||||
$visibility_trans = __('Public');
|
$visibility_trans = __('Public');
|
||||||
}
|
}
|
||||||
|
|
||||||
?><?php echo wp_specialchars( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
|
?><?php echo esc_html( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
|
||||||
|
|
||||||
<div id="post-visibility-select" class="hide-if-js">
|
<div id="post-visibility-select" class="hide-if-js">
|
||||||
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
|
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
|
||||||
@ -390,7 +390,7 @@ function post_trackback_meta_box($post) {
|
|||||||
$pings = '<p>'. __('Already pinged:') . '</p><ul>';
|
$pings = '<p>'. __('Already pinged:') . '</p><ul>';
|
||||||
$already_pinged = explode("\n", trim($post->pinged));
|
$already_pinged = explode("\n", trim($post->pinged));
|
||||||
foreach ($already_pinged as $pinged_url) {
|
foreach ($already_pinged as $pinged_url) {
|
||||||
$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
|
$pings .= "\n\t<li>" . esc_html($pinged_url) . "</li>";
|
||||||
}
|
}
|
||||||
$pings .= '</ul>';
|
$pings .= '</ul>';
|
||||||
}
|
}
|
||||||
@ -549,7 +549,7 @@ require_once('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
<?php if ( $notice ) : ?>
|
<?php if ( $notice ) : ?>
|
||||||
<div id="notice" class="error"><p><?php echo $notice ?></p></div>
|
<div id="notice" class="error"><p><?php echo $notice ?></p></div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
@ -622,7 +622,7 @@ endif; ?>
|
|||||||
echo '<span id="last-edit">';
|
echo '<span id="last-edit">';
|
||||||
if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
|
if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
|
||||||
$last_user = get_userdata($last_id);
|
$last_user = get_userdata($last_id);
|
||||||
printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
||||||
} else {
|
} else {
|
||||||
printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
||||||
}
|
}
|
||||||
|
@ -61,9 +61,9 @@ $messages[6] = __('Categories deleted.'); ?>
|
|||||||
|
|
||||||
<div class="wrap nosubsub">
|
<div class="wrap nosubsub">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php if ( isset($_GET['message']) && ( $msg = (int) $_GET['message'] ) ) : ?>
|
<?php if ( isset($_GET['message']) && ( $msg = (int) $_GET['message'] ) ) : ?>
|
||||||
|
@ -342,7 +342,7 @@ require_once ('admin-header.php');
|
|||||||
?>
|
?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<?php if ( isset( $_GET['added'] ) ) : ?>
|
<?php if ( isset( $_GET['added'] ) ) : ?>
|
||||||
<div id="message" class="updated fade"><p><?php _e('Link added.'); ?></p></div>
|
<div id="message" class="updated fade"><p><?php _e('Link added.'); ?></p></div>
|
||||||
|
@ -158,7 +158,7 @@ if ( 'private' == $post->post_status ) {
|
|||||||
$visibility_trans = __('Public');
|
$visibility_trans = __('Public');
|
||||||
}
|
}
|
||||||
|
|
||||||
echo wp_specialchars( $visibility_trans ); ?></span>
|
echo esc_html( $visibility_trans ); ?></span>
|
||||||
<?php if ( $can_publish ) { ?>
|
<?php if ( $can_publish ) { ?>
|
||||||
<a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
|
<a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
|
||||||
|
|
||||||
@ -397,7 +397,7 @@ require_once('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form name="post" action="page.php" method="post" id="post">
|
<form name="post" action="page.php" method="post" id="post">
|
||||||
<?php if ( $notice ) : ?>
|
<?php if ( $notice ) : ?>
|
||||||
@ -460,7 +460,7 @@ endif; ?>
|
|||||||
if ($post_ID) {
|
if ($post_ID) {
|
||||||
if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
|
if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
|
||||||
$last_user = get_userdata($last_id);
|
$last_user = get_userdata($last_id);
|
||||||
printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
||||||
} else {
|
} else {
|
||||||
printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
|
||||||
}
|
}
|
||||||
|
@ -104,9 +104,9 @@ require_once('admin-header.php'); ?>
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( get_search_query() ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php if ( isset($_GET['locked']) || isset($_GET['skipped']) || isset($_GET['updated']) || isset($_GET['deleted']) ) { ?>
|
<?php if ( isset($_GET['locked']) || isset($_GET['skipped']) || isset($_GET['updated']) || isset($_GET['deleted']) ) { ?>
|
||||||
|
@ -36,7 +36,7 @@ do_action('edit_tag_form_pre', $tag); ?>
|
|||||||
</tr>
|
</tr>
|
||||||
<tr class="form-field">
|
<tr class="form-field">
|
||||||
<th scope="row" valign="top"><label for="description"><?php _e('Description') ?></label></th>
|
<th scope="row" valign="top"><label for="description"><?php _e('Description') ?></label></th>
|
||||||
<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($tag->description); ?></textarea><br />
|
<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br />
|
||||||
<?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
|
<?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
@ -146,9 +146,9 @@ $messages[6] = __('Tags deleted.'); ?>
|
|||||||
|
|
||||||
<div class="wrap nosubsub">
|
<div class="wrap nosubsub">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php if ( isset($_GET['message']) && ( $msg = (int) $_GET['message'] ) ) : ?>
|
<?php if ( isset($_GET['message']) && ( $msg = (int) $_GET['message'] ) ) : ?>
|
||||||
|
@ -96,9 +96,9 @@ else
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( get_search_query() ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
@ -24,7 +24,7 @@ require_once ('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>
|
<p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>
|
||||||
<p><?php _e('This format, which we call WordPress eXtended RSS or WXR, will contain your posts, pages, comments, custom fields, categories, and tags.'); ?></p>
|
<p><?php _e('This format, which we call WordPress eXtended RSS or WXR, will contain your posts, pages, comments, custom fields, categories, and tags.'); ?></p>
|
||||||
|
@ -15,7 +15,7 @@ $parent_file = 'tools.php';
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
<p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p>
|
<p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
@ -58,7 +58,7 @@ switch ($step) {
|
|||||||
$categories = get_terms('link_category', 'get=all');
|
$categories = get_terms('link_category', 'get=all');
|
||||||
foreach ($categories as $category) {
|
foreach ($categories as $category) {
|
||||||
?>
|
?>
|
||||||
<option value="<?php echo $category->term_id; ?>"><?php echo wp_specialchars(apply_filters('link_category', $category->name)); ?></option>
|
<option value="<?php echo $category->term_id; ?>"><?php echo esc_html(apply_filters('link_category', $category->name)); ?></option>
|
||||||
<?php
|
<?php
|
||||||
} // end foreach
|
} // end foreach
|
||||||
?>
|
?>
|
||||||
|
@ -29,10 +29,10 @@ function edit_link( $link_id = '' ) {
|
|||||||
if (!current_user_can( 'manage_links' ))
|
if (!current_user_can( 'manage_links' ))
|
||||||
wp_die( __( 'Cheatin’ uh?' ));
|
wp_die( __( 'Cheatin’ uh?' ));
|
||||||
|
|
||||||
$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
|
$_POST['link_url'] = esc_html( $_POST['link_url'] );
|
||||||
$_POST['link_url'] = clean_url($_POST['link_url']);
|
$_POST['link_url'] = clean_url($_POST['link_url']);
|
||||||
$_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
|
$_POST['link_name'] = esc_html( $_POST['link_name'] );
|
||||||
$_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
|
$_POST['link_image'] = esc_html( $_POST['link_image'] );
|
||||||
$_POST['link_rss'] = clean_url($_POST['link_rss']);
|
$_POST['link_rss'] = clean_url($_POST['link_rss']);
|
||||||
if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
|
if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
|
||||||
$_POST['link_visible'] = 'Y';
|
$_POST['link_visible'] = 'Y';
|
||||||
|
@ -581,7 +581,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
|
|||||||
default :
|
default :
|
||||||
$type = ucwords( $comment->comment_type );
|
$type = ucwords( $comment->comment_type );
|
||||||
endswitch;
|
endswitch;
|
||||||
$type = wp_specialchars( $type );
|
$type = esc_html( $type );
|
||||||
?>
|
?>
|
||||||
<div class="dashboard-comment-wrap">
|
<div class="dashboard-comment-wrap">
|
||||||
<?php /* translators: %1$s is type of comment, %2$s is link to the post */ ?>
|
<?php /* translators: %1$s is type of comment, %2$s is link to the post */ ?>
|
||||||
@ -646,7 +646,7 @@ function wp_dashboard_incoming_links_output() {
|
|||||||
$author = $item->get_author();
|
$author = $item->get_author();
|
||||||
$site_link = clean_url( strip_tags( $author->get_link() ) );
|
$site_link = clean_url( strip_tags( $author->get_link() ) );
|
||||||
|
|
||||||
if ( !$publisher = wp_specialchars( strip_tags( $author->get_name() ) ) )
|
if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
|
||||||
$publisher = __( 'Somebody' );
|
$publisher = __( 'Somebody' );
|
||||||
if ( $site_link )
|
if ( $site_link )
|
||||||
$publisher = "<a href='$site_link'>$publisher</a>";
|
$publisher = "<a href='$site_link'>$publisher</a>";
|
||||||
@ -667,7 +667,7 @@ function wp_dashboard_incoming_links_output() {
|
|||||||
if ( $show_author || $show_summary )
|
if ( $show_author || $show_summary )
|
||||||
/* translators: incoming links feed, %4$s is the date */
|
/* translators: incoming links feed, %4$s is the date */
|
||||||
$text .= ' ' . __( 'on %4$s' );
|
$text .= ' ' . __( 'on %4$s' );
|
||||||
$date = wp_specialchars( strip_tags( $item->get_date() ) );
|
$date = esc_html( strip_tags( $item->get_date() ) );
|
||||||
$date = strtotime( $date );
|
$date = strtotime( $date );
|
||||||
$date = gmdate( get_option( 'date_format' ), $date );
|
$date = gmdate( get_option( 'date_format' ), $date );
|
||||||
}
|
}
|
||||||
@ -813,9 +813,9 @@ function wp_dashboard_plugins_output() {
|
|||||||
$title = $matches[1];
|
$title = $matches[1];
|
||||||
else // but let's make it forward compatible if things change
|
else // but let's make it forward compatible if things change
|
||||||
$title = $item->get_title();
|
$title = $item->get_title();
|
||||||
$title = wp_specialchars( $title );
|
$title = esc_html( $title );
|
||||||
|
|
||||||
$description = wp_specialchars( strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))) );
|
$description = esc_html( strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))) );
|
||||||
|
|
||||||
$ilink = wp_nonce_url('plugin-install.php?tab=plugin-information&plugin=' . $slug, 'install-plugin_' . $slug) .
|
$ilink = wp_nonce_url('plugin-install.php?tab=plugin-information&plugin=' . $slug, 'install-plugin_' . $slug) .
|
||||||
'&TB_iframe=true&width=600&height=800';
|
'&TB_iframe=true&width=600&height=800';
|
||||||
|
@ -99,7 +99,7 @@ function wxr_cdata($str) {
|
|||||||
if ( seems_utf8($str) == false )
|
if ( seems_utf8($str) == false )
|
||||||
$str = utf8_encode($str);
|
$str = utf8_encode($str);
|
||||||
|
|
||||||
// $str = ent2ncr(wp_specialchars($str));
|
// $str = ent2ncr(esc_html($str));
|
||||||
|
|
||||||
$str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>";
|
$str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>";
|
||||||
|
|
||||||
|
@ -1198,7 +1198,7 @@ function get_media_item( $attachment_id, $args = null ) {
|
|||||||
if ( !empty($field[$field['input']]) )
|
if ( !empty($field[$field['input']]) )
|
||||||
$item .= $field[$field['input']];
|
$item .= $field[$field['input']];
|
||||||
elseif ( $field['input'] == 'textarea' ) {
|
elseif ( $field['input'] == 'textarea' ) {
|
||||||
$item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
|
$item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . esc_html( $field['value'] ) . "</textarea>";
|
||||||
} else {
|
} else {
|
||||||
$item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
|
$item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
|
||||||
}
|
}
|
||||||
@ -1419,7 +1419,7 @@ if ( $id ) {
|
|||||||
add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
|
add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
|
||||||
echo get_media_items( $id, $errors );
|
echo get_media_items( $id, $errors );
|
||||||
} else {
|
} else {
|
||||||
echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
|
echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1802,7 +1802,7 @@ foreach ($arc_result as $arc_row) {
|
|||||||
$default = '';
|
$default = '';
|
||||||
|
|
||||||
echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
|
echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
|
||||||
echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
|
echo esc_html( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
|
||||||
echo "</option>\n";
|
echo "</option>\n";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -319,9 +319,9 @@ function bulk_edit_posts( $post_data = null ) {
|
|||||||
*/
|
*/
|
||||||
function get_default_post_to_edit() {
|
function get_default_post_to_edit() {
|
||||||
if ( !empty( $_REQUEST['post_title'] ) )
|
if ( !empty( $_REQUEST['post_title'] ) )
|
||||||
$post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
|
$post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
|
||||||
else if ( !empty( $_REQUEST['popuptitle'] ) ) {
|
else if ( !empty( $_REQUEST['popuptitle'] ) ) {
|
||||||
$post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
|
$post_title = esc_html( stripslashes( $_REQUEST['popuptitle'] ));
|
||||||
$post_title = funky_javascript_fix( $post_title );
|
$post_title = funky_javascript_fix( $post_title );
|
||||||
} else {
|
} else {
|
||||||
$post_title = '';
|
$post_title = '';
|
||||||
@ -329,16 +329,16 @@ function get_default_post_to_edit() {
|
|||||||
|
|
||||||
$post_content = '';
|
$post_content = '';
|
||||||
if ( !empty( $_REQUEST['content'] ) )
|
if ( !empty( $_REQUEST['content'] ) )
|
||||||
$post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
|
$post_content = esc_html( stripslashes( $_REQUEST['content'] ));
|
||||||
else if ( !empty( $post_title ) ) {
|
else if ( !empty( $post_title ) ) {
|
||||||
$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
|
$text = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) );
|
||||||
$text = funky_javascript_fix( $text);
|
$text = funky_javascript_fix( $text);
|
||||||
$popupurl = clean_url($_REQUEST['popupurl']);
|
$popupurl = clean_url($_REQUEST['popupurl']);
|
||||||
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
|
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !empty( $_REQUEST['excerpt'] ) )
|
if ( !empty( $_REQUEST['excerpt'] ) )
|
||||||
$post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
|
$post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
|
||||||
else
|
else
|
||||||
$post_excerpt = '';
|
$post_excerpt = '';
|
||||||
|
|
||||||
|
@ -469,7 +469,7 @@ class Walker_Category_Checklist extends Walker {
|
|||||||
extract($args);
|
extract($args);
|
||||||
|
|
||||||
$class = in_array( $category->term_id, $popular_cats ) ? ' class="popular-category"' : '';
|
$class = in_array( $category->term_id, $popular_cats ) ? ' class="popular-category"' : '';
|
||||||
$output .= "\n<li id='category-$category->term_id'$class>" . '<label class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . wp_specialchars( apply_filters('the_category', $category->name )) . '</label>';
|
$output .= "\n<li id='category-$category->term_id'$class>" . '<label class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . esc_html( apply_filters('the_category', $category->name )) . '</label>';
|
||||||
}
|
}
|
||||||
|
|
||||||
function end_el(&$output, $category, $depth, $args) {
|
function end_el(&$output, $category, $depth, $args) {
|
||||||
@ -562,7 +562,7 @@ function wp_popular_terms_checklist( $taxonomy, $default = 0, $number = 10, $ech
|
|||||||
<li id="<?php echo $id; ?>" class="popular-category">
|
<li id="<?php echo $id; ?>" class="popular-category">
|
||||||
<label class="selectit">
|
<label class="selectit">
|
||||||
<input id="in-<?php echo $id; ?>" type="checkbox" value="<?php echo (int) $category->term_id; ?>" />
|
<input id="in-<?php echo $id; ?>" type="checkbox" value="<?php echo (int) $category->term_id; ?>" />
|
||||||
<?php echo wp_specialchars( apply_filters( 'the_category', $category->name ) ); ?>
|
<?php echo esc_html( apply_filters( 'the_category', $category->name ) ); ?>
|
||||||
</label>
|
</label>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
@ -614,7 +614,7 @@ function wp_link_category_checklist( $link_id = 0 ) {
|
|||||||
|
|
||||||
foreach ( $categories as $category ) {
|
foreach ( $categories as $category ) {
|
||||||
$cat_id = $category->term_id;
|
$cat_id = $category->term_id;
|
||||||
$name = wp_specialchars( apply_filters('the_category', $category->name));
|
$name = esc_html( apply_filters('the_category', $category->name));
|
||||||
$checked = in_array( $cat_id, $checked_categories );
|
$checked = in_array( $cat_id, $checked_categories );
|
||||||
echo '<li id="link-category-', $cat_id, '"><label for="in-link-category-', $cat_id, '" class="selectit"><input value="', $cat_id, '" type="checkbox" name="link_category[]" id="in-link-category-', $cat_id, '"', ($checked ? ' checked="checked"' : "" ), '/> ', $name, "</label></li>";
|
echo '<li id="link-category-', $cat_id, '"><label for="in-link-category-', $cat_id, '" class="selectit"><input value="', $cat_id, '" type="checkbox" name="link_category[]" id="in-link-category-', $cat_id, '"', ($checked ? ' checked="checked"' : "" ), '/> ', $name, "</label></li>";
|
||||||
}
|
}
|
||||||
@ -1304,17 +1304,17 @@ function get_inline_data($post) {
|
|||||||
<div class="hh">' . mysql2date( 'H', $post->post_date, false ) . '</div>
|
<div class="hh">' . mysql2date( 'H', $post->post_date, false ) . '</div>
|
||||||
<div class="mn">' . mysql2date( 'i', $post->post_date, false ) . '</div>
|
<div class="mn">' . mysql2date( 'i', $post->post_date, false ) . '</div>
|
||||||
<div class="ss">' . mysql2date( 's', $post->post_date, false ) . '</div>
|
<div class="ss">' . mysql2date( 's', $post->post_date, false ) . '</div>
|
||||||
<div class="post_password">' . wp_specialchars($post->post_password, 1) . '</div>';
|
<div class="post_password">' . esc_html( $post->post_password ) . '</div>';
|
||||||
|
|
||||||
if( $post->post_type == 'page' )
|
if( $post->post_type == 'page' )
|
||||||
echo '
|
echo '
|
||||||
<div class="post_parent">' . $post->post_parent . '</div>
|
<div class="post_parent">' . $post->post_parent . '</div>
|
||||||
<div class="page_template">' . wp_specialchars(get_post_meta( $post->ID, '_wp_page_template', true ), 1) . '</div>
|
<div class="page_template">' . esc_html( get_post_meta( $post->ID, '_wp_page_template', true ) ) . '</div>
|
||||||
<div class="menu_order">' . $post->menu_order . '</div>';
|
<div class="menu_order">' . $post->menu_order . '</div>';
|
||||||
|
|
||||||
if( $post->post_type == 'post' )
|
if( $post->post_type == 'post' )
|
||||||
echo '
|
echo '
|
||||||
<div class="tags_input">' . wp_specialchars( str_replace( ',', ', ', get_tags_to_edit($post->ID) ), 1) . '</div>
|
<div class="tags_input">' . esc_html( str_replace( ',', ', ', get_tags_to_edit($post->ID) ) ) . '</div>
|
||||||
<div class="post_category">' . implode( ',', wp_get_post_categories( $post->ID ) ) . '</div>
|
<div class="post_category">' . implode( ',', wp_get_post_categories( $post->ID ) ) . '</div>
|
||||||
<div class="sticky">' . (is_sticky($post->ID) ? 'sticky' : '') . '</div>';
|
<div class="sticky">' . (is_sticky($post->ID) ? 'sticky' : '') . '</div>';
|
||||||
|
|
||||||
@ -1331,7 +1331,7 @@ function get_inline_data($post) {
|
|||||||
function post_rows( $posts = array() ) {
|
function post_rows( $posts = array() ) {
|
||||||
global $wp_query, $post, $mode;
|
global $wp_query, $post, $mode;
|
||||||
|
|
||||||
add_filter('the_title','wp_specialchars');
|
add_filter('the_title','esc_html');
|
||||||
|
|
||||||
// Create array of post IDs.
|
// Create array of post IDs.
|
||||||
$post_ids = array();
|
$post_ids = array();
|
||||||
@ -1478,7 +1478,7 @@ function _post_row($a_post, $pending_comments, $mode) {
|
|||||||
if ( !empty( $categories ) ) {
|
if ( !empty( $categories ) ) {
|
||||||
$out = array();
|
$out = array();
|
||||||
foreach ( $categories as $c )
|
foreach ( $categories as $c )
|
||||||
$out[] = "<a href='edit.php?category_name=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "</a>";
|
$out[] = "<a href='edit.php?category_name=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "</a>";
|
||||||
echo join( ', ', $out );
|
echo join( ', ', $out );
|
||||||
} else {
|
} else {
|
||||||
_e('Uncategorized');
|
_e('Uncategorized');
|
||||||
@ -1494,7 +1494,7 @@ function _post_row($a_post, $pending_comments, $mode) {
|
|||||||
if ( !empty( $tags ) ) {
|
if ( !empty( $tags ) ) {
|
||||||
$out = array();
|
$out = array();
|
||||||
foreach ( $tags as $c )
|
foreach ( $tags as $c )
|
||||||
$out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
|
$out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
|
||||||
echo join( ', ', $out );
|
echo join( ', ', $out );
|
||||||
} else {
|
} else {
|
||||||
_e('No Tags');
|
_e('No Tags');
|
||||||
@ -1591,7 +1591,7 @@ function display_page_row( $page, $level = 0 ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$page->post_title = wp_specialchars( $page->post_title );
|
$page->post_title = esc_html( $page->post_title );
|
||||||
$pad = str_repeat( '— ', $level );
|
$pad = str_repeat( '— ', $level );
|
||||||
$id = (int) $page->ID;
|
$id = (int) $page->ID;
|
||||||
$rowclass = 'alternate' == $rowclass ? '' : 'alternate';
|
$rowclass = 'alternate' == $rowclass ? '' : 'alternate';
|
||||||
@ -1653,7 +1653,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
|
|||||||
$attributes = 'class="post-title page-title column-title"' . $style;
|
$attributes = 'class="post-title page-title column-title"' . $style;
|
||||||
$edit_link = get_edit_post_link( $page->ID );
|
$edit_link = get_edit_post_link( $page->ID );
|
||||||
?>
|
?>
|
||||||
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
|
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . esc_html($parent_name) : ''; ?></strong>
|
||||||
<?php
|
<?php
|
||||||
$actions = array();
|
$actions = array();
|
||||||
if ( current_user_can('edit_page', $page->ID) ) {
|
if ( current_user_can('edit_page', $page->ID) ) {
|
||||||
@ -2337,7 +2337,7 @@ function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $le
|
|||||||
foreach ( $categories as $category ) {
|
foreach ( $categories as $category ) {
|
||||||
if ( $currentcat != $category->term_id && $parent == $category->parent) {
|
if ( $currentcat != $category->term_id && $parent == $category->parent) {
|
||||||
$pad = str_repeat( '– ', $level );
|
$pad = str_repeat( '– ', $level );
|
||||||
$category->name = wp_specialchars( $category->name );
|
$category->name = esc_html( $category->name );
|
||||||
echo "\n\t<option value='$category->term_id'";
|
echo "\n\t<option value='$category->term_id'";
|
||||||
if ( $currentparent == $category->term_id )
|
if ( $currentparent == $category->term_id )
|
||||||
echo " selected='selected'";
|
echo " selected='selected'";
|
||||||
@ -2627,7 +2627,7 @@ function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
|
|||||||
else
|
else
|
||||||
$current = '';
|
$current = '';
|
||||||
|
|
||||||
echo "\n\t<option class='level-$level' value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>";
|
echo "\n\t<option class='level-$level' value='$item->ID'$current>$pad " . esc_html($item->post_title) . "</option>";
|
||||||
parent_dropdown( $default, $item->ID, $level +1 );
|
parent_dropdown( $default, $item->ID, $level +1 );
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -193,7 +193,7 @@ function install_themes_dashboard() {
|
|||||||
foreach ( (array) $feature_list as $feature_name => $features ) {
|
foreach ( (array) $feature_list as $feature_name => $features ) {
|
||||||
if ( isset($trans[$feature_name]) )
|
if ( isset($trans[$feature_name]) )
|
||||||
$feature_name = $trans[$feature_name];
|
$feature_name = $trans[$feature_name];
|
||||||
$feature_name = wp_specialchars( $feature_name );
|
$feature_name = esc_html( $feature_name );
|
||||||
echo '<div class="feature-name">' . $feature_name . '</div>';
|
echo '<div class="feature-name">' . $feature_name . '</div>';
|
||||||
|
|
||||||
echo '<ol style="float: left; width: 725px;" class="feature-group">';
|
echo '<ol style="float: left; width: 725px;" class="feature-group">';
|
||||||
@ -201,7 +201,7 @@ function install_themes_dashboard() {
|
|||||||
$feature_name = $feature;
|
$feature_name = $feature;
|
||||||
if ( isset($trans[$feature]) )
|
if ( isset($trans[$feature]) )
|
||||||
$feature_name = $trans[$feature];
|
$feature_name = $trans[$feature];
|
||||||
$feature_name = wp_specialchars( $feature_name );
|
$feature_name = esc_html( $feature_name );
|
||||||
$feature = esc_attr($feature);
|
$feature = esc_attr($feature);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
@ -65,7 +65,7 @@ function edit_user( $user_id = 0 ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( isset( $_POST['user_login'] ))
|
if ( isset( $_POST['user_login'] ))
|
||||||
$user->user_login = wp_specialchars( trim( $_POST['user_login'] ));
|
$user->user_login = esc_html( trim( $_POST['user_login'] ));
|
||||||
|
|
||||||
$pass1 = $pass2 = '';
|
$pass1 = $pass2 = '';
|
||||||
if ( isset( $_POST['pass1'] ))
|
if ( isset( $_POST['pass1'] ))
|
||||||
@ -86,7 +86,7 @@ function edit_user( $user_id = 0 ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( isset( $_POST['email'] ))
|
if ( isset( $_POST['email'] ))
|
||||||
$user->user_email = wp_specialchars( trim( $_POST['email'] ));
|
$user->user_email = esc_html( trim( $_POST['email'] ));
|
||||||
if ( isset( $_POST['url'] ) ) {
|
if ( isset( $_POST['url'] ) ) {
|
||||||
if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
|
if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
|
||||||
$user->user_url = '';
|
$user->user_url = '';
|
||||||
@ -96,21 +96,21 @@ function edit_user( $user_id = 0 ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ( isset( $_POST['first_name'] ))
|
if ( isset( $_POST['first_name'] ))
|
||||||
$user->first_name = wp_specialchars( trim( $_POST['first_name'] ));
|
$user->first_name = esc_html( trim( $_POST['first_name'] ));
|
||||||
if ( isset( $_POST['last_name'] ))
|
if ( isset( $_POST['last_name'] ))
|
||||||
$user->last_name = wp_specialchars( trim( $_POST['last_name'] ));
|
$user->last_name = esc_html( trim( $_POST['last_name'] ));
|
||||||
if ( isset( $_POST['nickname'] ))
|
if ( isset( $_POST['nickname'] ))
|
||||||
$user->nickname = wp_specialchars( trim( $_POST['nickname'] ));
|
$user->nickname = esc_html( trim( $_POST['nickname'] ));
|
||||||
if ( isset( $_POST['display_name'] ))
|
if ( isset( $_POST['display_name'] ))
|
||||||
$user->display_name = wp_specialchars( trim( $_POST['display_name'] ));
|
$user->display_name = esc_html( trim( $_POST['display_name'] ));
|
||||||
if ( isset( $_POST['description'] ))
|
if ( isset( $_POST['description'] ))
|
||||||
$user->description = trim( $_POST['description'] );
|
$user->description = trim( $_POST['description'] );
|
||||||
if ( isset( $_POST['jabber'] ))
|
if ( isset( $_POST['jabber'] ))
|
||||||
$user->jabber = wp_specialchars( trim( $_POST['jabber'] ));
|
$user->jabber = esc_html( trim( $_POST['jabber'] ));
|
||||||
if ( isset( $_POST['aim'] ))
|
if ( isset( $_POST['aim'] ))
|
||||||
$user->aim = wp_specialchars( trim( $_POST['aim'] ));
|
$user->aim = esc_html( trim( $_POST['aim'] ));
|
||||||
if ( isset( $_POST['yim'] ))
|
if ( isset( $_POST['yim'] ))
|
||||||
$user->yim = wp_specialchars( trim( $_POST['yim'] ));
|
$user->yim = esc_html( trim( $_POST['yim'] ));
|
||||||
if ( !$update )
|
if ( !$update )
|
||||||
$user->rich_editing = 'true'; // Default to true for new users.
|
$user->rich_editing = 'true'; // Default to true for new users.
|
||||||
else if ( isset( $_POST['rich_editing'] ) )
|
else if ( isset( $_POST['rich_editing'] ) )
|
||||||
@ -380,7 +380,7 @@ function get_user_to_edit( $user_id ) {
|
|||||||
$user->aim = isset( $user->aim ) && !empty( $user->aim ) ? esc_attr($user->aim) : '';
|
$user->aim = isset( $user->aim ) && !empty( $user->aim ) ? esc_attr($user->aim) : '';
|
||||||
$user->yim = isset( $user->yim ) && !empty( $user->yim ) ? esc_attr($user->yim) : '';
|
$user->yim = isset( $user->yim ) && !empty( $user->yim ) ? esc_attr($user->yim) : '';
|
||||||
$user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? esc_attr($user->jabber) : '';
|
$user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? esc_attr($user->jabber) : '';
|
||||||
$user->description = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : '';
|
$user->description = isset( $user->description ) && !empty( $user->description ) ? esc_html($user->description) : '';
|
||||||
|
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
@ -162,7 +162,7 @@ function wp_widget_control( $sidebar_args ) {
|
|||||||
$wp_registered_widgets[$widget_id]['callback'] = $wp_registered_widgets[$widget_id]['_callback'];
|
$wp_registered_widgets[$widget_id]['callback'] = $wp_registered_widgets[$widget_id]['_callback'];
|
||||||
unset($wp_registered_widgets[$widget_id]['_callback']);
|
unset($wp_registered_widgets[$widget_id]['_callback']);
|
||||||
|
|
||||||
$widget_title = wp_specialchars( strip_tags( $sidebar_args['widget_name'] ) );
|
$widget_title = esc_html( strip_tags( $sidebar_args['widget_name'] ) );
|
||||||
$has_form = 'noform';
|
$has_form = 'noform';
|
||||||
|
|
||||||
echo $sidebar_args['before_widget']; ?>
|
echo $sidebar_args['before_widget']; ?>
|
||||||
|
@ -30,7 +30,7 @@ $today = current_time('mysql', 1);
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<div id="dashboard-widgets-wrap">
|
<div id="dashboard-widgets-wrap">
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ function dvortr( $str ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
|
$j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
|
||||||
$n = wp_specialchars( $GLOBALS['current_user']->data->display_name );
|
$n = esc_html( $GLOBALS['current_user']->data->display_name );
|
||||||
$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );
|
$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );
|
||||||
|
|
||||||
wp_die( <<<EOEE
|
wp_die( <<<EOEE
|
||||||
|
@ -71,9 +71,9 @@ switch ($order_by) {
|
|||||||
|
|
||||||
<div class="wrap nosubsub">
|
<div class="wrap nosubsub">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
@ -55,7 +55,7 @@ if ( isset($_GET['inline']) ) {
|
|||||||
require_once('admin-header.php'); ?>
|
require_once('admin-header.php'); ?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&upload-page-form=" class="media-upload-form type-form validate" id="file-form">
|
<form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&upload-page-form=" class="media-upload-form type-form validate" id="file-form">
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ include('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php settings_fields('discussion'); ?>
|
<?php settings_fields('discussion'); ?>
|
||||||
|
@ -52,7 +52,7 @@ include('./admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php settings_fields('general'); ?>
|
<?php settings_fields('general'); ?>
|
||||||
|
@ -18,7 +18,7 @@ include('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form action="options.php" method="post">
|
<form action="options.php" method="post">
|
||||||
<?php settings_fields('media'); ?>
|
<?php settings_fields('media'); ?>
|
||||||
|
@ -18,7 +18,7 @@ include('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php settings_fields('misc'); ?>
|
<?php settings_fields('misc'); ?>
|
||||||
|
@ -142,7 +142,7 @@ if ( $iis7_permalinks ) {
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form name="form" action="options-permalink.php" method="post">
|
<form name="form" action="options-permalink.php" method="post">
|
||||||
<?php wp_nonce_field('update-permalink') ?>
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
@ -226,7 +226,7 @@ $structures = array(
|
|||||||
<p><?php _e('If your <code>web.config</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this rule inside of the <code>/<configuration>/<system.webServer>/<rewrite>/<rules></code> element in <code>web.config</code> file.') ?></p>
|
<p><?php _e('If your <code>web.config</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so this is the url rewrite rule you should have in your <code>web.config</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this rule inside of the <code>/<configuration>/<system.webServer>/<rewrite>/<rules></code> element in <code>web.config</code> file.') ?></p>
|
||||||
<form action="options-permalink.php" method="post">
|
<form action="options-permalink.php" method="post">
|
||||||
<?php wp_nonce_field('update-permalink') ?>
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
<p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>
|
<p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>
|
||||||
</form>
|
</form>
|
||||||
<p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p>
|
<p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
@ -235,7 +235,7 @@ $structures = array(
|
|||||||
<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
|
<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
|
||||||
<form action="options-permalink.php" method="post">
|
<form action="options-permalink.php" method="post">
|
||||||
<?php wp_nonce_field('update-permalink') ?>
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
<p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
|
<p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
|
||||||
</form>
|
</form>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
@ -17,7 +17,7 @@ include('./admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php settings_fields('privacy'); ?>
|
<?php settings_fields('privacy'); ?>
|
||||||
|
@ -17,7 +17,7 @@ include('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form name="form1" method="post" action="options.php">
|
<form name="form1" method="post" action="options.php">
|
||||||
<?php settings_fields('reading'); ?>
|
<?php settings_fields('reading'); ?>
|
||||||
|
@ -17,7 +17,7 @@ include('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php settings_fields('writing'); ?>
|
<?php settings_fields('writing'); ?>
|
||||||
|
@ -121,7 +121,7 @@ foreach ( (array) $options as $option) :
|
|||||||
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
|
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
|
||||||
<td>";
|
<td>";
|
||||||
|
|
||||||
if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
|
if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . esc_html($value) . "</textarea>";
|
||||||
else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . esc_attr($value) . "'$disabled />";
|
else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . esc_attr($value) . "'$disabled />";
|
||||||
|
|
||||||
echo "</td>
|
echo "</td>
|
||||||
|
@ -100,7 +100,7 @@ case 'edit':
|
|||||||
if ( $last = wp_check_post_lock( $post->ID ) ) {
|
if ( $last = wp_check_post_lock( $post->ID ) ) {
|
||||||
$last_user = get_userdata( $last );
|
$last_user = get_userdata( $last );
|
||||||
$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
|
$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
|
||||||
$message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) );
|
$message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) );
|
||||||
$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
|
$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
|
||||||
add_action('admin_notices', create_function( '', "echo '$message';" ) );
|
add_action('admin_notices', create_function( '', "echo '$message';" ) );
|
||||||
} else {
|
} else {
|
||||||
|
@ -135,7 +135,7 @@ default:
|
|||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
<div class="bordertitle">
|
<div class="bordertitle">
|
||||||
<form id="themeselector" action="plugin-editor.php" method="post">
|
<form id="themeselector" action="plugin-editor.php" method="post">
|
||||||
<strong><label for="plugin"><?php _e('Select plugin to edit:'); ?> </label></strong>
|
<strong><label for="plugin"><?php _e('Select plugin to edit:'); ?> </label></strong>
|
||||||
|
@ -56,7 +56,7 @@ include('admin-header.php');
|
|||||||
?>
|
?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<ul class="subsubsub">
|
<ul class="subsubsub">
|
||||||
<?php
|
<?php
|
||||||
|
@ -189,7 +189,7 @@ require_once('admin-header.php');
|
|||||||
$invalid = validate_active_plugins();
|
$invalid = validate_active_plugins();
|
||||||
if ( !empty($invalid) )
|
if ( !empty($invalid) )
|
||||||
foreach ( $invalid as $plugin_file => $error )
|
foreach ( $invalid as $plugin_file => $error )
|
||||||
echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>';
|
echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), esc_html($plugin_file), $error->get_error_message()) . '</p></div>';
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<?php if ( isset($_GET['error']) ) : ?>
|
<?php if ( isset($_GET['error']) ) : ?>
|
||||||
@ -222,7 +222,7 @@ if ( !empty($invalid) )
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
@ -135,7 +135,7 @@ case 'edit':
|
|||||||
if ( $last = wp_check_post_lock( $post->ID ) ) {
|
if ( $last = wp_check_post_lock( $post->ID ) ) {
|
||||||
$last_user = get_userdata( $last );
|
$last_user = get_userdata( $last );
|
||||||
$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
|
$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
|
||||||
$message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
|
$message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
|
||||||
$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
|
$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
|
||||||
add_action('admin_notices', create_function( '', "echo '$message';" ) );
|
add_action('admin_notices', create_function( '', "echo '$message';" ) );
|
||||||
} else {
|
} else {
|
||||||
|
@ -91,7 +91,7 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Set Variables
|
// Set Variables
|
||||||
$title = isset($_GET['t']) ? wp_specialchars(aposfix(stripslashes($_GET['t']))) : '';
|
$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : '';
|
||||||
$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : '';
|
$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : '';
|
||||||
if ( ! empty($selection) ) {
|
if ( ! empty($selection) ) {
|
||||||
$selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
|
$selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
|
||||||
|
@ -177,7 +177,7 @@ foreach ( _wp_post_revision_fields() as $field => $field_title ) :
|
|||||||
?>
|
?>
|
||||||
|
|
||||||
<tr id="revision-field-<?php echo $field; ?>">
|
<tr id="revision-field-<?php echo $field; ?>">
|
||||||
<th scope="row"><?php echo wp_specialchars( $field_title ); ?></th>
|
<th scope="row"><?php echo esc_html( $field_title ); ?></th>
|
||||||
<td><div class="pre"><?php echo $content; ?></div></td>
|
<td><div class="pre"><?php echo $content; ?></div></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
|
@ -115,7 +115,7 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
|
|||||||
?>
|
?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
<div class="bordertitle">
|
<div class="bordertitle">
|
||||||
<form id="themeselector" action="theme-editor.php" method="post">
|
<form id="themeselector" action="theme-editor.php" method="post">
|
||||||
<strong><label for="theme"><?php _e('Select theme to edit:'); ?> </label></strong>
|
<strong><label for="theme"><?php _e('Select theme to edit:'); ?> </label></strong>
|
||||||
|
@ -56,7 +56,7 @@ include('admin-header.php');
|
|||||||
?>
|
?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<ul class="subsubsub">
|
<ul class="subsubsub">
|
||||||
<?php
|
<?php
|
||||||
|
@ -119,7 +119,7 @@ function theme_update_available( $theme ) {
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<h3><?php _e('Current Theme'); ?></h3>
|
<h3><?php _e('Current Theme'); ?></h3>
|
||||||
<div id="current-theme">
|
<div id="current-theme">
|
||||||
|
@ -17,7 +17,7 @@ require_once('admin-header.php');
|
|||||||
screen_icon();
|
screen_icon();
|
||||||
?>
|
?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<div class="tool-box">
|
<div class="tool-box">
|
||||||
<?php
|
<?php
|
||||||
|
@ -164,9 +164,9 @@ if ( isset($_GET['message']) && (int) $_GET['message'] ) {
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['s']) && $_GET['s'] )
|
if ( isset($_GET['s']) && $_GET['s'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( get_search_query() ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( get_search_query() ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
@ -322,7 +322,7 @@ foreach ($arc_result as $arc_row) {
|
|||||||
if ( $orphans ) {
|
if ( $orphans ) {
|
||||||
foreach ( $orphans as $post ) {
|
foreach ( $orphans as $post ) {
|
||||||
$class = 'alternate' == $class ? '' : 'alternate';
|
$class = 'alternate' == $class ? '' : 'alternate';
|
||||||
$att_title = wp_specialchars( _draft_or_post_title($post->ID) );
|
$att_title = esc_html( _draft_or_post_title($post->ID) );
|
||||||
?>
|
?>
|
||||||
<tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
|
<tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
|
||||||
<th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /></th>
|
<th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /></th>
|
||||||
|
@ -115,7 +115,7 @@ include ('admin-header.php');
|
|||||||
|
|
||||||
<div class="wrap" id="profile-page">
|
<div class="wrap" id="profile-page">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<form id="your-profile" action="" method="post">
|
<form id="your-profile" action="" method="post">
|
||||||
<?php wp_nonce_field('update-user_' . $user_id) ?>
|
<?php wp_nonce_field('update-user_' . $user_id) ?>
|
||||||
|
@ -239,9 +239,9 @@ if ( ! empty($messages) ) {
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title );
|
<h2><?php echo esc_html( $title );
|
||||||
if ( isset($_GET['usersearch']) && $_GET['usersearch'] )
|
if ( isset($_GET['usersearch']) && $_GET['usersearch'] )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( $_GET['usersearch'] ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( $_GET['usersearch'] ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<div class="filter">
|
<div class="filter">
|
||||||
|
@ -125,7 +125,7 @@ if ( count($wp_registered_sidebars) == 1 ) {
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
<div class="error">
|
<div class="error">
|
||||||
<p><?php _e( 'No Sidebars Defined' ); ?></p>
|
<p><?php _e( 'No Sidebars Defined' ); ?></p>
|
||||||
</div>
|
</div>
|
||||||
@ -258,9 +258,9 @@ if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) {
|
|||||||
require_once( 'admin-header.php' ); ?>
|
require_once( 'admin-header.php' ); ?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
<div class="editwidget"<?php echo $width; ?>>
|
<div class="editwidget"<?php echo $width; ?>>
|
||||||
<h3><?php printf( __( 'Widget %s' ), wp_specialchars( strip_tags($control['name']) ) ); ?></h3>
|
<h3><?php printf( __( 'Widget %s' ), esc_html( strip_tags($control['name']) ) ); ?></h3>
|
||||||
|
|
||||||
<form action="widgets.php" method="post">
|
<form action="widgets.php" method="post">
|
||||||
<div class="widget-inside">
|
<div class="widget-inside">
|
||||||
@ -334,7 +334,7 @@ require_once( 'admin-header.php' ); ?>
|
|||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo wp_specialchars( $title ); ?></h2>
|
<h2><?php echo esc_html( $title ); ?></h2>
|
||||||
|
|
||||||
<?php if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) { ?>
|
<?php if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) { ?>
|
||||||
<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
|
<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
|
||||||
@ -378,7 +378,7 @@ foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) {
|
|||||||
<div class="widgets-holder-wrap<?php echo $closed; ?>">
|
<div class="widgets-holder-wrap<?php echo $closed; ?>">
|
||||||
<div class="sidebar-name">
|
<div class="sidebar-name">
|
||||||
<div class="sidebar-name-arrow"><br /></div>
|
<div class="sidebar-name-arrow"><br /></div>
|
||||||
<h3><?php echo wp_specialchars( $registered_sidebar['name'] ); ?>
|
<h3><?php echo esc_html( $registered_sidebar['name'] ); ?>
|
||||||
<span><img src="images/wpspin_dark.gif" class="ajax-feedback" title="" alt="" /></span></h3></div>
|
<span><img src="images/wpspin_dark.gif" class="ajax-feedback" title="" alt="" /></span></h3></div>
|
||||||
<?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?>
|
<?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?>
|
||||||
</div>
|
</div>
|
||||||
|
@ -1252,7 +1252,7 @@ class Walker_PageDropdown extends Walker {
|
|||||||
if ( $page->ID == $args['selected'] )
|
if ( $page->ID == $args['selected'] )
|
||||||
$output .= ' selected="selected"';
|
$output .= ' selected="selected"';
|
||||||
$output .= '>';
|
$output .= '>';
|
||||||
$title = wp_specialchars($page->post_title);
|
$title = esc_html($page->post_title);
|
||||||
$output .= "$pad$title";
|
$output .= "$pad$title";
|
||||||
$output .= "</option>\n";
|
$output .= "</option>\n";
|
||||||
}
|
}
|
||||||
|
@ -1078,7 +1078,7 @@ function get_cancel_comment_reply_link($text = '') {
|
|||||||
$text = __('Click here to cancel reply.');
|
$text = __('Click here to cancel reply.');
|
||||||
|
|
||||||
$style = isset($_GET['replytocom']) ? '' : ' style="display:none;"';
|
$style = isset($_GET['replytocom']) ? '' : ' style="display:none;"';
|
||||||
$link = wp_specialchars( remove_query_arg('replytocom') ) . '#respond';
|
$link = esc_html( remove_query_arg('replytocom') ) . '#respond';
|
||||||
return apply_filters('cancel_comment_reply_link', '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>', $link, $text);
|
return apply_filters('cancel_comment_reply_link', '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>', $link, $text);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ foreach ( $filters as $filter ) {
|
|||||||
add_filter($filter, 'strip_tags');
|
add_filter($filter, 'strip_tags');
|
||||||
add_filter($filter, 'trim');
|
add_filter($filter, 'trim');
|
||||||
add_filter($filter, 'wp_filter_kses');
|
add_filter($filter, 'wp_filter_kses');
|
||||||
add_filter($filter, 'wp_specialchars', 30);
|
add_filter($filter, 'esc_html', 30);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Kses only for textarea saves
|
// Kses only for textarea saves
|
||||||
@ -80,7 +80,7 @@ $filters = array('comment_author', 'term_name', 'link_name', 'link_description',
|
|||||||
foreach ( $filters as $filter ) {
|
foreach ( $filters as $filter ) {
|
||||||
add_filter($filter, 'wptexturize');
|
add_filter($filter, 'wptexturize');
|
||||||
add_filter($filter, 'convert_chars');
|
add_filter($filter, 'convert_chars');
|
||||||
add_filter($filter, 'wp_specialchars');
|
add_filter($filter, 'esc_html');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Format text area for display.
|
// Format text area for display.
|
||||||
@ -131,19 +131,19 @@ add_filter('wp_sprintf', 'wp_sprintf_l', 10, 2);
|
|||||||
// RSS filters
|
// RSS filters
|
||||||
add_filter('the_title_rss', 'strip_tags');
|
add_filter('the_title_rss', 'strip_tags');
|
||||||
add_filter('the_title_rss', 'ent2ncr', 8);
|
add_filter('the_title_rss', 'ent2ncr', 8);
|
||||||
add_filter('the_title_rss', 'wp_specialchars');
|
add_filter('the_title_rss', 'esc_html');
|
||||||
add_filter('the_content_rss', 'ent2ncr', 8);
|
add_filter('the_content_rss', 'ent2ncr', 8);
|
||||||
add_filter('the_excerpt_rss', 'convert_chars');
|
add_filter('the_excerpt_rss', 'convert_chars');
|
||||||
add_filter('the_excerpt_rss', 'ent2ncr', 8);
|
add_filter('the_excerpt_rss', 'ent2ncr', 8);
|
||||||
add_filter('comment_author_rss', 'ent2ncr', 8);
|
add_filter('comment_author_rss', 'ent2ncr', 8);
|
||||||
add_filter('comment_text_rss', 'ent2ncr', 8);
|
add_filter('comment_text_rss', 'ent2ncr', 8);
|
||||||
add_filter('comment_text_rss', 'wp_specialchars');
|
add_filter('comment_text_rss', 'esc_html');
|
||||||
add_filter('bloginfo_rss', 'ent2ncr', 8);
|
add_filter('bloginfo_rss', 'ent2ncr', 8);
|
||||||
add_filter('the_author', 'ent2ncr', 8);
|
add_filter('the_author', 'ent2ncr', 8);
|
||||||
|
|
||||||
// Misc filters
|
// Misc filters
|
||||||
add_filter('option_ping_sites', 'privacy_ping_filter');
|
add_filter('option_ping_sites', 'privacy_ping_filter');
|
||||||
add_filter('option_blog_charset', 'wp_specialchars');
|
add_filter('option_blog_charset', '_wp_specialchars'); // IMPORTANT: This must not be wp_specialchars() or esc_html() or it'll cause an infinite loop
|
||||||
add_filter('option_home', '_config_wp_home');
|
add_filter('option_home', '_config_wp_home');
|
||||||
add_filter('option_siteurl', '_config_wp_siteurl');
|
add_filter('option_siteurl', '_config_wp_siteurl');
|
||||||
add_filter('tiny_mce_before_init', '_mce_set_direction');
|
add_filter('tiny_mce_before_init', '_mce_set_direction');
|
||||||
|
@ -820,7 +820,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
|
|||||||
|
|
||||||
$desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
|
$desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
|
||||||
$desc = wp_html_excerpt( $desc, 360 ) . ' […]';
|
$desc = wp_html_excerpt( $desc, 360 ) . ' […]';
|
||||||
$desc = wp_specialchars( $desc );
|
$desc = esc_html( $desc );
|
||||||
|
|
||||||
if ( $show_summary ) {
|
if ( $show_summary ) {
|
||||||
$summary = "<div class='rssSummary'>$desc</div>";
|
$summary = "<div class='rssSummary'>$desc</div>";
|
||||||
@ -844,7 +844,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
|
|||||||
if ( $show_author ) {
|
if ( $show_author ) {
|
||||||
$author = $item->get_author();
|
$author = $item->get_author();
|
||||||
$author = $author->get_name();
|
$author = $author->get_name();
|
||||||
$author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>';
|
$author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $link == '' ) {
|
if ( $link == '' ) {
|
||||||
|
@ -165,7 +165,7 @@ function the_content_rss($more_link_text='(more...)', $stripteaser=0, $more_file
|
|||||||
if ( $cut && !$encode_html )
|
if ( $cut && !$encode_html )
|
||||||
$encode_html = 2;
|
$encode_html = 2;
|
||||||
if ( 1== $encode_html ) {
|
if ( 1== $encode_html ) {
|
||||||
$content = wp_specialchars($content);
|
$content = esc_html($content);
|
||||||
$cut = 0;
|
$cut = 0;
|
||||||
} elseif ( 0 == $encode_html ) {
|
} elseif ( 0 == $encode_html ) {
|
||||||
$content = make_url_footnote($content);
|
$content = make_url_footnote($content);
|
||||||
|
@ -213,7 +213,7 @@ function seems_utf8($Str) { # by bmorel at ssi dot fr
|
|||||||
* @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false.
|
* @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false.
|
||||||
* @return string The encoded text with HTML entities.
|
* @return string The encoded text with HTML entities.
|
||||||
*/
|
*/
|
||||||
function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
|
function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
|
||||||
$string = (string) $string;
|
$string = (string) $string;
|
||||||
|
|
||||||
if ( 0 === strlen( $string ) ) {
|
if ( 0 === strlen( $string ) ) {
|
||||||
@ -286,7 +286,7 @@ function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false
|
|||||||
* @since 2.8
|
* @since 2.8
|
||||||
*
|
*
|
||||||
* @param string $string The text which is to be decoded.
|
* @param string $string The text which is to be decoded.
|
||||||
* @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
|
* @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
|
||||||
* @return string The decoded text without HTML entities.
|
* @return string The decoded text without HTML entities.
|
||||||
*/
|
*/
|
||||||
function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
|
function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
|
||||||
@ -301,7 +301,7 @@ function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
|
|||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value
|
// Match the previous behaviour of _wp_specialchars() when the $quote_style is not an accepted value
|
||||||
if ( empty( $quote_style ) ) {
|
if ( empty( $quote_style ) ) {
|
||||||
$quote_style = ENT_NOQUOTES;
|
$quote_style = ENT_NOQUOTES;
|
||||||
} elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
|
} elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
|
||||||
@ -2074,7 +2074,7 @@ function htmlentities2($myHTML) {
|
|||||||
*/
|
*/
|
||||||
function esc_js( $text ) {
|
function esc_js( $text ) {
|
||||||
$safe_text = wp_check_invalid_utf8( $text );
|
$safe_text = wp_check_invalid_utf8( $text );
|
||||||
$safe_text = wp_specialchars( $safe_text, ENT_COMPAT );
|
$safe_text = _wp_specialchars( $safe_text, ENT_COMPAT );
|
||||||
$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
|
$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
|
||||||
$safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) );
|
$safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) );
|
||||||
return apply_filters( 'js_escape', $safe_text, $text );
|
return apply_filters( 'js_escape', $safe_text, $text );
|
||||||
@ -2097,6 +2097,35 @@ function js_escape( $text ) {
|
|||||||
return esc_js( $text );
|
return esc_js( $text );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Escaping for HTML blocks.
|
||||||
|
*
|
||||||
|
* @since 2.8.0
|
||||||
|
*
|
||||||
|
* @param string $text
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
function esc_html( $text ) {
|
||||||
|
$safe_text = wp_check_invalid_utf8( $text );
|
||||||
|
$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
|
||||||
|
return apply_filters( 'esc_html', $safe_text, $text );
|
||||||
|
return $text;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Escaping for HTML blocks
|
||||||
|
* @deprecated 2.8.0
|
||||||
|
* @see esc_html()
|
||||||
|
*/
|
||||||
|
function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
|
||||||
|
if ( func_num_args() > 1 ) { // Maintain backwards compat for people passing additional args
|
||||||
|
$args = func_get_args();
|
||||||
|
return call_user_func_array( '_wp_specialchars', $args );
|
||||||
|
} else {
|
||||||
|
return esc_html( $string );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Escaping for HTML attributes.
|
* Escaping for HTML attributes.
|
||||||
*
|
*
|
||||||
@ -2107,7 +2136,7 @@ function js_escape( $text ) {
|
|||||||
*/
|
*/
|
||||||
function esc_attr( $text ) {
|
function esc_attr( $text ) {
|
||||||
$safe_text = wp_check_invalid_utf8( $text );
|
$safe_text = wp_check_invalid_utf8( $text );
|
||||||
$safe_text = wp_specialchars( $safe_text, ENT_QUOTES );
|
$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
|
||||||
return apply_filters( 'attribute_escape', $safe_text, $text );
|
return apply_filters( 'attribute_escape', $safe_text, $text );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2224,7 +2253,7 @@ function sanitize_option($option, $value) {
|
|||||||
$value = addslashes($value);
|
$value = addslashes($value);
|
||||||
$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
|
$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
|
||||||
$value = stripslashes($value);
|
$value = stripslashes($value);
|
||||||
$value = wp_specialchars( $value );
|
$value = esc_html( $value );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'blog_charset':
|
case 'blog_charset':
|
||||||
@ -2298,15 +2327,15 @@ function wp_pre_kses_less_than( $text ) {
|
|||||||
/**
|
/**
|
||||||
* Callback function used by preg_replace.
|
* Callback function used by preg_replace.
|
||||||
*
|
*
|
||||||
* @uses wp_specialchars to format the $matches text.
|
* @uses esc_html to format the $matches text.
|
||||||
* @since 2.3.0
|
* @since 2.3.0
|
||||||
*
|
*
|
||||||
* @param array $matches Populated by matches to preg_replace.
|
* @param array $matches Populated by matches to preg_replace.
|
||||||
* @return string The text returned after wp_specialchars if needed.
|
* @return string The text returned after esc_html if needed.
|
||||||
*/
|
*/
|
||||||
function wp_pre_kses_less_than_callback( $matches ) {
|
function wp_pre_kses_less_than_callback( $matches ) {
|
||||||
if ( false === strpos($matches[0], '>') )
|
if ( false === strpos($matches[0], '>') )
|
||||||
return wp_specialchars($matches[0]);
|
return esc_html($matches[0]);
|
||||||
return $matches[0];
|
return $matches[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -379,7 +379,7 @@ function get_option( $setting, $default = false ) {
|
|||||||
function wp_protect_special_option( $option ) {
|
function wp_protect_special_option( $option ) {
|
||||||
$protected = array( 'alloptions', 'notoptions' );
|
$protected = array( 'alloptions', 'notoptions' );
|
||||||
if ( in_array( $option, $protected ) )
|
if ( in_array( $option, $protected ) )
|
||||||
die( sprintf( __( '%s is a protected WP option and may not be modified' ), wp_specialchars( $option ) ) );
|
die( sprintf( __( '%s is a protected WP option and may not be modified' ), esc_html( $option ) ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1593,7 +1593,7 @@ function do_feed() {
|
|||||||
|
|
||||||
$hook = 'do_feed_' . $feed;
|
$hook = 'do_feed_' . $feed;
|
||||||
if ( !has_action($hook) ) {
|
if ( !has_action($hook) ) {
|
||||||
$message = sprintf( __( 'ERROR: %s is not a valid feed template' ), wp_specialchars($feed));
|
$message = sprintf( __( 'ERROR: %s is not a valid feed template' ), esc_html($feed));
|
||||||
wp_die($message);
|
wp_die($message);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1718,7 +1718,7 @@ function is_blog_installed() {
|
|||||||
*/
|
*/
|
||||||
function wp_nonce_url( $actionurl, $action = -1 ) {
|
function wp_nonce_url( $actionurl, $action = -1 ) {
|
||||||
$actionurl = str_replace( '&', '&', $actionurl );
|
$actionurl = str_replace( '&', '&', $actionurl );
|
||||||
return wp_specialchars( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
|
return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -2308,7 +2308,7 @@ function wp_explain_nonce( $action ) {
|
|||||||
else
|
else
|
||||||
$object = call_user_func( $lookup, $object );
|
$object = call_user_func( $lookup, $object );
|
||||||
}
|
}
|
||||||
return sprintf( $trans[$verb][$noun][0], wp_specialchars($object) );
|
return sprintf( $trans[$verb][$noun][0], esc_html($object) );
|
||||||
} else {
|
} else {
|
||||||
return $trans[$verb][$noun][0];
|
return $trans[$verb][$noun][0];
|
||||||
}
|
}
|
||||||
@ -2334,7 +2334,7 @@ function wp_explain_nonce( $action ) {
|
|||||||
*/
|
*/
|
||||||
function wp_nonce_ays( $action ) {
|
function wp_nonce_ays( $action ) {
|
||||||
$title = __( 'WordPress Failure Notice' );
|
$title = __( 'WordPress Failure Notice' );
|
||||||
$html = wp_specialchars( wp_explain_nonce( $action ) );
|
$html = esc_html( wp_explain_nonce( $action ) );
|
||||||
if ( wp_get_referer() )
|
if ( wp_get_referer() )
|
||||||
$html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
|
$html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
|
||||||
elseif ( 'log-out' == $action )
|
elseif ( 'log-out' == $action )
|
||||||
|
@ -1469,7 +1469,7 @@ function feed_links_extra( $args ) {
|
|||||||
$post = &get_post( $id = 0 );
|
$post = &get_post( $id = 0 );
|
||||||
|
|
||||||
if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
|
if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
|
||||||
$title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
|
$title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) ));
|
||||||
$href = get_post_comments_feed_link( $post->ID );
|
$href = get_post_comments_feed_link( $post->ID );
|
||||||
}
|
}
|
||||||
} elseif ( is_category() ) {
|
} elseif ( is_category() ) {
|
||||||
|
@ -119,6 +119,22 @@ function esc_attr__( $text, $domain = 'default' ) {
|
|||||||
return esc_attr( translate( $text, $domain ) );
|
return esc_attr( translate( $text, $domain ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieves the translation of $text and escapes it for safe use in HTML output.
|
||||||
|
* If there is no translation, or the domain isn't loaded the original text is returned.
|
||||||
|
*
|
||||||
|
* @see translate() An alias of translate()
|
||||||
|
* @see esc_html()
|
||||||
|
* @since 2.8.0
|
||||||
|
*
|
||||||
|
* @param string $text Text to translate
|
||||||
|
* @param string $domain Optional. Domain to retrieve the translated text
|
||||||
|
* @return string Translated text
|
||||||
|
*/
|
||||||
|
function esc_html__( $text, $domain = 'default' ) {
|
||||||
|
return esc_html( translate( $text, $domain ) );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Displays the returned translated text from translate().
|
* Displays the returned translated text from translate().
|
||||||
*
|
*
|
||||||
@ -146,6 +162,20 @@ function esc_attr_e( $text, $domain = 'default' ) {
|
|||||||
echo esc_attr( translate( $text, $domain ) );
|
echo esc_attr( translate( $text, $domain ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Displays translated text that has been escaped for safe use in HTML output.
|
||||||
|
*
|
||||||
|
* @see translate() Echoes returned translate() string
|
||||||
|
* @see esc_html()
|
||||||
|
* @since 2.8.0
|
||||||
|
*
|
||||||
|
* @param string $text Text to translate
|
||||||
|
* @param string $domain Optional. Domain to retrieve the translated text
|
||||||
|
*/
|
||||||
|
function esc_html_e( $text, $domain = 'default' ) {
|
||||||
|
echo esc_html( translate( $text, $domain ) );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve translated string with vertical bar context
|
* Retrieve translated string with vertical bar context
|
||||||
*
|
*
|
||||||
|
@ -540,7 +540,7 @@ function wp_dropdown_users( $args = '' ) {
|
|||||||
$user->ID = (int) $user->ID;
|
$user->ID = (int) $user->ID;
|
||||||
$_selected = $user->ID == $selected ? " selected='selected'" : '';
|
$_selected = $user->ID == $selected ? " selected='selected'" : '';
|
||||||
$display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
|
$display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
|
||||||
$output .= "\t<option value='$user->ID'$_selected>" . wp_specialchars($display) . "</option>\n";
|
$output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
$output .= "</select>";
|
$output .= "</select>";
|
||||||
|
@ -601,7 +601,7 @@ function wp_widget_description( $id ) {
|
|||||||
global $wp_registered_widgets;
|
global $wp_registered_widgets;
|
||||||
|
|
||||||
if ( isset($wp_registered_widgets[$id]['description']) )
|
if ( isset($wp_registered_widgets[$id]['description']) )
|
||||||
return wp_specialchars( $wp_registered_widgets[$id]['description'] );
|
return esc_html( $wp_registered_widgets[$id]['description'] );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -23,7 +23,7 @@ if ( ! $pop3->connect(get_option('mailserver_url'), get_option('mailserver_port'
|
|||||||
! $pop3->user(get_option('mailserver_login')) ||
|
! $pop3->user(get_option('mailserver_login')) ||
|
||||||
( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) {
|
( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) {
|
||||||
$pop3->quit();
|
$pop3->quit();
|
||||||
wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : wp_specialchars($pop3->ERROR) );
|
wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : esc_html($pop3->ERROR) );
|
||||||
}
|
}
|
||||||
|
|
||||||
for ( $i = 1; $i <= $count; $i++ ) {
|
for ( $i = 1; $i <= $count; $i++ ) {
|
||||||
@ -195,11 +195,11 @@ for ( $i = 1; $i <= $count; $i++ ) {
|
|||||||
|
|
||||||
do_action('publish_phone', $post_ID);
|
do_action('publish_phone', $post_ID);
|
||||||
|
|
||||||
echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), wp_specialchars($post_author)) . '</p>';
|
echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), esc_html($post_author)) . '</p>';
|
||||||
echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), wp_specialchars($post_title)) . '</p>';
|
echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), esc_html($post_title)) . '</p>';
|
||||||
|
|
||||||
if(!$pop3->delete($i)) {
|
if(!$pop3->delete($i)) {
|
||||||
echo '<p>' . sprintf(__('Oops: %s'), wp_specialchars($pop3->ERROR)) . '</p>';
|
echo '<p>' . sprintf(__('Oops: %s'), esc_html($pop3->ERROR)) . '</p>';
|
||||||
$pop3->reset();
|
$pop3->reset();
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
|
10
xmlrpc.php
10
xmlrpc.php
@ -883,8 +883,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||||||
$struct['name'] = $tag->name;
|
$struct['name'] = $tag->name;
|
||||||
$struct['count'] = $tag->count;
|
$struct['count'] = $tag->count;
|
||||||
$struct['slug'] = $tag->slug;
|
$struct['slug'] = $tag->slug;
|
||||||
$struct['html_url'] = wp_specialchars( get_tag_link( $tag->term_id ) );
|
$struct['html_url'] = esc_html( get_tag_link( $tag->term_id ) );
|
||||||
$struct['rss_url'] = wp_specialchars( get_tag_feed_link( $tag->term_id ) );
|
$struct['rss_url'] = esc_html( get_tag_feed_link( $tag->term_id ) );
|
||||||
|
|
||||||
$tags[] = $struct;
|
$tags[] = $struct;
|
||||||
}
|
}
|
||||||
@ -2790,8 +2790,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||||||
$struct['description'] = $cat->name;
|
$struct['description'] = $cat->name;
|
||||||
$struct['categoryDescription'] = $cat->description;
|
$struct['categoryDescription'] = $cat->description;
|
||||||
$struct['categoryName'] = $cat->name;
|
$struct['categoryName'] = $cat->name;
|
||||||
$struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id));
|
$struct['htmlUrl'] = esc_html(get_category_link($cat->term_id));
|
||||||
$struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2'));
|
$struct['rssUrl'] = esc_html(get_category_feed_link($cat->term_id, 'rss2'));
|
||||||
|
|
||||||
$categories_struct[] = $struct;
|
$categories_struct[] = $struct;
|
||||||
}
|
}
|
||||||
@ -3327,7 +3327,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||||||
|
|
||||||
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
|
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
|
||||||
|
|
||||||
$context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
|
$context = '[...] ' . esc_html( $excerpt ) . ' [...]';
|
||||||
$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
|
$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
|
||||||
|
|
||||||
$comment_post_ID = (int) $post_ID;
|
$comment_post_ID = (int) $post_ID;
|
||||||
|
Loading…
Reference in New Issue
Block a user