diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 3742a08a0f..975975d235 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -467,11 +467,11 @@ function edit_user($user_id = 0) { function get_link_to_edit($link_id) { $link = get_link($link_id); - $link->link_url = attribute_escape($link->link_url); + $link->link_url = clean_url($link->link_url); $link->link_name = attribute_escape($link->link_name); $link->link_image = attribute_escape($link->link_image); $link->link_description = attribute_escape($link->link_description); - $link->link_rss = attribute_escape($link->link_rss); + $link->link_rss = clean_url($link->link_rss); $link->link_rel = attribute_escape($link->link_rel); $link->link_notes = wp_specialchars($link->link_notes); $link->post_category = $link->link_category; @@ -481,7 +481,7 @@ function get_link_to_edit($link_id) { function get_default_link_to_edit() { if ( isset($_GET['linkurl']) ) - $link->link_url = attribute_escape($_GET['linkurl']); + $link->link_url = clean_url($_GET['linkurl']); else $link->link_url = ''; diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php index f3782e8419..2fa3c842b7 100644 --- a/wp-admin/bookmarklet.php +++ b/wp-admin/bookmarklet.php @@ -37,7 +37,7 @@ else $content = wp_specialchars($_REQUEST['content']); -$popupurl = attribute_escape(stripslashes($_REQUEST['popupurl'])); +$popupurl = clean_url(stripslashes($_REQUEST['popupurl'])); if ( !empty($content) ) { $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); } else { diff --git a/wp-admin/post.php b/wp-admin/post.php index e95c2cc2f0..efb5fcbd5f 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -81,7 +81,7 @@ case 'edit': ?>

- +

@@ -86,7 +86,7 @@ switch($step) { if ( empty( $_GET['backto'] ) ) $backto = __get_option('home'); else - $backto = attribute_escape(stripslashes($_GET['backto'])); + $backto = clean_url(stripslashes($_GET['backto'])); ?>

Have fun!"), $backto); ?>

diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 8a0d8f3052..42f2531bf4 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -2491,7 +2491,7 @@ function wp_nonce_ays($action) { $html .= "\t\t\n"; $html .= "\t\t
\n\t\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t\t

" . __('No') . "

\n\t\t
\n\t\n"; } else { - $html .= "\t
\n\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; + $html .= "\t
\n\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; } $html .= "\n"; wp_die($html, $title); diff --git a/wp-includes/links.php b/wp-includes/links.php index a2e15886de..d907933f7d 100644 --- a/wp-includes/links.php +++ b/wp-includes/links.php @@ -212,7 +212,7 @@ function get_links($category = -1, $the_link = '#'; if (!empty($row->link_url)) - $the_link = attribute_escape($row->link_url); + $the_link = clean_url($row->link_url); $rel = $row->link_rel; if ($rel != '') { diff --git a/wp-includes/template-functions-links.php b/wp-includes/template-functions-links.php index b236be9d16..c1c9fc38c4 100644 --- a/wp-includes/template-functions-links.php +++ b/wp-includes/template-functions-links.php @@ -458,7 +458,7 @@ function get_next_posts_page_link($max_page = 0) { } function next_posts($max_page = 0) { - echo attribute_escape(get_next_posts_page_link($max_page)); + echo clean_url(get_next_posts_page_link($max_page)); } function next_posts_link($label='Next Page »', $max_page=0) { @@ -495,7 +495,7 @@ function get_previous_posts_page_link() { } function previous_posts() { - echo attribute_escape(get_previous_posts_page_link()); + echo clean_url(get_previous_posts_page_link()); } function previous_posts_link($label='« Previous Page') {