Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-01-09 18:08:09 +01:00
Code Issues Projects Releases Wiki Activity

Input cleanup

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@1743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2004-10-05 06:59:13 +00:00
parent e4e021901d
commit 2624614452
5 changed files with 9 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
wp-admin/admin-header.php
View File

@ -41,20 +41,6 @@ if ($standalone == 0) :
<link rel="stylesheet" href="wp-admin.css" type="text/css" /> <link rel="stylesheet" href="wp-admin.css" type="text/css" />
<link rel="shortcut icon" href="../wp-images/wp-favicon.png" /> <link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" /> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
<?php
if ($redirect==1) {
?>
<script type="text/javascript">
<!--
function redirect() {
window.location = "<?php echo $redirect_url; ?>";
}
setTimeout("redirect();", 600);
//-->
</script>
<?php
} // redirect
?>
<?php if (isset($xfn)) : ?> <?php if (isset($xfn)) : ?>
<script type="text/javascript"> <script type="text/javascript">

15
wp-admin/bookmarklet.php
View File

@ -1,8 +1,4 @@
<?php <?php
/* <Bookmarklet> */
// accepts 'post_title' and 'content' as vars passed in. Add-on from Alex King
$mode = 'bookmarklet'; $mode = 'bookmarklet';
$standalone = 1; $standalone = 1;
@ -23,12 +19,11 @@ window.close()
</script> </script>
</head> </head>
<body></body> <body></body>
</html><?php </html>
<?php
} else { } else {
$popuptitle = htmlspecialchars(stripslashes($popuptitle));
$popuptitle = stripslashes($popuptitle); $text = htmlspecialchars(stripslashes(urldecode($text)));
$text = stripslashes(urldecode($text));
/* big funky fixes for browsers' javascript bugs */ /* big funky fixes for browsers' javascript bugs */
@ -57,7 +52,7 @@ window.close()
// and that is what is being included below. For this reason, I am just duplicating // and that is what is being included below. For this reason, I am just duplicating
// the var instead of changing the assignment on the lines above. // the var instead of changing the assignment on the lines above.
// -- Alex King 2004-01-07 // -- Alex King 2004-01-07
$edited_post_title = $post_title; $edited_post_title = htmlspecialchars($post_title);
// $post_pingback needs to be set in any file that includes edit-form.php // $post_pingback needs to be set in any file that includes edit-form.php
$post_pingback = get_settings('default_pingback_flag'); $post_pingback = get_settings('default_pingback_flag');

2
wp-admin/categories.php
View File

@ -97,7 +97,7 @@ case 'edit':
<h2><?php _e('Edit Category') ?></h2> <h2><?php _e('Edit Category') ?></h2>
<form name="editcat" action="categories.php" method="post"> <form name="editcat" action="categories.php" method="post">
<input type="hidden" name="action" value="editedcat" /> <input type="hidden" name="action" value="editedcat" />
<input type="hidden" name="cat_ID" value="<?php echo $_GET['cat_ID'] ?>" /> <input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" />
<p><?php _e('Category name:') ?><br /> <p><?php _e('Category name:') ?><br />
<input type="text" name="cat_name" value="<?php echo htmlspecialchars($cat_name); ?>" /></p> <input type="text" name="cat_name" value="<?php echo htmlspecialchars($cat_name); ?>" /></p>
<p><?php _e('Category parent:') ?><br /> <p><?php _e('Category parent:') ?><br />

6
wp-admin/edit-comments.php
View File

@ -28,7 +28,7 @@ function checkAll(form)
<form name="searchform" action="" method="get"> <form name="searchform" action="" method="get">
<fieldset> <fieldset>
<legend><?php _e('Show Comments That Contain...') ?></legend> <legend><?php _e('Show Comments That Contain...') ?></legend>
<input type="text" name="s" value="<?php if (isset($s)) echo $s; ?>" size="17" /> <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo htmlspecialchars($_GET['s']); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" /> <input type="submit" name="submit" value="<?php _e('Search') ?>" />
<input type="hidden" name="mode" value="<?php echo $mode; ?>" /> <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
<?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?> <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
@ -148,6 +148,4 @@ if ('view' == $mode) {
</div> </div>
<?php <?php include('admin-footer.php'); ?>
include('admin-footer.php');
?>

2
wp-admin/edit.php
View File

@ -65,7 +65,7 @@ if ($drafts || $other_drafts) {
if ( isset( $_GET['m'] ) ) { if ( isset( $_GET['m'] ) ) {
echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 ); echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );
} elseif ( isset( $_GET['s'] ) ) { } elseif ( isset( $_GET['s'] ) ) {
printf(__('Search for &#8220;%s&#8221;'), $_GET['s']); printf(__('Search for &#8220;%s&#8221;'), htmlspecialchars($_GET['s']) );
} else { } else {
_e('Last 15 Posts'); _e('Last 15 Posts');
} }