From 2d489767bbeea468780616df46dfce458f70950d Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 28 Apr 2009 05:58:45 +0000 Subject: [PATCH] s/attribute_escape/attr/. see #9650 git-svn-id: http://svn.automattic.com/wordpress/trunk@11109 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-ajax.php | 4 +- wp-admin/custom-header.php | 8 +- wp-admin/edit-attachment-rows.php | 8 +- wp-admin/edit-category-form.php | 4 +- wp-admin/edit-comments.php | 12 +-- wp-admin/edit-form-advanced.php | 20 ++--- wp-admin/edit-form-comment.php | 6 +- wp-admin/edit-link-category-form.php | 2 +- wp-admin/edit-link-form.php | 2 +- wp-admin/edit-page-form.php | 18 ++--- wp-admin/edit-pages.php | 2 +- wp-admin/edit-tag-form.php | 6 +- wp-admin/edit-tags.php | 4 +- wp-admin/edit.php | 4 +- wp-admin/import/dotclear.php | 12 +-- wp-admin/import/livejournal.php | 16 ++-- wp-admin/import/mt.php | 4 +- wp-admin/import/textpattern.php | 12 +-- wp-admin/import/wordpress.php | 2 +- wp-admin/import/wp-cat2tag.php | 2 +- wp-admin/includes/bookmark.php | 2 +- wp-admin/includes/class-wp-upgrader.php | 24 +++--- wp-admin/includes/dashboard.php | 10 +-- wp-admin/includes/file.php | 10 +-- wp-admin/includes/manifest.php | 2 +- wp-admin/includes/media.php | 82 ++++++++++---------- wp-admin/includes/plugin-install.php | 16 ++-- wp-admin/includes/taxonomy.php | 2 +- wp-admin/includes/template.php | 64 +++++++-------- wp-admin/includes/theme-install.php | 16 ++-- wp-admin/includes/user.php | 18 ++--- wp-admin/link-manager.php | 4 +- wp-admin/load-scripts.php | 2 +- wp-admin/load-styles.php | 2 +- wp-admin/media-upload.php | 2 +- wp-admin/menu.php | 2 +- wp-admin/options-discussion.php | 4 +- wp-admin/options-general.php | 8 +- wp-admin/options-misc.php | 4 +- wp-admin/options-permalink.php | 6 +- wp-admin/options.php | 4 +- wp-admin/plugin-editor.php | 10 +-- wp-admin/plugins.php | 10 +-- wp-admin/press-this.php | 12 +-- wp-admin/theme-editor.php | 2 +- wp-admin/themes.php | 6 +- wp-admin/tools.php | 2 +- wp-admin/update-core.php | 4 +- wp-admin/upload.php | 6 +- wp-admin/users.php | 8 +- wp-admin/widgets.php | 2 +- wp-app.php | 12 +-- wp-content/themes/classic/comments-popup.php | 4 +- wp-content/themes/classic/comments.php | 2 +- wp-content/themes/default/comments-popup.php | 2 +- wp-content/themes/default/functions.php | 50 ++++++------ wp-includes/author-template.php | 4 +- wp-includes/bookmark-template.php | 4 +- wp-includes/bookmark.php | 4 +- wp-includes/category-template.php | 2 +- wp-includes/class.wp-styles.php | 4 +- wp-includes/classes.php | 6 +- wp-includes/comment-template.php | 2 +- wp-includes/comment.php | 4 +- wp-includes/default-widgets.php | 42 +++++----- wp-includes/deprecated.php | 4 +- wp-includes/feed-atom-comments.php | 4 +- wp-includes/feed-rss2-comments.php | 2 +- wp-includes/feed.php | 2 +- wp-includes/formatting.php | 2 +- wp-includes/functions.php | 10 +-- wp-includes/general-template.php | 26 +++---- wp-includes/link-template.php | 18 ++--- wp-includes/media.php | 6 +- wp-includes/pluggable.php | 2 +- wp-includes/post-template.php | 14 ++-- wp-includes/post.php | 4 +- wp-includes/rss.php | 2 +- wp-includes/script-loader.php | 18 ++--- wp-includes/taxonomy.php | 6 +- wp-includes/theme.php | 2 +- wp-includes/update.php | 6 +- wp-links-opml.php | 8 +- wp-login.php | 10 +-- 84 files changed, 391 insertions(+), 391 deletions(-) diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 17da3201f6..536fb8074e 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -474,7 +474,7 @@ case 'add-cat' : // From Manage->Categories $cat_full_name = $_cat->name . ' — ' . $cat_full_name; $level++; } - $cat_full_name = attribute_escape($cat_full_name); + $cat_full_name = attr($cat_full_name); $x = new WP_Ajax_Response( array( 'what' => 'cat', @@ -552,7 +552,7 @@ case 'add-tag' : // From Manage->Tags die('0'); $tag_full_name = $tag->name; - $tag_full_name = attribute_escape($tag_full_name); + $tag_full_name = attr($tag_full_name); $x = new WP_Ajax_Response( array( 'what' => 'tag', diff --git a/wp-admin/custom-header.php b/wp-admin/custom-header.php index 9c5e1be7b5..72c861e07e 100644 --- a/wp-admin/custom-header.php +++ b/wp-admin/custom-header.php @@ -287,7 +287,7 @@ class Custom_Image_Header { - + @@ -296,7 +296,7 @@ class Custom_Image_Header {

%1$d x %2$d pixels will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?>

-
+
@@ -311,7 +311,7 @@ class Custom_Image_Header {

- + @@ -372,7 +372,7 @@ class Custom_Image_Header {
-
+

diff --git a/wp-admin/edit-attachment-rows.php b/wp-admin/edit-attachment-rows.php index 4a83dd65cc..8d0cd4d591 100644 --- a/wp-admin/edit-attachment-rows.php +++ b/wp-admin/edit-attachment-rows.php @@ -62,7 +62,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) { if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?> - "> + "> @@ -74,7 +74,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) { case 'media': ?> - >">
+ >">
ID))); ?>

$column_display_name ) { $actions['edit'] = '' . __('Edit') . ''; if ( current_user_can('delete_post', $post->ID) ) $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . ""; - $actions['view'] = '' . __('View') . ''; + $actions['view'] = '' . __('View') . ''; $action_count = count($actions); $i = 0; echo '

'; @@ -182,7 +182,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) { case 'actions': ?> > - "> | + "> | -
+
-
+
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 990963dc77..64cb81b529 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -83,7 +83,7 @@ else require_once('admin-header.php'); -$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attribute_escape($_GET['mode']); +$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']); $default_status = get_user_option('edit_comments_last_view'); if ( empty($default_status) ) @@ -94,10 +94,10 @@ if ( !in_array($comment_status, array('all', 'moderated', 'approved', 'spam')) ) if ( $comment_status != $default_status ) update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status); -$comment_type = !empty($_GET['comment_type']) ? attribute_escape($_GET['comment_type']) : ''; +$comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : ''; $search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : ''; -$search = attribute_escape( $search_dirty ); ?> +$search = attr( $search_dirty ); ?>
@@ -164,7 +164,7 @@ foreach ( $stati as $status => $label ) { /* // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark if ( !empty( $_GET['s'] ) ) - $link = add_query_arg( 's', attribute_escape( stripslashes( $_GET['s'] ) ), $link ); + $link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link ); */ $status_links[] = "
  • " . sprintf( _n( $label[0], $label[1], $num_comments->$status ), @@ -364,8 +364,8 @@ if ( $page_links ) - - + + diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 211aa00055..6d73925975 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -16,7 +16,7 @@ $post_ID = isset($post_ID) ? (int) $post_ID : 0; $action = isset($action) ? $action : ''; if ( isset($_GET['message']) ) $_GET['message'] = absint( $_GET['message'] ); -$messages[1] = sprintf( __( 'Post updated. Continue editing below or go back.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) ); +$messages[1] = sprintf( __( 'Post updated. Continue editing below or go back.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) ); $messages[2] = __('Custom field updated.'); $messages[3] = __('Custom field deleted.'); $messages[4] = __('Post updated.'); @@ -169,15 +169,15 @@ if ( 'private' == $post->post_status ) { ?>
    - + ID)); ?> /> - + />
    ID)); ?> tabindex="4" />
    />
    -
    +
    />

    @@ -271,7 +271,7 @@ add_meta_box('submitdiv', __('Publish'), 'post_submit_meta_box', 'post', 'side', function post_tags_meta_box($post, $box) { $tax_name = substr($box['id'], 8); $taxonomy = get_taxonomy($tax_name); - $helps = isset($taxonomy->helps) ? attribute_escape($taxonomy->helps) : __('Separate tags with commas.'); + $helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.'); ?>

    @@ -293,7 +293,7 @@ function post_tags_meta_box($post, $box) { foreach ( get_object_taxonomies('post') as $tax_name ) { if ( !is_taxonomy_hierarchical($tax_name) ) { $taxonomy = get_taxonomy($tax_name); - $label = isset($taxonomy->label) ? attribute_escape($taxonomy->label) : $tax_name; + $label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name; add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core'); } @@ -384,7 +384,7 @@ add_meta_box('postexcerpt', __('Excerpt'), 'post_excerpt_meta_box', 'post', 'nor * @param object $post */ function post_trackback_meta_box($post) { - $form_trackback = 'to_ping) ) .'" />'; + $form_trackback = 'to_ping) ) .'" />'; if ('' != $post->pinged) { $pings = '

    '. __('Already pinged:') . '

      '; $already_pinged = explode("\n", trim($post->pinged)); @@ -497,7 +497,7 @@ if ( 'publish' == $post->post_status || 'private' == $post->post_status ) */ function post_slug_meta_box($post) { ?> - + post_status && !current_user_can( 'publish_posts' ) ) ) @@ -574,7 +574,7 @@ else - + @@ -595,7 +595,7 @@ else
      - +
      ID); ?> diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php index 9117cf76e5..f3d290b8ea 100644 --- a/wp-admin/edit-form-comment.php +++ b/wp-admin/edit-form-comment.php @@ -26,8 +26,8 @@ $form_extra = "' />\n' /> comment_author_email ); -$url = attribute_escape( $comment->comment_author_url ); +$email = attr( $comment->comment_author_email ); +$url = attr( $comment->comment_author_url ); // add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core'); ?> @@ -90,7 +90,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) ); - + diff --git a/wp-admin/edit-link-category-form.php b/wp-admin/edit-link-category-form.php index 1122b1ce35..ba13e5873f 100644 --- a/wp-admin/edit-link-category-form.php +++ b/wp-admin/edit-link-category-form.php @@ -67,7 +67,7 @@ _fill_empty_link_category($category); -
      +
      diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php index 246b478d4f..e94bdf1eee 100644 --- a/wp-admin/edit-link-form.php +++ b/wp-admin/edit-link-form.php @@ -404,7 +404,7 @@ do_meta_boxes('link', 'advanced', $link); if ( $link_id ) : ?> - + diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index b7fa6f53f0..1c1c0cbffc 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -18,7 +18,7 @@ if ( ! isset( $temp_ID ) ) if ( isset($_GET['message']) ) $_GET['message'] = absint( $_GET['message'] ); -$messages[1] = sprintf( __( 'Page updated. Continue editing below or go back.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) ); +$messages[1] = sprintf( __( 'Page updated. Continue editing below or go back.' ), attr( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) ); $messages[2] = __('Custom field updated.'); $messages[3] = __('Custom field deleted.'); $messages[4] = sprintf(__('Page updated. View page'), get_permalink($post_ID)); @@ -73,9 +73,9 @@ function page_submit_meta_box($post) {
      post_status && 'future' != $post->post_status && 'pending' != $post->post_status ) { ?> -post_status ) { ?>style="display:none" type="submit" name="save" id="save-post" value="" tabindex="4" class="button button-highlighted" /> +post_status ) { ?>style="display:none" type="submit" name="save" id="save-post" value="" tabindex="4" class="button button-highlighted" /> post_status && $can_publish ) { ?> - +
      @@ -162,13 +162,13 @@ if ( 'private' == $post->post_status ) { ?>
      - - + + />
      />
      -
      +
      />

      @@ -349,7 +349,7 @@ add_meta_box('pagecommentstatusdiv', __('Discussion'), 'page_comments_status_met */ function page_slug_meta_box($post){ ?> - + " /> - + @@ -442,7 +442,7 @@ $side_meta_boxes = do_meta_boxes('page', 'side', $post);

      - +
      ID); ?> diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php index ee82edc0c2..b8eb28b777 100644 --- a/wp-admin/edit-pages.php +++ b/wp-admin/edit-pages.php @@ -175,7 +175,7 @@ endif;

      - + diff --git a/wp-admin/edit-tag-form.php b/wp-admin/edit-tag-form.php index 74861f342d..d715d06a6b 100644 --- a/wp-admin/edit-tag-form.php +++ b/wp-admin/edit-tag-form.php @@ -21,17 +21,17 @@ do_action('edit_tag_form_pre', $tag); ?>
      - + - - diff --git a/wp-admin/edit-tags.php b/wp-admin/edit-tags.php index 71cab9d5c8..11ab38fd7d 100644 --- a/wp-admin/edit-tags.php +++ b/wp-admin/edit-tags.php @@ -170,7 +170,7 @@ endif; ?>
      - +
      - +
      diff --git a/wp-admin/edit.php b/wp-admin/edit.php index ee567a5295..0075299acc 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -92,7 +92,7 @@ if ( !isset( $_GET['paged'] ) ) if ( empty($_GET['mode']) ) $mode = 'list'; else - $mode = attribute_escape($_GET['mode']); ?> + $mode = attr($_GET['mode']); ?>
      @@ -170,7 +170,7 @@ endif;

      - + diff --git a/wp-admin/import/dotclear.php b/wp-admin/import/dotclear.php index 407b3f9f6e..5d973bcb7d 100644 --- a/wp-admin/import/dotclear.php +++ b/wp-admin/import/dotclear.php @@ -215,7 +215,7 @@ class Dotclear_Import { echo ''; wp_nonce_field('import-dotclear'); $this->db_form(); - echo '

      '; + echo '

      '; echo '
      '; } @@ -632,7 +632,7 @@ class Dotclear_Import { echo '
      '; wp_nonce_field('import-dotclear'); - printf('

      ', attribute_escape(__('Import Users'))); + printf('

      ', attr(__('Import Users'))); echo ''; } @@ -645,7 +645,7 @@ class Dotclear_Import { echo '
      '; wp_nonce_field('import-dotclear'); - printf('

      ', attribute_escape(__('Import Posts'))); + printf('

      ', attr(__('Import Posts'))); echo ''; } @@ -659,7 +659,7 @@ class Dotclear_Import { echo '
      '; wp_nonce_field('import-dotclear'); - printf('

      ', attribute_escape(__('Import Comments'))); + printf('

      ', attr(__('Import Comments'))); echo ''; } @@ -671,7 +671,7 @@ class Dotclear_Import { echo '
      '; wp_nonce_field('import-dotclear'); - printf('

      ', attribute_escape(__('Import Links'))); + printf('

      ', attr(__('Import Links'))); echo ''; } @@ -684,7 +684,7 @@ class Dotclear_Import { echo '
      '; wp_nonce_field('import-dotclear'); - printf('

      ', attribute_escape(__('Finish'))); + printf('

      ', attr(__('Finish'))); echo ''; } diff --git a/wp-admin/import/livejournal.php b/wp-admin/import/livejournal.php index 4c6427731a..78fdfb9a9a 100644 --- a/wp-admin/import/livejournal.php +++ b/wp-admin/import/livejournal.php @@ -184,9 +184,9 @@ class LJ_API_Import {

      - +

      -

      +

      @@ -223,7 +223,7 @@ class LJ_API_Import {

      WARNING: This can take a really long time if you have a lot of entries in your LiveJournal, or a lot of comments. Ideally, you should only start this process if you can leave your computer alone while it finishes the import." ) ?>

      - +

      NOTE: If the import process is interrupted for any reason, come back to this page and it will continue from where it stopped automatically.' ) ?>

      @@ -724,7 +724,7 @@ class LJ_API_Import { if ( empty( $this->username ) || empty( $this->password ) ) { ?>

      and password so we can download your posts and comments.' ) ?>

      -

      +

      -

      +

      -

      +

      auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?> approximately %d' ), get_option( 'ljapi_comment_batch' ), $batch ) ?>

      -

      +

      auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?> '; - $str .= '

      '; + $str .= '

      '; $str .= ''; return $str; diff --git a/wp-admin/import/mt.php b/wp-admin/import/mt.php index 1b813833a3..cef4f51d37 100644 --- a/wp-admin/import/mt.php +++ b/wp-admin/import/mt.php @@ -39,14 +39,14 @@ class MT_Import {

      mt-export.txt in your /wp-content/ directory and then click "Import mt-export.txt"'); ?>

      -
      +

      mt-export.txt in your /wp-content/ directory'); ?>

      - +

      out of memory error try splitting up the import file into pieces.'); ?>

      diff --git a/wp-admin/import/textpattern.php b/wp-admin/import/textpattern.php index c6d2c3a2dd..0f8973e29c 100644 --- a/wp-admin/import/textpattern.php +++ b/wp-admin/import/textpattern.php @@ -70,7 +70,7 @@ class Textpattern_Import { echo '
      '; wp_nonce_field('import-textpattern'); $this->db_form(); - echo '

      '; + echo '

      '; echo ''; echo '
      '; } @@ -505,7 +505,7 @@ class Textpattern_Import { echo '
      '; wp_nonce_field('import-textpattern'); - printf('

      ', attribute_escape(__('Import Users'))); + printf('

      ', attr(__('Import Users'))); echo ''; } @@ -518,7 +518,7 @@ class Textpattern_Import { echo '
      '; wp_nonce_field('import-textpattern'); - printf('

      ', attribute_escape(__('Import Posts'))); + printf('

      ', attr(__('Import Posts'))); echo ''; } @@ -532,7 +532,7 @@ class Textpattern_Import { echo '
      '; wp_nonce_field('import-textpattern'); - printf('

      ', attribute_escape(__('Import Comments'))); + printf('

      ', attr(__('Import Comments'))); echo ''; } @@ -544,7 +544,7 @@ class Textpattern_Import { echo '
      '; wp_nonce_field('import-textpattern'); - printf('

      ', attribute_escape(__('Import Links'))); + printf('

      ', attr(__('Import Links'))); echo ''; } @@ -557,7 +557,7 @@ class Textpattern_Import { echo '
      '; wp_nonce_field('import-textpattern'); - printf('

      ', attribute_escape(__('Finish'))); + printf('

      ', attr(__('Finish'))); echo ''; } diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php index 9cf43d9e67..521fe85e6e 100644 --- a/wp-admin/import/wordpress.php +++ b/wp-admin/import/wordpress.php @@ -233,7 +233,7 @@ class WP_Import { } echo '

      '; - echo ''.'
      '; + echo ''.'
      '; echo '

      '; echo ''; diff --git a/wp-admin/import/wp-cat2tag.php b/wp-admin/import/wp-cat2tag.php index 0a86027909..b6b59feb55 100644 --- a/wp-admin/import/wp-cat2tag.php +++ b/wp-admin/import/wp-cat2tag.php @@ -184,7 +184,7 @@ function check_all_tagrows() {
        all_tags as $tag ) { ?> -
      • term_id), $this->hybrids_ids ) ) echo ' * '; ?>
        • +
      • term_id), $this->hybrids_ids ) ) echo ' * '; ?>
      diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php index a0077a10b0..4534ce43b6 100644 --- a/wp-admin/includes/bookmark.php +++ b/wp-admin/includes/bookmark.php @@ -59,7 +59,7 @@ function get_default_link_to_edit() { $link->link_url = ''; if ( isset( $_GET['name'] ) ) - $link->link_name = attribute_escape( $_GET['name']); + $link->link_name = attr( $_GET['name']); else $link->link_name = ''; diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php index 917aa4af98..191511cbcd 100644 --- a/wp-admin/includes/class-wp-upgrader.php +++ b/wp-admin/includes/class-wp-upgrader.php @@ -820,8 +820,8 @@ class Plugin_Upgrader_Skin extends WP_Upgrader_Skin { echo ''; } $update_actions = array( - 'activate_plugin' => '' . __('Activate Plugin') . '', - 'plugins_page' => '' . __('Return to Plugins page') . '' + 'activate_plugin' => '' . __('Activate Plugin') . '', + 'plugins_page' => '' . __('Return to Plugins page') . '' ); if ( $this->plugin_active ) unset( $update_actions['activate_plugin'] ); @@ -871,13 +871,13 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin { $plugin_file = $this->upgrader->plugin_info(); $install_actions = array( - 'activate_plugin' => '' . __('Activate Plugin') . '', + 'activate_plugin' => '' . __('Activate Plugin') . '', ); if ( $this->type == 'web' ) - $install_actions['plugins_page'] = '' . __('Return to Plugin Installer') . ''; + $install_actions['plugins_page'] = '' . __('Return to Plugin Installer') . ''; else - $install_actions['plugins_page'] = '' . __('Return to Plugins page') . ''; + $install_actions['plugins_page'] = '' . __('Return to Plugins page') . ''; if ( ! $this->result || is_wp_error($this->result) ) @@ -936,14 +936,14 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin { $activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template); $install_actions = array( - 'preview' => '' . __('Preview') . '', - 'activate' => '' . __('Activate') . '' + 'preview' => '' . __('Preview') . '', + 'activate' => '' . __('Activate') . '' ); if ( $this->type == 'web' ) - $install_actions['themes_page'] = '' . __('Return to Theme Installer.') . ''; + $install_actions['themes_page'] = '' . __('Return to Theme Installer.') . ''; else - $install_actions['themes_page'] = '' . __('Return to Themes page') . ''; + $install_actions['themes_page'] = '' . __('Return to Themes page') . ''; if ( ! $this->result || is_wp_error($this->result) ) unset( $install_actions['activate'], $install_actions['preview'] ); @@ -995,9 +995,9 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin { $activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template); $update_actions = array( - 'preview' => '' . __('Preview') . '', - 'activate' => '' . __('Activate') . '', - 'themes_page' => '' . __('Return to Themes page') . '', + 'preview' => '' . __('Preview') . '', + 'activate' => '' . __('Activate') . '', + 'themes_page' => '' . __('Return to Themes page') . '', ); if ( ( ! $this->result || is_wp_error($this->result) ) || $stylesheet == get_stylesheet() ) unset($update_actions['preview'], $update_actions['activate']); diff --git a/wp-admin/includes/dashboard.php b/wp-admin/includes/dashboard.php index 6f7c15cf99..4f5d0c399a 100644 --- a/wp-admin/includes/dashboard.php +++ b/wp-admin/includes/dashboard.php @@ -371,7 +371,7 @@ function wp_dashboard_quick_press() {

      - +
      @@ -432,7 +432,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) { foreach ( $drafts as $draft ) { $url = get_edit_post_link( $draft->ID ); $title = _draft_or_post_title( $draft->ID ); - $item = "

      $title " . get_the_time( get_option( 'date_format' ), $draft ) . '

      '; + $item = "

      $title " . get_the_time( get_option( 'date_format' ), $draft ) . '

      '; if ( $the_content = preg_split( '#\s#', strip_tags( $draft->post_content ), 11, PREG_SPLIT_NO_EMPTY ) ) $item .= '

      ' . join( ' ', array_slice( $the_content, 0, 10 ) ) . ( 10 < count( $the_content ) ? '…' : '' ) . '

      '; $list[] = $item; @@ -579,9 +579,9 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
      diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 8a7420c1fc..fc1d520d22 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -731,12 +731,12 @@ jQuery(function($){
      +

      +

      - + - + @@ -750,7 +750,7 @@ jQuery(function($){
      - @@ -767,10 +767,10 @@ jQuery(function($){
      " size="40" />" size="40" />
      size="40" /> size="40" />

      size="40" />
      size="40" /> +
      size="40" />
      size="40" />
      - + - +

      diff --git a/wp-admin/includes/manifest.php b/wp-admin/includes/manifest.php index 7523b7b9ad..c96ea03650 100644 --- a/wp-admin/includes/manifest.php +++ b/wp-admin/includes/manifest.php @@ -26,7 +26,7 @@ function add_filter() {} /** * @ignore */ -function attribute_escape() {} +function attr() {} /** * @ignore diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 1202b3291e..4c33562318 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -78,7 +78,7 @@ function the_media_upload_tabs() { $class = " class='current'"; $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false)); $link = "$text"; - echo "\t

    • $link
      • \n"; + echo "\t
    • $link
      • \n"; } echo "
    \n"; } @@ -104,7 +104,7 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal $html = get_image_tag($id, $htmlalt, $title, $align, $size); - $rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : ''; + $rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : ''; if ( $url ) $html = '$html"; @@ -424,7 +424,7 @@ function media_upload_form_handler() { $html = $attachment['post_title']; if ( !empty($attachment['url']) ) { if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) ) - $rel = " rel='attachment wp-att-".attribute_escape($send_id)."'"; + $rel = " rel='attachment wp-att-".attr($send_id)."'"; $html = "$html"; } $html = apply_filters('media_send_to_editor', $html, $send_id, $attachment); @@ -459,9 +459,9 @@ function media_upload_image() { $src = $_POST['insertonly']['src']; if ( !empty($src) && !strpos($src, '://') ) $src = "http://$src"; - $alt = attribute_escape($_POST['insertonly']['alt']); + $alt = attr($_POST['insertonly']['alt']); if ( isset($_POST['insertonly']['align']) ) { - $align = attribute_escape($_POST['insertonly']['align']); + $align = attr($_POST['insertonly']['align']); $class = " class='align$align'"; } if ( !empty($src) ) @@ -553,7 +553,7 @@ function media_upload_audio() { $href = $_POST['insertonly']['href']; if ( !empty($href) && !strpos($href, '://') ) $href = "http://$href"; - $title = attribute_escape($_POST['insertonly']['title']); + $title = attr($_POST['insertonly']['title']); if ( empty($title) ) $title = basename($href); if ( !empty($title) && !empty($href) ) @@ -607,7 +607,7 @@ function media_upload_video() { $href = $_POST['insertonly']['href']; if ( !empty($href) && !strpos($href, '://') ) $href = "http://$href"; - $title = attribute_escape($_POST['insertonly']['title']); + $title = attr($_POST['insertonly']['title']); if ( empty($title) ) $title = basename($href); if ( !empty($title) && !empty($href) ) @@ -661,7 +661,7 @@ function media_upload_file() { $href = $_POST['insertonly']['href']; if ( !empty($href) && !strpos($href, '://') ) $href = "http://$href"; - $title = attribute_escape($_POST['insertonly']['title']); + $title = attr($_POST['insertonly']['title']); if ( empty($title) ) $title = basename($href); if ( !empty($title) && !empty($href) ) @@ -825,10 +825,10 @@ function image_link_input_fields($post, $url_type='') { elseif ( $url_type == 'post' ) $url = $link; - return "
    + return "
    - - + + "; } @@ -988,7 +988,7 @@ function get_attachment_fields_to_edit($post, $errors = null) { 'image_url' => array( 'label' => __('File URL'), 'input' => 'html', - 'html' => "
    ", + 'html' => "
    ", 'value' => isset($edit_post->post_url) ? $edit_post->post_url : '', 'helps' => __('Location of the uploaded file.'), ) @@ -1085,19 +1085,19 @@ function get_media_item( $attachment_id, $args = null ) { $post = get_post($attachment_id); $filename = basename($post->guid); - $title = attribute_escape($post->post_title); + $title = attr($post->post_title); if ( $_tags = get_the_tags($attachment_id) ) { foreach ( $_tags as $tag ) $tags[] = $tag->name; - $tags = attribute_escape(join(', ', $tags)); + $tags = attr(join(', ', $tags)); } $type = ''; if ( isset($post_mime_types) ) { $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type)); $type = array_shift($keys); - $type = ""; + $type = ""; } $form_fields = get_attachment_fields_to_edit($post, $errors); @@ -1156,7 +1156,7 @@ function get_media_item( $attachment_id, $args = null ) { $delete_href = wp_nonce_url("post.php?action=delete-post&post=$attachment_id", 'delete-post_' . $attachment_id); if ( $send ) - $send = ""; + $send = ""; if ( $delete ) $delete = "" . __('Delete') . ""; if ( ( $send || $delete ) && !isset($form_fields['buttons']) ) @@ -1194,7 +1194,7 @@ function get_media_item( $attachment_id, $args = null ) { elseif ( $field['input'] == 'textarea' ) { $item .= ""; } else { - $item .= ""; + $item .= ""; } if ( !empty($field['helps']) ) $item .= "

    " . join( "

    \n

    ", array_unique((array) $field['helps']) ) . '

    '; @@ -1222,7 +1222,7 @@ function get_media_item( $attachment_id, $args = null ) { $item .= "\t\n"; foreach ( $hidden_fields as $name => $value ) - $item .= "\t\n"; + $item .= "\t\n"; if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) { $parent = (int) $_REQUEST['post_id']; @@ -1303,7 +1303,7 @@ SWFUpload.onload = function() { button_width: "132", button_image_url: '', button_placeholder_id: "flash-browse-button", - upload_url : "", + upload_url : "", flash_url : "", file_post_name: "async-upload", file_types: "", @@ -1350,7 +1350,7 @@ SWFUpload.onload = function() {

    - +

    @@ -1380,7 +1380,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) { $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type); ?> - + @@ -1412,7 +1412,7 @@ if ( $id ) { } ?>
    - + - + @@ -1570,7 +1570,7 @@ jQuery(function($){ |
    - + @@ -1585,10 +1585,10 @@ jQuery(function($){

    - + - - + +

    - - + +

    @@ -1699,15 +1699,15 @@ function media_upload_library_form($errors) { ?>
    - - + + - +
      @@ -1786,7 +1786,7 @@ foreach ($arc_result as $arc_row) { else $default = ''; - echo ""; + echo ""; echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" ); echo "\n"; } @@ -1794,7 +1794,7 @@ foreach ($arc_result as $arc_row) { - +
    • @@ -1802,7 +1802,7 @@ foreach ($arc_result as $arc_row) {
    -
    + @@ -1824,7 +1824,7 @@ jQuery(function($){

    - +

    @@ -1906,7 +1906,7 @@ function type_url_form_image() { - + @@ -1942,7 +1942,7 @@ function type_url_form_audio() { - + @@ -1977,7 +1977,7 @@ function type_url_form_video() { - + @@ -2012,7 +2012,7 @@ function type_url_form_file() { - + diff --git a/wp-admin/includes/plugin-install.php b/wp-admin/includes/plugin-install.php index 1e8616e196..433228606d 100644 --- a/wp-admin/includes/plugin-install.php +++ b/wp-admin/includes/plugin-install.php @@ -162,8 +162,8 @@ function install_search_form(){ - - + + ' . $title . ''; + $title = '' . $title . ''; $action_links = array(); $action_links[] = '' . __('Install') . ''; + attr($name) . '">' . __('Install') . ''; $action_links = apply_filters('plugin_install_action_links', $action_links, $plugin); ?> @@ -348,7 +348,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
    -
    +
    <?php _e('5 stars') ?>
    <?php _e('4 stars') ?>
    <?php _e('3 stars') ?>
    @@ -416,7 +416,7 @@ function install_plugin_information() { $class = ( $section_name == $section ) ? ' class="current"' : ''; $href = add_query_arg( array('tab' => $tab, 'section' => $section_name) ); $href = clean_url($href); - $san_title = attribute_escape(sanitize_title_with_dashes($title)); + $san_title = attr(sanitize_title_with_dashes($title)); echo "\t
  • $title
    • \n"; } echo "\n"; @@ -505,7 +505,7 @@ function install_plugin_information() {

    -
    +
    <?php _e('5 stars') ?>
    <?php _e('4 stars') ?>
    <?php _e('3 stars') ?>
    @@ -530,7 +530,7 @@ function install_plugin_information() { $content = links_add_base_url($content, 'http://wordpress.org/extend/plugins/' . $api->slug . '/'); $content = links_add_target($content, '_blank'); - $san_title = attribute_escape(sanitize_title_with_dashes($title)); + $san_title = attr(sanitize_title_with_dashes($title)); $display = ( $section_name == $section ) ? 'block' : 'none'; diff --git a/wp-admin/includes/taxonomy.php b/wp-admin/includes/taxonomy.php index 9249cb1cd9..ebb49509be 100644 --- a/wp-admin/includes/taxonomy.php +++ b/wp-admin/includes/taxonomy.php @@ -222,7 +222,7 @@ function get_terms_to_edit( $post_id, $taxonomy = 'post_tag' ) { foreach ( $tags as $tag ) $tag_names[] = $tag->name; $tags_to_edit = join( ',', $tag_names ); - $tags_to_edit = attribute_escape( $tags_to_edit ); + $tags_to_edit = attr( $tags_to_edit ); $tags_to_edit = apply_filters( 'terms_to_edit', $tags_to_edit, $taxonomy ); return $tags_to_edit; diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 9d26bcb938..1f71950c61 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -118,7 +118,7 @@ function _cat_row( $category, $level, $name_override = false ) { $name = ( $name_override ? $name_override : $pad . ' ' . $category->name ); $edit_link = "categories.php?action=edit&cat_ID=$category->term_id"; if ( current_user_can( 'manage_categories' ) ) { - $edit = "name)) . "'>" . attribute_escape( $name ) . '
    '; + $edit = "name)) . "'>" . attr( $name ) . '
    '; $actions = array(); $actions['edit'] = '' . __('Edit') . ''; $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ''; @@ -257,7 +257,7 @@ function inline_edit_term_row($type) {

    - + @@ -289,7 +289,7 @@ function link_cat_row( $category, $name_override = false ) { $name = ( $name_override ? $name_override : $category->name ); $edit_link = "link-category.php?action=edit&cat_ID=$category->term_id"; if ( current_user_can( 'manage_categories' ) ) { - $edit = "name)) . "'>$name
    "; + $edit = "name)) . "'>$name
    "; $actions = array(); $actions['edit'] = '' . __('Edit') . ''; $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ''; @@ -649,7 +649,7 @@ function _tag_row( $tag, $class = '', $taxonomy = 'post_tag' ) { $out .= ' '; break; case 'name': - $out .= '' . $name . '
    '; + $out .= '' . $name . '
    '; $actions = array(); $actions['edit'] = '' . __('Edit') . ''; $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ''; @@ -1247,12 +1247,12 @@ function inline_edit_row( $type ) { wp_nonce_field( 'inlineeditnonce', '_inline_edit', false ); $update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' ); ?> - + - +
    @@ -1278,7 +1278,7 @@ function get_inline_data($post) { if ( ! current_user_can('edit_' . $post->post_type, $post->ID) ) return; - $title = attribute_escape($post->post_title); + $title = attr($post->post_title); echo '

    "; $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false ); $r .= ""; @@ -2472,7 +2472,7 @@ function meta_form() { $key"; } ?> @@ -2782,7 +2782,7 @@ function wp_import_upload_form( $action ) {

    -
    +

    () @@ -2805,7 +2805,7 @@ function wp_import_upload_form( $action ) { */ function wp_remember_old_slug() { global $post; - $name = attribute_escape($post->post_name); // just in case + $name = attr($post->post_name); // just in case if ( strlen($name) ) echo ''; } @@ -3171,15 +3171,15 @@ function find_posts_div($found_action = '') { /** * Display the post password. * - * The password is passed through {@link attribute_escape()} to ensure that it + * The password is passed through {@link attr()} to ensure that it * is safe for placing in an html attribute. * - * @uses attribute_escape + * @uses attr * @since 2.7.0 */ function the_post_password() { global $post; - if ( isset( $post->post_password ) ) echo attribute_escape( $post->post_password ); + if ( isset( $post->post_password ) ) echo attr( $post->post_password ); } /** @@ -3297,12 +3297,12 @@ function _draft_or_post_title($post_id = 0) * A simple wrapper to display the "s" parameter in a GET URI. This function * should only be used when {@link the_search_query()} cannot. * - * @uses attribute_escape + * @uses attr * @since 2.7.0 * */ function _admin_search_query() { - echo isset($_GET['s']) ? attribute_escape( stripslashes( $_GET['s'] ) ) : ''; + echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : ''; } /** diff --git a/wp-admin/includes/theme-install.php b/wp-admin/includes/theme-install.php index 5e512ea7ca..394f00c517 100644 --- a/wp-admin/includes/theme-install.php +++ b/wp-admin/includes/theme-install.php @@ -158,8 +158,8 @@ function install_theme_search_form() { - - + +

  • @@ -218,7 +218,7 @@ function install_themes_dashboard() {

    • - + slug . - '&TB_iframe=true&tbWidth=500&tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attribute_escape(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . ''; - $actions[] = '' . __('Preview') . ''; + '&TB_iframe=true&tbWidth=500&tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attr(sprintf(__('Install "%s"'), $name)) . '">' . __('Install') . ''; + $actions[] = '' . __('Preview') . ''; $actions = apply_filters('theme_install_action_links', $actions, $theme); } @@ -310,7 +310,7 @@ function display_theme($theme, $actions = null, $show_details = true) { ?> '> + title=''>

    @@ -331,7 +331,7 @@ function display_theme($theme, $actions = null, $show_details = true) {

    downloaded), number_format_i18n($theme->downloaded)) ?>

    -
    +
    <?php _e('5 stars') ?>
    <?php _e('4 stars') ?>
    <?php _e('3 stars') ?>
    diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index e64f78d572..577bfe5592 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -366,16 +366,16 @@ function get_others_pending($user_id) { */ function get_user_to_edit( $user_id ) { $user = new WP_User( $user_id ); - $user->user_login = attribute_escape($user->user_login); - $user->user_email = attribute_escape($user->user_email); + $user->user_login = attr($user->user_login); + $user->user_email = attr($user->user_email); $user->user_url = clean_url($user->user_url); - $user->first_name = attribute_escape($user->first_name); - $user->last_name = attribute_escape($user->last_name); - $user->display_name = attribute_escape($user->display_name); - $user->nickname = attribute_escape($user->nickname); - $user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attribute_escape($user->aim) : ''; - $user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attribute_escape($user->yim) : ''; - $user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attribute_escape($user->jabber) : ''; + $user->first_name = attr($user->first_name); + $user->last_name = attr($user->last_name); + $user->display_name = attr($user->display_name); + $user->nickname = attr($user->nickname); + $user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attr($user->aim) : ''; + $user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attr($user->yim) : ''; + $user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attr($user->jabber) : ''; $user->description = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : ''; return $user; diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index f480c4be13..cebb69ca27 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -165,7 +165,7 @@ if ( $links ) { foreach ($links as $link) { $link = sanitize_bookmark($link); - $link->link_name = attribute_escape($link->link_name); + $link->link_name = attr($link->link_name); $link->link_category = wp_get_link_cats($link->link_id); $short_url = str_replace('http://', '', $link->link_url); $short_url = preg_replace('/^www\./i', '', $short_url); @@ -194,7 +194,7 @@ if ( $links ) { break; case 'name': - echo "link_name)) . "'>$link->link_name
    "; + echo "link_name)) . "'>$link->link_name
    "; $actions = array(); $actions['edit'] = '' . __('Edit') . ''; $actions['delete'] = "link_id) . "' onclick=\"if ( confirm('" . js_escape(sprintf( __("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . ""; diff --git a/wp-admin/load-scripts.php b/wp-admin/load-scripts.php index b0ea8e88e5..c425b2884c 100644 --- a/wp-admin/load-scripts.php +++ b/wp-admin/load-scripts.php @@ -35,7 +35,7 @@ function add_filter() {} /** * @ignore */ -function attribute_escape() {} +function attr() {} /** * @ignore diff --git a/wp-admin/load-styles.php b/wp-admin/load-styles.php index 6699aa29fa..a2d3b13928 100644 --- a/wp-admin/load-styles.php +++ b/wp-admin/load-styles.php @@ -35,7 +35,7 @@ function add_filter() {} /** * @ignore */ -function attribute_escape() {} +function attr() {} /** * @ignore diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php index 9ba2268f70..8241a15623 100644 --- a/wp-admin/media-upload.php +++ b/wp-admin/media-upload.php @@ -78,7 +78,7 @@ if ( isset($_GET['inline']) ) {

    - +

    diff --git a/wp-admin/menu.php b/wp-admin/menu.php index 7f9cd5050f..cd7698bbb3 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -39,7 +39,7 @@ $menu[5] = array( __('Posts'), 'edit_posts', 'edit.php', '', 'open-if-no-js menu if ( $tax->hierarchical || ! in_array('post', (array) $tax->object_type, true) ) continue; - $submenu['edit.php'][$i] = array( attribute_escape($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name ); + $submenu['edit.php'][$i] = array( attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name ); ++$i; } diff --git a/wp-admin/options-discussion.php b/wp-admin/options-discussion.php index 3701d3203d..32ea8e2eee 100644 --- a/wp-admin/options-discussion.php +++ b/wp-admin/options-discussion.php @@ -54,7 +54,7 @@ include('admin-header.php'); ' . date_i18n( get_option('date_format') ) . "\n"; echo "\t

    " . __('Documentation on date formatting. Click "Save Changes" to update sample output.') . "

    \n"; ?> @@ -242,7 +242,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists $custom = TRUE; foreach ( $time_formats as $format ) { - echo "\t ' . date_i18n( get_option('time_format') ) . "\n"; + echo '/> ' . __('Custom:') . ' ' . date_i18n( get_option('time_format') ) . "\n"; ?> diff --git a/wp-admin/options-misc.php b/wp-admin/options-misc.php index 0ed679952e..d3d7af0a2c 100644 --- a/wp-admin/options-misc.php +++ b/wp-admin/options-misc.php @@ -27,14 +27,14 @@ include('admin-header.php'); - - diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php index 93f1619f83..5720e92a32 100644 --- a/wp-admin/options-permalink.php +++ b/wp-admin/options-permalink.php @@ -173,7 +173,7 @@ $structures = array(
    + wp-content/uploads'); ?>
    +
    - +
    @@ -188,11 +188,11 @@ $structures = array( - + - +
    diff --git a/wp-admin/options.php b/wp-admin/options.php index 8a833a4d21..4255047ac8 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -99,7 +99,7 @@ $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name foreach ( (array) $options as $option) : $disabled = ''; - $option->option_name = attribute_escape($option->option_name); + $option->option_name = attr($option->option_name); if ( is_serialized($option->option_value) ) { if ( is_serialized_string($option->option_value) ) { // this is a serialized string, so we should display it @@ -122,7 +122,7 @@ foreach ( (array) $options as $option) : "; if (strpos($value, "\n") !== false) echo ""; - else echo ""; + else echo ""; echo " "; diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php index 1e583c2307..595edb66d7 100644 --- a/wp-admin/plugin-editor.php +++ b/wp-admin/plugin-editor.php @@ -116,7 +116,7 @@ default: $docs_select = ''; } @@ -132,7 +132,7 @@ default:

    fatal error.') ?>

    - +
    @@ -150,8 +150,8 @@ default: $selected = " selected='selected'"; else $selected = ''; - $plugin_name = attribute_escape($plugin_name); - $plugin_key = attribute_escape($plugin_key); + $plugin_name = attr($plugin_name); + $plugin_key = attr($plugin_key); echo "\n\t"; } ?> @@ -208,7 +208,7 @@ foreach ( $plugin_files as $plugin_file ) :
    -
    +
    diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 60a28cfeb5..bea219f806 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -139,7 +139,7 @@ if ( !empty($action) ) { '; + echo ''; ?> @@ -194,7 +194,7 @@ if ( !empty($invalid) )

    fatal error.') ?>

    - + @@ -369,7 +369,7 @@ function print_plugins_table($plugins, $context = '') { $class = $is_active ? 'active' : 'inactive'; echo " - + {$plugin_data['Title']}"; $i = 0; echo '
    '; @@ -432,8 +432,8 @@ function print_plugin_actions($context) {
    - - + +
      - +
      -

      - <?php echo attribute_escape(__('Click to insert.')); ?>

      +

      + <?php echo attr(__('Click to insert.')); ?>

      @@ -168,7 +168,7 @@ switch ($_REQUEST['ajax']) {

      - +
      @@ -377,7 +377,7 @@ var ajaxurl = ''; jQuery('#extra_fields').show(); switch(tab_name) { case 'video' : - jQuery('#extra_fields').load('', { ajax: 'video', s: ''}, function() { + jQuery('#extra_fields').load('', { ajax: 'video', s: ''}, function() { ';
      - +
      diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index 359765b201..d900499adc 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -125,7 +125,7 @@ $desc_header = ( $description != $file_show ) ? "$description ( $theme_name = $a_theme['Name']; if ($theme_name == $theme) $selected = " selected='selected'"; else $selected = ''; - $theme_name = attribute_escape($theme_name); + $theme_name = attr($theme_name); echo "\n\t"; } ?> diff --git a/wp-admin/themes.php b/wp-admin/themes.php index 393d92f48e..34213018a2 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -188,14 +188,14 @@ foreach ( $cols as $col => $theme_name ) { $parent_theme = $themes[$theme_name]['Parent Theme']; $preview_link = clean_url( get_option('home') . '/'); $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) ); - $preview_text = attribute_escape( sprintf( __('Preview of "%s"'), $title ) ); + $preview_text = attr( sprintf( __('Preview of "%s"'), $title ) ); $tags = $themes[$theme_name]['Tags']; $thickbox_class = 'thickbox thickbox-preview'; $activate_link = wp_nonce_url("themes.php?action=activate&template=".urlencode($template)."&stylesheet=".urlencode($stylesheet), 'switch-theme_' . $template); - $activate_text = attribute_escape( sprintf( __('Activate "%s"'), $title ) ); + $activate_text = attr( sprintf( __('Activate "%s"'), $title ) ); $actions = array(); $actions[] = '' . __('Activate') . ''; - $actions[] = '' . __('Preview') . ''; + $actions[] = '' . __('Preview') . ''; if ( current_user_can('update_themes') ) $actions[] = '' . __('Delete') . ''; $actions = apply_filters('theme_action_links', $actions, $themes[$theme_name]); diff --git a/wp-admin/tools.php b/wp-admin/tools.php index 210489f5b5..d51d75eeff 100644 --- a/wp-admin/tools.php +++ b/wp-admin/tools.php @@ -84,7 +84,7 @@ if ( ! $is_opera ) {

      -

      +

    diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php index ab8cd0242b..952dd04eda 100644 --- a/wp-admin/update-core.php +++ b/wp-admin/update-core.php @@ -46,9 +46,9 @@ function list_core_update( $update ) { echo '' . $download . ' '; if ( 'en_US' != $update->locale ) if ( !isset( $update->dismissed ) || !$update->dismissed ) - echo ''; + echo ''; else - echo ''; + echo ''; echo '

    '; echo ''; diff --git a/wp-admin/upload.php b/wp-admin/upload.php index 2431117e01..a5593d0c97 100644 --- a/wp-admin/upload.php +++ b/wp-admin/upload.php @@ -329,10 +329,10 @@ foreach ($arc_result as $arc_row) { ID, array(80, 60), true ) ) { ?> - "> + "> - ">
    + ">
    ID))); ?>
    @@ -342,7 +342,7 @@ foreach ($arc_result as $arc_row) { $actions['edit'] = '' . __('Edit') . ''; if ( current_user_can('delete_post', $post->ID) ) $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . ""; - $actions['view'] = '' . __('View') . ''; + $actions['view'] = '' . __('View') . ''; if ( current_user_can('edit_post', $post->ID) ) $actions['attach'] = ''.__('Attach').''; $actions = apply_filters( 'media_row_actions', $actions, $post ); diff --git a/wp-admin/users.php b/wp-admin/users.php index f10b853c50..cf696645ff 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -28,10 +28,10 @@ if ( empty($doaction) ) { } if ( empty($_REQUEST) ) { - $referer = ''; + $referer = ''; } elseif ( isset($_REQUEST['wp_http_referer']) ) { $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); - $referer = ''; + $referer = ''; } else { $redirect = 'users.php'; $referer = ''; @@ -291,7 +291,7 @@ unset($role_links);

    - +

    @@ -388,7 +388,7 @@ foreach ( $wp_user_search->get_results() as $userid ) { 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { $var = 'new_' . $var; - $$var = isset($_REQUEST[$formpost]) ? attribute_escape(stripslashes($_REQUEST[$formpost])) : ''; + $$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : ''; } unset($name); ?> diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php index 0cee948436..3d3501c2fb 100644 --- a/wp-admin/widgets.php +++ b/wp-admin/widgets.php @@ -356,7 +356,7 @@ $i = 0; foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) { if ( 'wp_inactive_widgets' == $sidebar ) continue; ?> -
    +

    diff --git a/wp-app.php b/wp-app.php index 20ea9a29c1..650c751a29 100644 --- a/wp-app.php +++ b/wp-app.php @@ -352,9 +352,9 @@ class AtomServer { if( !current_user_can( 'edit_posts' ) ) $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); - $entries_url = attribute_escape($this->get_entries_url()); - $categories_url = attribute_escape($this->get_categories_url()); - $media_url = attribute_escape($this->get_attachments_url()); + $entries_url = attr($this->get_entries_url()); + $categories_url = attr($this->get_categories_url()); + $media_url = attr($this->get_attachments_url()); foreach ($this->media_content_types as $med) { $accepted_media_types = $accepted_media_types . "" . $med . ""; } @@ -392,12 +392,12 @@ EOD; if( !current_user_can( 'edit_posts' ) ) $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); - $home = attribute_escape(get_bloginfo_rss('home')); + $home = attr(get_bloginfo_rss('home')); $categories = ""; $cats = get_categories("hierarchical=0&hide_empty=0"); foreach ((array) $cats as $cat) { - $categories .= " name) . "\" />\n"; + $categories .= " name) . "\" />\n"; } $output = << function redirect($url) { log_app('Status','302: Redirect'); - $escaped_url = attribute_escape($url); + $escaped_url = attr($url); $content = << diff --git a/wp-content/themes/classic/comments-popup.php b/wp-content/themes/classic/comments-popup.php index fd16895266..e511f33c95 100644 --- a/wp-content/themes/classic/comments-popup.php +++ b/wp-content/themes/classic/comments-popup.php @@ -64,7 +64,7 @@ if ( post_password_required($commentstatus) ) { // and it doesn't match the coo
    -

    '.$user_identity.''); ?>

    +

    '.$user_identity.''); ?>

    @@ -90,7 +90,7 @@ if ( post_password_required($commentstatus) ) { // and it doesn't match the coo

    - " /> + " /> " />

    ID); ?> diff --git a/wp-content/themes/classic/comments.php b/wp-content/themes/classic/comments.php index 8b1a6aa9b4..f8bd12a136 100644 --- a/wp-content/themes/classic/comments.php +++ b/wp-content/themes/classic/comments.php @@ -68,7 +68,7 @@ if ( post_password_required() ) : ?>

    -

    +

    ID); ?> diff --git a/wp-content/themes/default/comments-popup.php b/wp-content/themes/default/comments-popup.php index 9828b46a2c..2ae66d3ff7 100644 --- a/wp-content/themes/default/comments-popup.php +++ b/wp-content/themes/default/comments-popup.php @@ -89,7 +89,7 @@ if ( post_password_required($post) ) { // and it doesn't match the cookie

    - " /> + " />

    ID); ?> diff --git a/wp-content/themes/default/functions.php b/wp-content/themes/default/functions.php index 2fc42f22f7..f6f31a503d 100644 --- a/wp-content/themes/default/functions.php +++ b/wp-content/themes/default/functions.php @@ -166,7 +166,7 @@ function kubrick_theme_page_head() { kUpdate(ColorPicker_targetInput.id); } function PopupWindow_populate(contents) { - contents += '

    '; + contents += '

    '; this.contents = contents; this.populated = false; } @@ -380,43 +380,43 @@ function kubrick_theme_page() {
    -
    - red', '#FF0000', 'rgb(255, 0, 0)'); ?>
    - #FF0000', '#F00'); ?>
    - #FF0000', '#F00'); ?>
    - - - +
    + red', '#FF0000', 'rgb(255, 0, 0)'); ?>
    + #FF0000', '#F00'); ?>
    + #FF0000', '#F00'); ?>
    + + +
    -
    + - - - - - + + + + + - - - - - -

    + + + + + +

    diff --git a/wp-includes/author-template.php b/wp-includes/author-template.php index 0aba6a35ad..cb98b615b8 100644 --- a/wp-includes/author-template.php +++ b/wp-includes/author-template.php @@ -421,7 +421,7 @@ function the_author_posts_link($deprecated = '') { printf( '%3$s', get_author_posts_url( $authordata->ID, $authordata->user_nicename ), - sprintf( __( 'Posts by %s' ), attribute_escape( get_the_author() ) ), + sprintf( __( 'Posts by %s' ), attr( get_the_author() ) ), get_the_author() ); } @@ -544,7 +544,7 @@ function wp_list_authors($args = '') { if ( ! $hide_empty ) $link = $name; } else { - $link = 'display_name)) . '">' . $name . ''; + $link = 'display_name)) . '">' . $name . ''; if ( (! empty($feed_image)) || (! empty($feed)) ) { $link .= ' '; diff --git a/wp-includes/bookmark-template.php b/wp-includes/bookmark-template.php index 51bf0cbb32..b00476eccd 100644 --- a/wp-includes/bookmark-template.php +++ b/wp-includes/bookmark-template.php @@ -72,8 +72,8 @@ function _walk_bookmarks($bookmarks, $args = '' ) { if ( !empty($bookmark->link_url) ) $the_link = clean_url($bookmark->link_url); - $desc = attribute_escape(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display')); - $name = attribute_escape(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display')); + $desc = attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display')); + $name = attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display')); $title = $desc; if ( $show_updated ) diff --git a/wp-includes/bookmark.php b/wp-includes/bookmark.php index 04dbf2cef8..e4d07c07c5 100644 --- a/wp-includes/bookmark.php +++ b/wp-includes/bookmark.php @@ -345,7 +345,7 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) { if ( in_array($field, $format_to_edit) ) { $value = format_to_edit($value); } else { - $value = attribute_escape($value); + $value = attr($value); } } else if ( 'db' == $context ) { $value = apply_filters("pre_$field", $value); @@ -355,7 +355,7 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) { } if ( 'attribute' == $context ) - $value = attribute_escape($value); + $value = attr($value); else if ( 'js' == $context ) $value = js_escape($value); diff --git a/wp-includes/category-template.php b/wp-includes/category-template.php index 98c7080cc7..e099fa3c7e 100644 --- a/wp-includes/category-template.php +++ b/wp-includes/category-template.php @@ -661,7 +661,7 @@ function wp_generate_tag_cloud( $tags, $args = '' ) { $tag_link = '#' != $tag->link ? clean_url( $tag->link ) : '#'; $tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key; $tag_name = $tags[ $key ]->name; - $a[] = "$tag_name"; } diff --git a/wp-includes/class.wp-styles.php b/wp-includes/class.wp-styles.php index 4888eb2ac4..67b732efa9 100644 --- a/wp-includes/class.wp-styles.php +++ b/wp-includes/class.wp-styles.php @@ -48,13 +48,13 @@ class WP_Styles extends WP_Dependencies { } if ( isset($this->registered[$handle]->args) ) - $media = attribute_escape( $this->registered[$handle]->args ); + $media = attr( $this->registered[$handle]->args ); else $media = 'all'; $href = $this->_css_href( $this->registered[$handle]->src, $ver, $handle ); $rel = isset($this->registered[$handle]->extra['alt']) && $this->registered[$handle]->extra['alt'] ? 'alternate stylesheet' : 'stylesheet'; - $title = isset($this->registered[$handle]->extra['title']) ? "title='" . attribute_escape( $this->registered[$handle]->extra['title'] ) . "'" : ''; + $title = isset($this->registered[$handle]->extra['title']) ? "title='" . attr( $this->registered[$handle]->extra['title'] ) . "'" : ''; $end_cond = $tag = ''; if ( isset($this->registered[$handle]->extra['conditional']) && $this->registered[$handle]->extra['conditional'] ) { diff --git a/wp-includes/classes.php b/wp-includes/classes.php index e4ebb1b827..73d2111670 100644 --- a/wp-includes/classes.php +++ b/wp-includes/classes.php @@ -1187,7 +1187,7 @@ class Walker_Page extends Walker { $css_class = implode(' ', apply_filters('page_css_class', $css_class, $page)); - $output .= $indent . '
  • ' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . ''; + $output .= $indent . '
  • ' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . ''; if ( !empty($show_date) ) { if ( 'modified' == $show_date ) @@ -1325,13 +1325,13 @@ class Walker_Category extends Walker { function start_el(&$output, $category, $depth, $args) { extract($args); - $cat_name = attribute_escape( $category->name); + $cat_name = attr( $category->name); $cat_name = apply_filters( 'list_cats', $cat_name, $category ); $link = 'description) ) $link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"'; else - $link .= 'title="' . attribute_escape( apply_filters( 'category_description', $category->description, $category )) . '"'; + $link .= 'title="' . attr( apply_filters( 'category_description', $category->description, $category )) . '"'; $link .= '>'; $link .= $cat_name . ''; diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 75b2c43a6f..141e874201 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -945,7 +945,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c if ( !empty( $css_class ) ) { echo ' class="'.$css_class.'" '; } - $title = attribute_escape( get_the_title() ); + $title = attr( get_the_title() ); echo apply_filters( 'comments_popup_link_attributes', '' ); diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 9707662233..7a1ba8bbc1 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -369,14 +369,14 @@ function sanitize_comment_cookies() { if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); $comment_author = stripslashes($comment_author); - $comment_author = attribute_escape($comment_author); + $comment_author = attr($comment_author); $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; } if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); $comment_author_email = stripslashes($comment_author_email); - $comment_author_email = attribute_escape($comment_author_email); + $comment_author_email = attr($comment_author_email); $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; } diff --git a/wp-includes/default-widgets.php b/wp-includes/default-widgets.php index ef7f160f0e..3e574ceedc 100644 --- a/wp-includes/default-widgets.php +++ b/wp-includes/default-widgets.php @@ -60,8 +60,8 @@ class WP_Widget_Pages extends WP_Widget { function form( $instance ) { //Defaults $instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') ); - $title = attribute_escape( $instance['title'] ); - $exclude = attribute_escape( $instance['exclude'] ); + $title = attr( $instance['title'] ); + $exclude = attr( $instance['exclude'] ); ?>

    @@ -210,7 +210,7 @@ class WP_Widget_Archives extends WP_Widget { if ( $d ) { ?> - + @@ -239,7 +239,7 @@ class WP_Widget_Archives extends WP_Widget { $count = $instance['count'] ? 'checked="checked"' : ''; $dropdown = $instance['dropdown'] ? 'checked="checked"' : ''; ?> -

    +


    @@ -273,9 +273,9 @@ class WP_Widget_Meta extends WP_Widget {

    '' ) ); $title = strip_tags($instance['title']); ?> -

    +

    @@ -463,7 +463,7 @@ class WP_Widget_Categories extends WP_Widget { function form( $instance ) { //Defaults $instance = wp_parse_args( (array) $instance, array( 'title' => '') ); - $title = attribute_escape( $instance['title'] ); + $title = attr( $instance['title'] ); $count = (bool) $instance['count']; $hierarchical = (bool) $instance['hierarchical']; $dropdown = (bool) $instance['dropdown']; @@ -566,7 +566,7 @@ class WP_Widget_Recent_Posts extends WP_Widget { } function form( $instance ) { - $title = attribute_escape($instance['title']); + $title = attr($instance['title']); if ( !$number = (int) $instance['number'] ) $number = 5; ?> @@ -653,7 +653,7 @@ class WP_Widget_Recent_Comments extends WP_Widget { } function form( $instance ) { - $title = attribute_escape($instance['title']); + $title = attr($instance['title']); if ( !$number = (int) $instance['number'] ) $number = 5; ?> @@ -702,7 +702,7 @@ class WP_Widget_RSS extends WP_Widget { $link = ''; if ( ! is_wp_error($rss) ) { - $desc = attribute_escape(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); + $desc = attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset')))); if ( empty($title) ) $title = htmlentities(strip_tags($rss->get_title())); $link = clean_url(strip_tags($rss->get_permalink())); @@ -716,7 +716,7 @@ class WP_Widget_RSS extends WP_Widget { $title = apply_filters('widget_title', $title ); $url = clean_url(strip_tags($url)); $icon = includes_url('images/rss.png'); - $title = "RSS $title"; + $title = "RSS $title"; echo $before_widget; echo $before_title . $title . $after_title; @@ -787,11 +787,11 @@ function wp_widget_rss_output( $rss, $args = array() ) { while ( stristr($link, 'http') != $link ) $link = substr($link, 1); $link = clean_url(strip_tags($link)); - $title = attribute_escape(strip_tags($item->get_title())); + $title = attr(strip_tags($item->get_title())); if ( empty($title) ) $title = __('Untitled'); - $desc = str_replace(array("\n", "\r"), ' ', attribute_escape(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); + $desc = str_replace(array("\n", "\r"), ' ', attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))))); $desc = wp_html_excerpt( $desc, 360 ) . ' […]'; $desc = wp_specialchars( $desc ); @@ -850,9 +850,9 @@ function wp_widget_rss_form( $args, $inputs = null ) { extract( $args ); extract( $inputs, EXTR_SKIP); - $number = attribute_escape( $number ); - $title = attribute_escape( $title ); - $url = attribute_escape( $url ); + $number = attr( $number ); + $title = attr( $title ); + $url = attr( $url ); $items = (int) $items; if ( $items < 1 || 20 < $items ) $items = 10; @@ -984,7 +984,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget { ?>

    ', $between = ' if ( '' != $rel ) $rel = ' rel="' . $rel . '"'; - $desc = attribute_escape(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display')); - $name = attribute_escape(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display')); + $desc = attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display')); + $name = attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display')); $title = $desc; if ( $show_updated ) diff --git a/wp-includes/feed-atom-comments.php b/wp-includes/feed-atom-comments.php index 9b610806e9..1ce1eb114c 100644 --- a/wp-includes/feed-atom-comments.php +++ b/wp-includes/feed-atom-comments.php @@ -18,7 +18,7 @@ echo '' if ( is_singular() ) printf(ent2ncr(__('Comments on: %s')), get_the_title_rss()); elseif ( is_search() ) - printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attribute_escape(get_search_query())); + printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attr(get_search_query())); else printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss()); ?> @@ -32,7 +32,7 @@ echo '' - + diff --git a/wp-includes/feed-rss2-comments.php b/wp-includes/feed-rss2-comments.php index d5c0b3e96c..8e5fe8cac6 100644 --- a/wp-includes/feed-rss2-comments.php +++ b/wp-includes/feed-rss2-comments.php @@ -20,7 +20,7 @@ echo ''; if ( is_singular() ) printf(ent2ncr(__('Comments on: %s')), get_the_title_rss()); elseif ( is_search() ) - printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attribute_escape($wp_query->query_vars['s'])); + printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attr($wp_query->query_vars['s'])); else printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss()); ?> diff --git a/wp-includes/feed.php b/wp-includes/feed.php index 799dcdb7bb..44efe2d3f9 100644 --- a/wp-includes/feed.php +++ b/wp-includes/feed.php @@ -338,7 +338,7 @@ function get_the_category_rss($type = 'rss') { if ( 'rdf' == $type ) $the_list .= "\t\t\n"; elseif ( 'atom' == $type ) - $the_list .= sprintf( '', attribute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $cat_name ) ); + $the_list .= sprintf( '', attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attr( $cat_name ) ); else $the_list .= "\t\t\n"; } diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index ffaeee1b7c..3c9adb68d9 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1270,7 +1270,7 @@ function translate_smiley($smiley) { $smiley = trim(reset($smiley)); $img = $wpsmiliestrans[$smiley]; - $smiley_masked = attribute_escape($smiley); + $smiley_masked = attr($smiley); return " $smiley_masked "; } diff --git a/wp-includes/functions.php b/wp-includes/functions.php index a7df7254ce..dd746cc025 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -385,7 +385,7 @@ function wp_protect_special_option( $option ) { /** * Print option value after sanitizing for forms. * - * @uses attribute_escape Sanitizes value. + * @uses attr Sanitizes value. * @since 1.5.0 * @package WordPress * @subpackage Option @@ -393,7 +393,7 @@ function wp_protect_special_option( $option ) { * @param string $option Option name. */ function form_option( $option ) { - echo attribute_escape (get_option( $option ) ); + echo attr (get_option( $option ) ); } /** @@ -1741,7 +1741,7 @@ function wp_nonce_url( $actionurl, $action = -1 ) { * @return string Nonce field. */ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { - $name = attribute_escape( $name ); + $name = attr( $name ); $nonce_field = ''; if ( $echo ) echo $nonce_field; @@ -1766,7 +1766,7 @@ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $ec * @return string Referer field. */ function wp_referer_field( $echo = true) { - $ref = attribute_escape( $_SERVER['REQUEST_URI'] ); + $ref = attr( $_SERVER['REQUEST_URI'] ); $referer_field = ''; if ( $echo ) @@ -1792,7 +1792,7 @@ function wp_referer_field( $echo = true) { function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI']; $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to; - $orig_referer_field = ''; + $orig_referer_field = ''; if ( $echo ) echo $orig_referer_field; return $orig_referer_field; diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index c09e31e348..826a888992 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -120,8 +120,8 @@ function get_search_form() { $form = ''; @@ -688,7 +688,7 @@ function single_month_title($prefix = '', $display = true ) { */ function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { $text = wptexturize($text); - $title_text = attribute_escape($text); + $title_text = attr($text); $url = clean_url($url); if ('link' == $format) @@ -1434,8 +1434,8 @@ function feed_links( $args ) { $args = wp_parse_args( $args, $defaults ); - echo '\n"; - echo '\n"; + echo '\n"; + echo '\n"; } /** @@ -1467,27 +1467,27 @@ function feed_links_extra( $args ) { $post = &get_post( $id = 0 ); if ( comments_open() || pings_open() || $post->comment_count > 0 ) { - $title = attribute_escape(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) )); + $title = attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) )); $href = get_post_comments_feed_link( $post->ID ); } } elseif ( is_category() ) { $cat_id = intval( get_query_var('cat') ); - $title = attribute_escape(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) )); + $title = attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) )); $href = get_category_feed_link( $cat_id ); } elseif ( is_tag() ) { $tag_id = intval( get_query_var('tag_id') ); $tag = get_tag( $tag_id ); - $title = attribute_escape(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name )); + $title = attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name )); $href = get_tag_feed_link( $tag_id ); } elseif ( is_author() ) { $author_id = intval( get_query_var('author') ); - $title = attribute_escape(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) )); + $title = attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) )); $href = get_author_feed_link( $author_id ); } elseif ( is_search() ) { - $title = attribute_escape(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() )); + $title = attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() )); $href = get_search_feed_link(); } @@ -1678,14 +1678,14 @@ function get_search_query() { /** * Display the contents of the search query variable. * - * The search query string is passed through {@link attribute_escape()} + * The search query string is passed through {@link attr()} * to ensure that it is safe for placing in an html attribute. * - * @uses attribute_escape + * @uses attr * @since 2.1.0 */ function the_search_query() { - echo attribute_escape( apply_filters( 'the_search_query', get_search_query() ) ); + echo attr( apply_filters( 'the_search_query', get_search_query() ) ); } /** diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index fdc91e8937..1d766edb50 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -619,9 +619,9 @@ function edit_tag_link( $link = '', $before = '', $after = '', $tag = null ) { */ function get_search_feed_link($search_query = '', $feed = '') { if ( empty($search_query) ) - $search = attribute_escape(get_search_query()); + $search = attr(get_search_query()); else - $search = attribute_escape(stripslashes($search_query)); + $search = attr(stripslashes($search_query)); if ( empty($feed) ) $feed = get_default_feed(); @@ -644,9 +644,9 @@ function get_search_feed_link($search_query = '', $feed = '') { */ function get_search_comments_feed_link($search_query = '', $feed = '') { if ( empty($search_query) ) - $search = attribute_escape(get_search_query()); + $search = attr(get_search_query()); else - $search = attribute_escape(stripslashes($search_query)); + $search = attr(stripslashes($search_query)); if ( empty($feed) ) $feed = get_default_feed(); @@ -730,7 +730,7 @@ function edit_post_link( $link = 'Edit This', $before = '', $after = '' ) { return; } - $link = '' . $link . ''; + $link = '' . $link . ''; echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after; } @@ -940,7 +940,7 @@ function get_adjacent_post_rel_link($title = '%title', $in_same_cat = false, $ex $title = apply_filters('the_title', $title, $post); $link = $previous ? "\n"; $adjacent = $previous ? 'previous' : 'next'; @@ -1064,7 +1064,7 @@ function get_boundary_post_rel_link($title = '%title', $in_same_cat = false, $ex $title = apply_filters('the_title', $title, $post); $link = $start ? "\n"; $boundary = $start ? 'start' : 'end'; @@ -1092,7 +1092,7 @@ function start_post_rel_link($title = '%title', $in_same_cat = false, $excluded_ * @return string */ function get_index_rel_link() { - $link = "\n"; + $link = "\n"; return apply_filters( "index_rel_link", $link ); } @@ -1127,7 +1127,7 @@ function get_parent_post_rel_link($title = '%title') { $title = apply_filters('the_title', $title, $post); $link = "\n"; return apply_filters( "parent_post_rel_link", $link ); diff --git a/wp-includes/media.php b/wp-includes/media.php index 20af85f7b6..a7635babf8 100644 --- a/wp-includes/media.php +++ b/wp-includes/media.php @@ -200,10 +200,10 @@ function get_image_tag($id, $alt, $title, $align, $size='medium') { list( $img_src, $width, $height ) = image_downsize($id, $size); $hwstring = image_hwstring($width, $height); - $class = 'align'.attribute_escape($align).' size-'.attribute_escape($size).' wp-image-'.$id; + $class = 'align'.attr($align).' size-'.attr($size).' wp-image-'.$id; $class = apply_filters('get_image_tag_class', $class, $id, $align, $size); - $html = ''.attribute_escape($alt).''; + $html = ''.attr($alt).''; $html = apply_filters( 'get_image_tag', $html, $id, $alt, $title, $align, $size ); @@ -542,7 +542,7 @@ function wp_get_attachment_image($attachment_id, $size = 'thumbnail', $icon = fa 'title' => trim(strip_tags( $attachment->post_title )), ); $attr = apply_filters( 'wp_get_attachment_image_attributes', $attr, $attachment ); - $attr = array_map( 'attribute_escape', $attr ); + $attr = array_map( 'attr', $attr ); $html = rtrim(" $value ) { $html .= " $name=" . '"' . $value . '"'; diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 70fddf1cea..a6e30f8d5e 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1499,7 +1499,7 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) { if ( false === $alt) $safe_alt = ''; else - $safe_alt = attribute_escape( $alt ); + $safe_alt = attr( $alt ); if ( !is_numeric($size) ) $size = '96'; diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php index 0ebcbc5b94..f15bfbdb74 100644 --- a/wp-includes/post-template.php +++ b/wp-includes/post-template.php @@ -63,7 +63,7 @@ function the_title($before = '', $after = '', $echo = true) { * an array. See the function for what can be override in the $args parameter. * * The title before it is displayed will have the tags stripped and {@link - * attribute_escape()} before it is passed to the user or displayed. The default + * attr()} before it is passed to the user or displayed. The default * as with {@link the_title()}, is to display the title. * * @since 2.3.0 @@ -83,7 +83,7 @@ function the_title_attribute( $args = '' ) { $title = $before . $title . $after; - $title = attribute_escape(strip_tags($title)); + $title = attr(strip_tags($title)); if ( $echo ) echo $title; @@ -924,10 +924,10 @@ function wp_get_attachment_link($id = 0, $size = 'thumbnail', $permalink = false if ( $permalink ) $url = get_attachment_link($_post->ID); - $post_title = attribute_escape($_post->post_title); + $post_title = attr($_post->post_title); if ( $text ) { - $link_text = attribute_escape($text); + $link_text = attr($text); } elseif ( ( is_int($size) && $size != 0 ) or ( is_string($size) && $size != 'none' ) or $size != false ) { $link_text = wp_get_attachment_image($id, $size, $icon); } @@ -961,7 +961,7 @@ function get_the_attachment_link($id = 0, $fullsize = false, $max_dims = false, if ( $permalink ) $url = get_attachment_link($_post->ID); - $post_title = attribute_escape($_post->post_title); + $post_title = attr($_post->post_title); $innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims); return "$innerHTML"; @@ -1057,7 +1057,7 @@ function get_attachment_icon( $id = 0, $fullsize = false, $max_dims = false ) { $constraint = ''; } - $post_title = attribute_escape($post->post_title); + $post_title = attr($post->post_title); $icon = "$post_title"; @@ -1085,7 +1085,7 @@ function get_attachment_innerHTML($id = 0, $fullsize = false, $max_dims = false) return $innerHTML; - $innerHTML = attribute_escape($post->post_title); + $innerHTML = attr($post->post_title); return apply_filters('attachment_innerHTML', $innerHTML, $post->ID); } diff --git a/wp-includes/post.php b/wp-includes/post.php index 3dbd4f9d0b..94d3b69a40 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -869,7 +869,7 @@ function sanitize_post_field($field, $value, $post_id, $context) { else $value = format_to_edit($value); } else { - $value = attribute_escape($value); + $value = attr($value); } } else if ( 'db' == $context ) { if ( $prefixed ) { @@ -888,7 +888,7 @@ function sanitize_post_field($field, $value, $post_id, $context) { } if ( 'attribute' == $context ) - $value = attribute_escape($value); + $value = attr($value); else if ( 'js' == $context ) $value = js_escape($value); diff --git a/wp-includes/rss.php b/wp-includes/rss.php index 3d95babd98..34c1519087 100644 --- a/wp-includes/rss.php +++ b/wp-includes/rss.php @@ -873,7 +873,7 @@ function wp_rss( $url, $num_items = -1 ) { printf( '
  • %3$s
    • ', clean_url( $item['link'] ), - attribute_escape( strip_tags( $item['description'] ) ), + attr( strip_tags( $item['description'] ) ), htmlentities( $item['title'] ) ); } diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php index f4db56fcb7..743a418bad 100644 --- a/wp-includes/script-loader.php +++ b/wp-includes/script-loader.php @@ -74,10 +74,10 @@ function wp_default_scripts( &$scripts ) { $scripts->localize( 'quicktags', 'quicktagsL10n', array( 'quickLinks' => __('(Quick Links)'), 'wordLookup' => __('Enter a word to look up:'), - 'dictionaryLookup' => attribute_escape(__('Dictionary lookup')), - 'lookup' => attribute_escape(__('lookup')), - 'closeAllOpenTags' => attribute_escape(__('Close all open tags')), - 'closeTags' => attribute_escape(__('close tags')), + 'dictionaryLookup' => attr(__('Dictionary lookup')), + 'lookup' => attr(__('lookup')), + 'closeAllOpenTags' => attr(__('Close all open tags')), + 'closeTags' => attr(__('close tags')), 'enterURL' => __('Enter the URL'), 'enterImageURL' => __('Enter the URL of the image'), 'enterImageDescription' => __('Enter a description of the image'), @@ -212,7 +212,7 @@ function wp_default_scripts( &$scripts ) { $scripts->add( 'ajaxcat', "/wp-admin/js/cat$suffix.js", array( 'wp-lists' ), '20090102' ); $scripts->add_data( 'ajaxcat', 'group', 1 ); $scripts->localize( 'ajaxcat', 'catL10n', array( - 'add' => attribute_escape(__('Add')), + 'add' => attr(__('Add')), 'how' => __('Separate multiple categories with commas.'), 'l10n_print_after' => 'try{convertEntities(catL10n);}catch(e){};' ) ); @@ -266,8 +266,8 @@ function wp_default_scripts( &$scripts ) { $scripts->add_data( 'post', 'group', 1 ); $scripts->localize( 'post', 'postL10n', array( 'tagsUsed' => __('Tags used on this post:'), - 'add' => attribute_escape(__('Add')), - 'addTag' => attribute_escape(__('Add new tag')), + 'add' => attr(__('Add')), + 'addTag' => attr(__('Add new tag')), 'separate' => __('Separate tags with commas'), 'cancel' => __('Cancel'), 'edit' => __('Edit'), @@ -604,7 +604,7 @@ function _print_scripts() { $ver = md5("$wp_scripts->concat_version"); $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&load=" . trim($wp_scripts->concat, ', ') . "&ver=$ver"; - echo "\n"; + echo "\n"; } if ( !empty($wp_scripts->print_html) ) @@ -671,7 +671,7 @@ function print_admin_styles() { $dir = $wp_styles->text_direction; $ver = md5("$wp_styles->concat_version{$dir}"); $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}&load=" . trim($wp_styles->concat, ', ') . "&ver=$ver"; - echo "\n"; + echo "\n"; } if ( !empty($wp_styles->print_html) ) diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index 97141fd999..5df544376f 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -991,7 +991,7 @@ function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) { if ( 'description' == $field ) $value = format_to_edit($value); else - $value = attribute_escape($value); + $value = attr($value); } else if ( 'db' == $context ) { $value = apply_filters("pre_term_$field", $value, $taxonomy); $value = apply_filters("pre_${taxonomy}_$field", $value); @@ -1009,7 +1009,7 @@ function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) { } if ( 'attribute' == $context ) - $value = attribute_escape($value); + $value = attr($value); else if ( 'js' == $context ) $value = js_escape($value); @@ -2260,7 +2260,7 @@ function get_the_taxonomies($post = 0) { $links = array(); foreach ( $terms as $term ) - $links[] = "$term->name"; + $links[] = "$term->name"; if ( $links ) $taxonomies[$taxonomy] = wp_sprintf($t['template'], $t['label'], $links, $terms); diff --git a/wp-includes/theme.php b/wp-includes/theme.php index ed3c21ebd6..ac71c4a3b9 100644 --- a/wp-includes/theme.php +++ b/wp-includes/theme.php @@ -932,7 +932,7 @@ function preview_theme_ob_filter_callback( $matches ) { $link = add_query_arg( array('preview' => 1, 'template' => $_GET['template'], 'stylesheet' => @$_GET['stylesheet'] ), $matches[3] ); if ( 0 === strpos($link, 'preview=1') ) $link = "?$link"; - return $matches[1] . attribute_escape( $link ) . $matches[4]; + return $matches[1] . attr( $link ) . $matches[4]; } /** diff --git a/wp-includes/update.php b/wp-includes/update.php index 2a169abc9b..04b1aeaafe 100644 --- a/wp-includes/update.php +++ b/wp-includes/update.php @@ -62,15 +62,15 @@ function wp_version_check() { foreach( explode( "\n\n", $body ) as $entry) { $returns = explode("\n", $entry); $new_option = new stdClass(); - $new_option->response = attribute_escape( $returns[0] ); + $new_option->response = attr( $returns[0] ); if ( isset( $returns[1] ) ) $new_option->url = clean_url( $returns[1] ); if ( isset( $returns[2] ) ) $new_option->package = clean_url( $returns[2] ); if ( isset( $returns[3] ) ) - $new_option->current = attribute_escape( $returns[3] ); + $new_option->current = attr( $returns[3] ); if ( isset( $returns[4] ) ) - $new_option->locale = attribute_escape( $returns[4] ); + $new_option->locale = attr( $returns[4] ); $new_options[] = $new_option; } diff --git a/wp-links-opml.php b/wp-links-opml.php index f536d61650..d853fe4fe9 100644 --- a/wp-links-opml.php +++ b/wp-links-opml.php @@ -29,7 +29,7 @@ if ((empty ($link_cat)) || ($link_cat == 'all') || ($link_cat == '0')) { - Links for <?php echo attribute_escape(get_bloginfo('name', 'display').$cat_name); ?> + Links for <?php echo attr(get_bloginfo('name', 'display').$cat_name); ?> GMT @@ -44,14 +44,14 @@ foreach ((array) $cats as $cat) { $catname = apply_filters('link_category', $cat->name); ?> - + term_id}"); foreach ((array) $bookmarks as $bookmark) { - $title = attribute_escape(apply_filters('link_title', $bookmark->link_name)); + $title = attr(apply_filters('link_title', $bookmark->link_name)); ?> - + " method="post">

    +

    @@ -374,11 +374,11 @@ case 'register' :

    +

    +

    @@ -460,7 +460,7 @@ default: login_header(__('Log In'), '', $errors); if ( isset($_POST['log']) ) - $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attribute_escape(stripslashes($_POST['log'])) : ''; + $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? attr(stripslashes($_POST['log'])) : ''; ?> @@ -477,7 +477,7 @@ default:

    - +