diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 97ab12b172..fa88bb0b21 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -98,7 +98,7 @@ if ('view' == $mode) {
comment_post_ID) ) {
echo " | comment_ID."\">" . __('Edit Comment') . "";
- echo ' | comment_author, 1)) . "' );\">" . __('Delete Comment') . ' ';
+ echo ' | comment_author)) . "' );\">" . __('Delete Comment') . ' ';
} // end if any comments to show
// Get post title
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
@@ -151,7 +151,7 @@ if ('view' == $mode) {
comment_post_ID) ) {
echo "" . __('Edit') . ""; } ?> |
comment_post_ID) ) {
- echo "comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), wp_specialchars( $comment->comment_author, 1 )) . "')\" class='delete'>" . __('Delete') . ""; } ?> |
+ echo "comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), js_escape( $comment->comment_author)) . "')\" class='delete'>" . __('Delete') . ""; } ?>
$column_display_name) {
case 'control_delete':
?>
- ID) ) { echo "ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . ""; } ?> |
+ ID) ) { echo "ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . ""; } ?> |
comment_ID.'">' . __('Edit') . ' | ';?>
|
comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete just this comment') . " | "; ?>
+echo " comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_ecape($comment->comment_author)) . "' );\">" . __('Delete just this comment') . " | "; ?>
diff --git a/wp-includes/functions-formatting.php b/wp-includes/functions-formatting.php
index 2559aea2b3..76fbd0847a 100644
--- a/wp-includes/functions-formatting.php
+++ b/wp-includes/functions-formatting.php
@@ -1015,4 +1015,9 @@ function wp_richedit_pre($text) {
return apply_filters('richedit_pre', $output);
}
+// Escape single quotes, specialchar double quotes, and fix line endings.
+function js_escape($text) {
+ $text = wp_specialchars($text, 'double');
+ return preg_replace("/\r?\n/", "\\n", addslashes($text));
+}
?>