Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

_a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650 

git-svn-id: http://svn.automattic.com/wordpress/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2009-05-05 19:43:53 +00:00
parent 12924135ce
commit 6c2ffddf31
110 changed files with 703 additions and 703 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/admin-ajax.php
View File

@ -426,7 +426,7 @@ case 'add-link-category' : // On the Fly
$x->add( array(
'what' => 'link-category',
'id' => $cat_id,
'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
'position' => -1
) );
}
@ -474,7 +474,7 @@ case 'add-cat' : // From Manage->Categories
$cat_full_name = $_cat->name . ' &#8212; ' . $cat_full_name;
$level++;
}
$cat_full_name = attr($cat_full_name);
$cat_full_name = esc_attr($cat_full_name);
$x = new WP_Ajax_Response( array(
'what' => 'cat',
@ -552,7 +552,7 @@ case 'add-tag' : // From Manage->Tags
die('0');
$tag_full_name = $tag->name;
$tag_full_name = attr($tag_full_name);
$tag_full_name = esc_attr($tag_full_name);
$x = new WP_Ajax_Response( array(
'what' => 'tag',
@ -1214,7 +1214,7 @@ case 'find_posts':
$time = mysql2date(__('Y/m/d'), $post->post_date);
}
$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . attr($post->ID) . '"></td>';
$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
$html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";
}
$html .= '</tbody></table>';

8
wp-admin/categories.php
View File

@ -144,7 +144,7 @@ endif; ?>
<p class="search-box">
<label class="invisible" for="category-search-input"><?php _e('Search Categories'); ?>:</label>
<input type="text" id="category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Categories' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" />
</p>
</form>
<br class="clear" />
@ -189,7 +189,7 @@ if ( $page_links )
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php wp_nonce_field('bulk-categories'); ?>
</div>
@ -229,7 +229,7 @@ if ( $page_links )
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<?php wp_nonce_field('bulk-categories'); ?>
</div>
@ -283,7 +283,7 @@ if ( $page_links )
<p><?php _e('The description is not prominent by default, however some themes may show it.'); ?></p>
</div>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Category'); ?>" /></p>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p>
<?php do_action('edit_category_form', $category); ?>
</form></div>

10
wp-admin/comment.php
View File

@ -90,18 +90,18 @@ if ( 'spam' == $_GET['dt'] ) {
<table width="100%">
<tr>
<td><input type='button' class="button" value='<?php _ea('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
<td class="textright"><input type='submit' class="button" value='<?php echo attr($button); ?>' /></td>
<td><input type='button' class="button" value='<?php esc_attr_e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
<td class="textright"><input type='submit' class="button" value='<?php echo esc_attr($button); ?>' /></td>
</tr>
</table>
<?php wp_nonce_field( $nonce_action ); ?>
<input type='hidden' name='action' value='<?php echo attr($formaction); ?>' />
<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
<?php if ( 'spam' == $_GET['dt'] ) { ?>
<input type='hidden' name='dt' value='spam' />
<?php } ?>
<input type='hidden' name='p' value='<?php echo attr($comment->comment_post_ID); ?>' />
<input type='hidden' name='c' value='<?php echo attr($comment->comment_ID); ?>' />
<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
<input type='hidden' name='noredir' value='1' />
</form>

22
wp-admin/custom-header.php
View File

@ -284,10 +284,10 @@ class Custom_Image_Header {
</div>
<?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
<form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>">
<input type="button" class="button" value="<?php _ea('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
<input type="button" class="button" value="<?php _ea('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php _ea('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
<input type="button" class="button" value="<?php esc_attr_e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
<input type="button" class="button" value="<?php esc_attr_e('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php esc_attr_e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
<?php wp_nonce_field('custom-header') ?>
<input type="hidden" name="textcolor" id="textcolor" value="#<?php attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form>
<input type="hidden" name="textcolor" id="textcolor" value="#<?php esc_attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php esc_attr_e('Save Changes'); ?>" /></form>
<?php } ?>
<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;display:none;"> </div>
@ -296,12 +296,12 @@ class Custom_Image_Header {
<h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo esc_attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
<input type="hidden" name="action" value="save" />
<?php wp_nonce_field('custom-header') ?>
<p class="submit">
<input type="submit" value="<?php _ea('Upload'); ?>" />
<input type="submit" value="<?php esc_attr_e('Upload'); ?>" />
</p>
</form>
@ -311,9 +311,9 @@ class Custom_Image_Header {
<div class="wrap">
<h2><?php _e('Reset Header Image and Color'); ?></h2>
<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
<form method="post" action="<?php echo attr(add_query_arg('step', 1)) ?>">
<form method="post" action="<?php echo esc_attr(add_query_arg('step', 1)) ?>">
<?php wp_nonce_field('custom-header'); ?>
<input type="submit" class="button" name="resetheader" value="<?php _ea('Restore Original Header'); ?>" />
<input type="submit" class="button" name="resetheader" value="<?php esc_attr_e('Restore Original Header'); ?>" />
</form>
</div>
<?php endif;
@ -372,7 +372,7 @@ class Custom_Image_Header {
<div class="wrap">
<form method="POST" action="<?php echo attr(add_query_arg('step', 3)) ?>">
<form method="POST" action="<?php echo esc_attr(add_query_arg('step', 3)) ?>">
<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
<div id="testWrap" style="position: relative">
@ -386,10 +386,10 @@ class Custom_Image_Header {
<input type="hidden" name="y2" id="y2" />
<input type="hidden" name="width" id="width" />
<input type="hidden" name="height" id="height" />
<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo attr($id); ?>" />
<input type="hidden" name="oitar" id="oitar" value="<?php echo attr($oitar); ?>" />
<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($id); ?>" />
<input type="hidden" name="oitar" id="oitar" value="<?php echo esc_attr($oitar); ?>" />
<?php wp_nonce_field('custom-header') ?>
<input type="submit" value="<?php _ea('Crop Header'); ?>" />
<input type="submit" value="<?php esc_attr_e('Crop Header'); ?>" />
</p>
</form>

8
wp-admin/edit-attachment-rows.php
View File

@ -62,7 +62,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) {
?>
<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>">
<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>">
<?php echo $thumb; ?>
</a>
@ -74,7 +74,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
case 'media':
?>
<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
<p>
<?php
@ -83,7 +83,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
if ( current_user_can('delete_post', $post->ID) )
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$action_count = count($actions);
$i = 0;
echo '<div class="row-actions">';
@ -182,7 +182,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
case 'actions':
?>
<td <?php echo $attributes ?>>
<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
<a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a>
</td>
<?php

8
wp-admin/edit-category-form.php
View File

@ -44,17 +44,17 @@ _fill_empty_category($category);
<div id="ajax-response"></div>
<form name="editcat" id="editcat" method="post" action="categories.php" class="validate">
<input type="hidden" name="action" value="editedcat" />
<input type="hidden" name="cat_ID" value="<?php echo attr($category->term_id) ?>" />
<input type="hidden" name="cat_ID" value="<?php echo esc_attr($category->term_id) ?>" />
<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-category_' . $cat_ID); ?>
<table class="form-table">
<tr class="form-field form-required">
<th scope="row" valign="top"><label for="cat_name"><?php _e('Category Name') ?></label></th>
<td><input name="cat_name" id="cat_name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /><br />
<td><input name="cat_name" id="cat_name" type="text" value="<?php echo esc_attr($category->name); ?>" size="40" aria-required="true" /><br />
<?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="category_nicename"><?php _e('Category Slug') ?></label></th>
<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo esc_attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
<?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
</tr>
<tr class="form-field">
@ -70,7 +70,7 @@ _fill_empty_category($category);
<?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
</tr>
</table>
<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _ea('Update Category'); ?>" /></p>
<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Category'); ?>" /></p>
<?php do_action('edit_category_form', $category); ?>
</form>
</div>

48
wp-admin/edit-comments.php
View File

@ -83,7 +83,7 @@ else
require_once('admin-header.php');
$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']);
$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : esc_attr($_GET['mode']);
$default_status = get_user_option('edit_comments_last_view');
if ( empty($default_status) )
@ -94,10 +94,10 @@ if ( !in_array($comment_status, array('all', 'moderated', 'approved', 'spam')) )
if ( $comment_status != $default_status )
update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status);
$comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : '';
$comment_type = !empty($_GET['comment_type']) ? esc_attr($_GET['comment_type']) : '';
$search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : '';
$search = attr( $search_dirty ); ?>
$search = esc_attr( $search_dirty ); ?>
<div class="wrap">
<?php screen_icon(); ?>
@ -164,7 +164,7 @@ foreach ( $stati as $status => $label ) {
/*
// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
if ( !empty( $_GET['s'] ) )
$link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link );
$link = add_query_arg( 's', esc_attr( stripslashes( $_GET['s'] ) ), $link );
*/
$status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf(
_n( $label[0], $label[1], $num_comments->$status ),
@ -182,7 +182,7 @@ unset($status_links);
<p class="search-box">
<label class="invisible" for="comment-search-input"><?php _e( 'Search Comments' ); ?>:</label>
<input type="text" id="comment-search-input" name="s" value="<?php _admin_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Comments' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Comments' ); ?>" class="button" />
</p>
<?php
@ -224,12 +224,12 @@ $page_links = paginate_links( array(
?>
<input type="hidden" name="mode" value="<?php echo attr($mode); ?>" />
<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
<?php if ( $post_id ) : ?>
<input type="hidden" name="p" value="<?php echo attr( intval( $post_id ) ); ?>" />
<input type="hidden" name="p" value="<?php echo esc_attr( intval( $post_id ) ); ?>" />
<?php endif; ?>
<input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" />
<input type="hidden" name="pagegen_timestamp" value="<?php echo attr(current_time('mysql', 1)); ?>" />
<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
<input type="hidden" name="pagegen_timestamp" value="<?php echo esc_attr(current_time('mysql', 1)); ?>" />
<div class="tablenav">
@ -240,9 +240,9 @@ $page_links = paginate_links( array(
'<span class="total-type-count">' . number_format_i18n( $total ) . '</span>',
$page_links
); echo $page_links_text; ?></div>
<input type="hidden" name="_total" value="<?php echo attr($total); ?>" />
<input type="hidden" name="_per_page" value="<?php echo attr($comments_per_page); ?>" />
<input type="hidden" name="_page" value="<?php echo attr($page); ?>" />
<input type="hidden" name="_total" value="<?php echo esc_attr($total); ?>" />
<input type="hidden" name="_per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
<input type="hidden" name="_page" value="<?php echo esc_attr($page); ?>" />
<?php endif; ?>
<div class="alignleft actions">
@ -259,7 +259,7 @@ $page_links = paginate_links( array(
<?php endif; ?>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" name="doaction" id="doaction" value="<?php _ea('Apply'); ?>" class="button-secondary apply" />
<input type="submit" name="doaction" id="doaction" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
<?php wp_nonce_field('bulk-comments'); ?>
<select name="comment_type">
@ -271,22 +271,22 @@ $page_links = paginate_links( array(
) );
foreach ( $comment_types as $type => $label ) {
echo " <option value='" . attr($type) . "'";
echo " <option value='" . esc_attr($type) . "'";
selected( $comment_type, $type );
echo ">$label</option>\n";
}
?>
</select>
<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />
<?php if ( isset($_GET['apage']) ) { ?>
<input type="hidden" name="apage" value="<?php echo attr( absint( $_GET['apage'] ) ); ?>" />
<input type="hidden" name="apage" value="<?php echo esc_attr( absint( $_GET['apage'] ) ); ?>" />
<?php }
if ( 'spam' == $comment_status ) {
wp_nonce_field('bulk-spam-delete', '_spam_nonce');
if ( current_user_can ('moderate_comments')) { ?>
<input type="submit" name="delete_all_spam" value="<?php _ea('Delete All Spam'); ?>" class="button-secondary apply" />
<input type="submit" name="delete_all_spam" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" />
<?php }
} ?>
<?php do_action('manage_comments_nav', $comment_status); ?>
@ -346,10 +346,10 @@ if ( $page_links )
<?php endif; ?>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" name="doaction2" id="doaction2" value="<?php _ea('Apply'); ?>" class="button-secondary apply" />
<input type="submit" name="doaction2" id="doaction2" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
<?php if ( 'spam' == $comment_status ) { ?>
<input type="submit" name="delete_all_spam2" value="<?php _ea('Delete All Spam'); ?>" class="button-secondary apply" />
<input type="submit" name="delete_all_spam2" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" />
<?php } ?>
<?php do_action('manage_comments_nav', $comment_status); ?>
</div>
@ -360,12 +360,12 @@ if ( $page_links )
</form>
<form id="get-extra-comments" method="post" action="" class="add:the-extra-comment-list:" style="display: none;">
<input type="hidden" name="s" value="<?php echo attr($search); ?>" />
<input type="hidden" name="mode" value="<?php echo attr($mode); ?>" />
<input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" />
<input type="hidden" name="s" value="<?php echo esc_attr($search); ?>" />
<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
<input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
<input type="hidden" name="p" value="<?php echo attr( $post_id ); ?>" />
<input type="hidden" name="comment_type" value="<?php echo attr( $comment_type ); ?>" />
<input type="hidden" name="p" value="<?php echo esc_attr( $post_id ); ?>" />
<input type="hidden" name="comment_type" value="<?php echo esc_attr( $comment_type ); ?>" />
<?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>
</form>

66
wp-admin/edit-form-advanced.php
View File

@ -33,11 +33,11 @@ $notices[1] = __( 'There is an autosave of this post that is more recent than th
if ( 0 == $post_ID ) {
$form_action = 'post';
$temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post()
$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . attr($temp_ID) . "' />";
$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . esc_attr($temp_ID) . "' />";
$autosave = false;
} else {
$form_action = 'editpost';
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . attr($post_ID) . "' />";
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />";
$autosave = wp_get_post_autosave( $post_ID );
// Detect if there exists an autosave newer than the post and if that autosave is different than the post
@ -72,15 +72,15 @@ function post_submit_meta_box($post) {
<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
<div style="display:none;">
<input type="submit" name="save" value="<?php _ea('Save'); ?>" />
<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
</div>
<div id="minor-publishing-actions">
<div id="save-action">
<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status ) { ?>
<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
<input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
<?php } ?>
</div>
@ -129,7 +129,7 @@ switch ( $post->post_status ) {
<a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
<div id="post-status-select" class="hide-if-js">
<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" />
<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" />
<select name='post_status' id='post_status' tabindex='4'>
<?php if ( 'publish' == $post->post_status ) : ?>
<option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
@ -169,15 +169,15 @@ if ( 'private' == $post->post_status ) {
?><?php echo wp_specialchars( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
<div id="post-visibility-select" class="hide-if-js">
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> />
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />
<input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
<p>
@ -238,20 +238,20 @@ if ( ( 'edit' == $action ) && current_user_can('delete_post', $post->ID) ) { ?>
if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) {
if ( current_user_can('publish_posts') ) :
if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
<?php else : ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
<?php endif;
else : ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
<?php
endif;
} else { ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Post') ?>" />
<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Post') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Post') ?>" />
<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Post') ?>" />
<?php
} ?>
</div>
@ -271,20 +271,20 @@ add_meta_box('submitdiv', __('Publish'), 'post_submit_meta_box', 'post', 'side',
* @param object $post
*/
function post_tags_meta_box($post, $box) {
$tax_name = attr(substr($box['id'], 8));
$tax_name = esc_attr(substr($box['id'], 8));
$taxonomy = get_taxonomy($tax_name);
$helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.');
$helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.');
?>
<div class="tagsdiv" id="<?php echo $tax_name; ?>">
<div class="jaxtag">
<div class="nojs-tags hide-if-js">
<p><?php _e('Add or remove tags'); ?></p>
<textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
<textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
<span class="ajaxtag hide-if-no-js">
<label class="invisible" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
<input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _ea('Add new tag'); ?>" />
<input type="button" class="button tagadd" value="<?php _ea('Add'); ?>" tabindex="3" />
<input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" />
<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" />
</span></div>
<p class="howto"><?php echo $helps; ?></p>
<div class="tagchecklist"></div>
@ -297,7 +297,7 @@ function post_tags_meta_box($post, $box) {
foreach ( get_object_taxonomies('post') as $tax_name ) {
if ( !is_taxonomy_hierarchical($tax_name) ) {
$taxonomy = get_taxonomy($tax_name);
$label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name;
$label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name;
add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core');
}
@ -333,9 +333,9 @@ function post_categories_meta_box($post) {
<div id="category-adder" class="wp-hidden-children">
<h4><a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a></h4>
<p id="category-add" class="wp-hidden-child">
<label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
<label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
<label class="invisible" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _ea( 'Add' ); ?>" tabindex="3" />
<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" />
<?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
<span id="category-ajax-response"></span></p>
</div>
@ -385,7 +385,7 @@ add_meta_box('postexcerpt', __('Excerpt'), 'post_excerpt_meta_box', 'post', 'nor
* @param object $post
*/
function post_trackback_meta_box($post) {
$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. esc_attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
if ('' != $post->pinged) {
$pings = '<p>'. __('Already pinged:') . '</p><ul>';
$already_pinged = explode("\n", trim($post->pinged));
@ -492,7 +492,7 @@ if ( 'publish' == $post->post_status || 'private' == $post->post_status )
*/
function post_slug_meta_box($post) {
?>
<label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
<label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
<?php
}
if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) )
@ -567,11 +567,11 @@ else
?>
<input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
<input type="hidden" id="hiddenaction" name="action" value="<?php echo attr($form_action) ?>" />
<input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
<input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
<input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr($form_action) ?>" />
<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" />
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
<?php
if ( 'draft' != $post->post_status )
@ -592,7 +592,7 @@ echo $form_extra ?>
<div id="titlediv">
<div id="titlewrap">
<label class="invisible" for="title"><?php _e('Title') ?></label>
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
</div>
<div class="inside">
<?php

18
wp-admin/edit-form-comment.php
View File

@ -12,7 +12,7 @@
$submitbutton_text = __('Edit Comment');
$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
$form_action = 'editedcomment';
$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . attr($comment->comment_post_ID);
$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . esc_attr($comment->comment_post_ID);
?>
<form name="post" action="comment.php" method="post" id="post">
@ -26,8 +26,8 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . attr($com
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
<?php
$email = attr( $comment->comment_author_email );
$url = attr( $comment->comment_author_url );
$email = esc_attr( $comment->comment_author_email );
$url = esc_attr( $comment->comment_author_url );
// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
?>
@ -72,7 +72,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n 'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
</div>
<div id="publishing-action">
<input type="submit" name="save" value="<?php _ea('Update Comment'); ?>" tabindex="4" class="button-primary" />
<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />
</div>
<div class="clear"></div>
</div>
@ -90,7 +90,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
<tbody>
<tr valign="top">
<td class="first"><?php _e( 'Name:' ); ?></td>
<td><input type="text" name="newcomment_author" size="30" value="<?php echo attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
<td><input type="text" name="newcomment_author" size="30" value="<?php echo esc_attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
</tr>
<tr valign="top">
<td class="first">
@ -101,7 +101,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
_e( 'E-mail:' );
}
?></td>
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo attr($email); ?>" tabindex="2" id="email" /></td>
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
</tr>
<tr valign="top">
<td class="first">
@ -113,7 +113,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
} else {
_e( 'URL:' );
} ?></td>
<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo attr($url); ?>" tabindex="3" /></td>
<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($url); ?>" tabindex="3" /></td>
</tr>
</tbody>
</table>
@ -128,8 +128,8 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
<?php do_meta_boxes('comment', 'normal', $comment); ?>
<input type="hidden" name="c" value="<?php echo attr($comment->comment_ID) ?>" />
<input type="hidden" name="p" value="<?php echo attr($comment->comment_post_ID) ?>" />
<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
<?php wp_original_referer_field(true, 'previous'); ?>
<input type="hidden" name="noredir" value="1" />

8
wp-admin/edit-link-categories.php
View File

@ -75,7 +75,7 @@ endif; ?>
<p class="search-box">
<label class="invisible" for="link-category-search-input"><?php _e( 'Search Categories' ); ?>:</label>
<input type="text" id="link-category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Categories' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" />
</p>
</form>
<br class="clear" />
@ -112,7 +112,7 @@ if ( $page_links )
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php wp_nonce_field('bulk-link-categories'); ?>
</div>
@ -166,7 +166,7 @@ if ( $page_links )
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
</div>
<br class="clear" />
@ -211,7 +211,7 @@ if ( $page_links )
<textarea name="description" id="description" rows="5" cols="40"></textarea>
</div>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Category'); ?>" /></p>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p>
<?php do_action('edit_link_category_form', $category); ?>
</form>
</div>

10
wp-admin/edit-link-category-form.php
View File

@ -57,17 +57,17 @@ _fill_empty_link_category($category);
<?php echo $heading ?>
<div id="ajax-response"></div>
<?php echo $form ?>
<input type="hidden" name="action" value="<?php echo attr($action) ?>" />
<input type="hidden" name="cat_ID" value="<?php echo attr($category->term_id) ?>" />
<input type="hidden" name="action" value="<?php echo esc_attr($action) ?>" />
<input type="hidden" name="cat_ID" value="<?php echo esc_attr($category->term_id) ?>" />
<?php wp_original_referer_field(true, 'previous'); wp_nonce_field($nonce_action); ?>
<table class="form-table">
<tr class="form-field form-required">
<th scope="row" valign="top"><label for="name"><?php _e('Link Category name') ?></label></th>
<td><input name="name" id="name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /></td>
<td><input name="name" id="name" type="text" value="<?php echo esc_attr($category->name); ?>" size="40" aria-required="true" /></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="slug"><?php _e('Link Category slug') ?></label></th>
<td><input name="slug" id="slug" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
<td><input name="slug" id="slug" type="text" value="<?php echo esc_attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
<?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
</tr>
<tr class="form-field">
@ -75,7 +75,7 @@ _fill_empty_link_category($category);
<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $category->description; ?></textarea></td>
</tr>
</table>
<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo attr($submit_text) ?>" /></p>
<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo esc_attr($submit_text) ?>" /></p>
<?php do_action('edit_link_category_form', $category); ?>
</form>
</div>

26
wp-admin/edit-link-form.php
View File

@ -60,7 +60,7 @@ function link_submit_meta_box($link) {
<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
<div style="display:none;">
<input type="submit" name="save" value="<?php _ea('Save'); ?>" />
<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
</div>
<div id="minor-publishing-actions">
@ -91,9 +91,9 @@ if ( !empty($_GET['action']) && 'edit' == $_GET['action'] && current_user_can('m
<div id="publishing-action">
<?php if ( !empty($link->link_id) ) { ?>
<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php _ea('Update Link') ?>" />
<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Update Link') ?>" />
<?php } else { ?>
<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php _ea('Add Link') ?>" />
<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Add Link') ?>" />
<?php } ?>
</div>
<div class="clear"></div>
@ -139,8 +139,8 @@ function link_categories_meta_box($link) { ?>
<h4><a id="category-add-toggle" href="#category-add"><?php _e( '+ Add New Category' ); ?></a></h4>
<p id="link-category-add" class="wp-hidden-child">
<label class="invisible" for="newcat"><?php _e( '+ Add New Category' ); ?></label>
<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" aria-required="true" />
<input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php _ea( 'Add' ); ?>" />
<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" aria-required="true" />
<input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php esc_attr_e( 'Add' ); ?>" />
<?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?>
<span id="category-ajax-response"></span>
</p>
@ -185,7 +185,7 @@ function link_xfn_meta_box($link) {
<table class="editform" style="width: 100%;" cellspacing="2" cellpadding="5">
<tr>
<th style="width: 20%;" scope="row"><label for="link_rel"><?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('rel:') ?></label></th>
<td style="width: 80%;"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo ( isset( $link->link_rel ) ? attr($link->link_rel) : ''); ?>" /></td>
<td style="width: 80%;"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo ( isset( $link->link_rel ) ? esc_attr($link->link_rel) : ''); ?>" /></td>
</tr>
<tr>
<td colspan="2">
@ -305,11 +305,11 @@ function link_advanced_meta_box($link) {
<table class="form-table" style="width: 100%;" cellspacing="2" cellpadding="5">
<tr class="form-field">
<th valign="top" scope="row"><label for="link_image"><?php _e('Image Address') ?></label></th>
<td><input type="text" name="link_image" class="code" id="link_image" size="50" value="<?php echo ( isset( $link->link_image ) ? attr($link->link_image) : ''); ?>" style="width: 95%" /></td>
<td><input type="text" name="link_image" class="code" id="link_image" size="50" value="<?php echo ( isset( $link->link_image ) ? esc_attr($link->link_image) : ''); ?>" style="width: 95%" /></td>
</tr>
<tr class="form-field">
<th valign="top" scope="row"><label for="rss_uri"><?php _e('RSS Address') ?></label></th>
<td><input name="link_rss" class="code" type="text" id="rss_uri" value="<?php echo ( isset( $link->link_rss ) ? attr($link->link_rss) : ''); ?>" size="50" style="width: 95%" /></td>
<td><input name="link_rss" class="code" type="text" id="rss_uri" value="<?php echo ( isset( $link->link_rss ) ? esc_attr($link->link_rss) : ''); ?>" size="50" style="width: 95%" /></td>
</tr>
<tr class="form-field">
<th valign="top" scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
@ -320,7 +320,7 @@ function link_advanced_meta_box($link) {
<td><select name="link_rating" id="link_rating" size="1">
<?php
for ($r = 0; $r < 10; $r++) {
echo(' <option value="'. attr($r) .'" ');
echo(' <option value="'. esc_attr($r) .'" ');
if ( isset($link->link_rating) && $link->link_rating == $r)
echo 'selected="selected"';
echo('>'.$r.'</option>');
@ -374,7 +374,7 @@ $side_meta_boxes = do_meta_boxes( 'link', 'side', $link );
<div id="namediv" class="stuffbox">
<h3><label for="link_name"><?php _e('Name') ?></label></h3>
<div class="inside">
<input type="text" name="link_name" size="30" tabindex="1" value="<?php echo attr($link->link_name); ?>" id="link_name" />
<input type="text" name="link_name" size="30" tabindex="1" value="<?php echo esc_attr($link->link_name); ?>" id="link_name" />
<p><?php _e('Example: Nifty blogging software'); ?></p>
</div>
</div>
@ -382,7 +382,7 @@ $side_meta_boxes = do_meta_boxes( 'link', 'side', $link );
<div id="addressdiv" class="stuffbox">
<h3><label for="link_url"><?php _e('Web Address') ?></label></h3>
<div class="inside">
<input type="text" name="link_url" size="30" class="code" tabindex="1" value="<?php echo attr($link->link_url); ?>" id="link_url" />
<input type="text" name="link_url" size="30" class="code" tabindex="1" value="<?php echo esc_attr($link->link_url); ?>" id="link_url" />
<p><?php _e('Example: <code>http://wordpress.org/</code> &#8212; don&#8217;t forget the <code>http://</code>'); ?></p>
</div>
</div>
@ -390,7 +390,7 @@ $side_meta_boxes = do_meta_boxes( 'link', 'side', $link );
<div id="descriptiondiv" class="stuffbox">
<h3><label for="link_description"><?php _e('Description') ?></label></h3>
<div class="inside">
<input type="text" name="link_description" size="30" tabindex="1" value="<?php echo isset($link->link_description) ? attr($link->link_description) : ''; ?>" id="link_description" />
<input type="text" name="link_description" size="30" tabindex="1" value="<?php echo isset($link->link_description) ? esc_attr($link->link_description) : ''; ?>" id="link_description" />
<p><?php _e('This will be shown when someone hovers over the link in the blogroll, or optionally below the link.'); ?></p>
</div>
</div>
@ -404,7 +404,7 @@ do_meta_boxes('link', 'advanced', $link);
if ( $link_id ) : ?>
<input type="hidden" name="action" value="save" />
<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
<input type="hidden" name="order_by" value="<?php echo attr($order_by); ?>" />
<input type="hidden" name="order_by" value="<?php echo esc_attr($order_by); ?>" />
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
<?php else: ?>
<input type="hidden" name="action" value="add" />

46
wp-admin/edit-page-form.php
View File

@ -66,15 +66,15 @@ function page_submit_meta_box($post) {
<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
<div style="display:none;">
<input type="submit" name="save" value="<?php _ea('Save'); ?>" />
<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
</div>
<div id="minor-publishing-actions">
<div id="save-action">
<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status ) { ?>
<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
<input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
<?php } ?>
</div>
@ -123,7 +123,7 @@ switch ( $post->post_status ) {
<a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
<div id="post-status-select" class="hide-if-js">
<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" />
<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" />
<select name='post_status' id='post_status' tabindex='4'>
<?php if ( 'publish' == $post->post_status ) : ?>
<option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
@ -163,12 +163,12 @@ echo wp_specialchars( $visibility_trans ); ?></span>
<a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
<div id="post-visibility-select" class="hide-if-js">
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />
<input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
<p><a href="#visibility" class="save-post-visibility hide-if-no-js button"><?php _e('OK'); ?></a>
@ -226,20 +226,20 @@ if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0
<?php
if ( $can_publish ) :
if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
<?php else : ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
<?php endif;
else : ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
<?php
endif;
} else { ?>
<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Page') ?>" />
<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Page') ?>" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Page') ?>" />
<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Page') ?>" />
<?php
} ?>
</div>
@ -291,7 +291,7 @@ function page_attributes_meta_box($post){
<?php
} ?>
<h5><?php _e('Order') ?></h5>
<p><label class="invisible" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo attr($post->menu_order) ?>" /></p>
<p><label class="invisible" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo esc_attr($post->menu_order) ?>" /></p>
<p><?php _e('Pages are usually ordered alphabetically, but you can put a number above to change the order pages appear in. (We know this is a little janky, it&#8217;ll be better in future releases.)'); ?></p>
<?php
}
@ -346,7 +346,7 @@ add_meta_box('pagecommentstatusdiv', __('Discussion'), 'page_comments_status_met
*/
function page_slug_meta_box($post){
?>
<label class="invisible" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
<label class="invisible" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
<?php
}
add_meta_box('pageslugdiv', __('Page Slug'), 'page_slug_meta_box', 'page', 'normal', 'core');
@ -414,12 +414,12 @@ if (isset($mode) && 'bookmarklet' == $mode)
echo '<input type="hidden" name="mode" value="bookmarklet" />';
?>
<input type="hidden" id="user-id" name="user_ID" value="<?php echo $user_ID ?>" />
<input type="hidden" id="hiddenaction" name="action" value='<?php echo attr($form_action) ?>' />
<input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
<input type="hidden" id="hiddenaction" name="action" value='<?php echo esc_attr($form_action) ?>' />
<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" />
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
<?php echo $form_extra ?>
<input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
<?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>
@ -436,7 +436,7 @@ $side_meta_boxes = do_meta_boxes('page', 'side', $post); ?>
<div id="titlediv">
<div id="titlewrap">
<label class="invisible" for="title"><?php _e('Title') ?></label>
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
</div>
<div class="inside">
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>

8
wp-admin/edit-pages.php
View File

@ -171,11 +171,11 @@ endif;
<p class="search-box">
<label class="invisible" for="page-search-input"><?php _e( 'Search Pages' ); ?>:</label>
<input type="text" id="page-search-input" name="s" value="<?php _admin_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Pages' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Pages' ); ?>" class="button" />
</p>
<?php if ( isset($_GET['post_status'] ) ) : ?>
<input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
<input type="hidden" name="post_status" value="<?php echo esc_attr($_GET['post_status']) ?>" />
<?php endif; ?>
<?php if ($posts) { ?>
@ -215,7 +215,7 @@ if ( $page_links ) : ?>
<option value="edit"><?php _e('Edit'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php wp_nonce_field('bulk-pages'); ?>
</div>
@ -254,7 +254,7 @@ if ( $page_links )
<option value="edit"><?php _e('Edit'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
</div>
<br class="clear" />

10
wp-admin/edit-tag-form.php
View File

@ -20,18 +20,18 @@ do_action('edit_tag_form_pre', $tag); ?>
<div id="ajax-response"></div>
<form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate">
<input type="hidden" name="action" value="editedtag" />
<input type="hidden" name="tag_ID" value="<?php echo attr($tag->term_id) ?>" />
<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy) ?>" />
<input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" />
<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" />
<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?>
<table class="form-table">
<tr class="form-field form-required">
<th scope="row" valign="top"><label for="name"><?php _e('Tag name') ?></label></th>
<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attr($tag->name); ?>" size="40" aria-required="true" />
<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo esc_attr($tag->name); ?>" size="40" aria-required="true" />
<p><?php _e('The name is how the tag appears on your site.'); ?></p></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="slug"><?php _e('Tag slug') ?></label></th>
<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo esc_attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
<p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td>
</tr>
<tr class="form-field">
@ -40,7 +40,7 @@ do_action('edit_tag_form_pre', $tag); ?>
<?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
</tr>
</table>
<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _ea('Update Tag'); ?>" /></p>
<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Tag'); ?>" /></p>
<?php do_action('edit_tag_form', $tag); ?>
</form>
</div>

12
wp-admin/edit-tags.php
View File

@ -160,7 +160,7 @@ endif; ?>
<p class="search-box">
<label class="invisible" for="tag-search-input"><?php _e( 'Search Tags' ); ?>:</label>
<input type="text" id="tag-search-input" name="s" value="<?php _admin_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Tags' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Tags' ); ?>" class="button" />
</p>
</form>
<br class="clear" />
@ -170,7 +170,7 @@ endif; ?>
<div id="col-right">
<div class="col-wrap">
<form id="posts-filter" action="" method="get">
<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" />
<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
<div class="tablenav">
<?php
$pagenum = isset( $_GET['pagenum'] ) ? absint( $_GET['pagenum'] ) : 0;
@ -201,7 +201,7 @@ if ( $page_links )
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php wp_nonce_field('bulk-tags'); ?>
</div>
@ -244,7 +244,7 @@ if ( $page_links )
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
</div>
<br class="clear" />
@ -276,7 +276,7 @@ else
<div id="ajax-response"></div>
<form name="addtag" id="addtag" method="post" action="edit-tags.php" class="add:the-list: validate">
<input type="hidden" name="action" value="addtag" />
<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" />
<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
<?php wp_original_referer_field(true, 'previous'); wp_nonce_field('add-tag'); ?>
<div class="form-field form-required">
@ -297,7 +297,7 @@ else
<p><?php _e('The description is not prominent by default, however some themes may show it.'); ?></p>
</div>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Tag'); ?>" /></p>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Tag'); ?>" /></p>
<?php do_action('add_tag_form'); ?>
</form></div>
<?php } ?>

16
wp-admin/edit.php
View File

@ -92,7 +92,7 @@ if ( !isset( $_GET['paged'] ) )
if ( empty($_GET['mode']) )
$mode = 'list';
else
$mode = attr($_GET['mode']); ?>
$mode = esc_attr($_GET['mode']); ?>
<div class="wrap">
<?php screen_icon(); ?>
@ -166,13 +166,13 @@ endif;
<p class="search-box">
<label class="invisible" for="post-search-input"><?php _e( 'Search Posts' ); ?>:</label>
<input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Posts' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Posts' ); ?>" class="button" />
</p>
<?php if ( isset($_GET['post_status'] ) ) : ?>
<input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
<input type="hidden" name="post_status" value="<?php echo esc_attr($_GET['post_status']) ?>" />
<?php endif; ?>
<input type="hidden" name="mode" value="<?php echo attr($mode); ?>" />
<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
<?php if ( have_posts() ) { ?>
@ -195,7 +195,7 @@ $page_links = paginate_links( array(
<option value="edit"><?php _e('Edit'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php wp_nonce_field('bulk-posts'); ?>
<?php // view filters
@ -222,7 +222,7 @@ foreach ($arc_result as $arc_row) {
else
$default = '';
echo "<option$default value='" . attr("$arc_row->yyear$arc_row->mmonth") . "'>";
echo "<option$default value='" . esc_attr("$arc_row->yyear$arc_row->mmonth") . "'>";
echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
echo "</option>\n";
}
@ -236,7 +236,7 @@ $dropdown_options = array('show_option_all' => __('View all categories'), 'hide_
wp_dropdown_categories($dropdown_options);
do_action('restrict_manage_posts');
?>
<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />
<?php } ?>
</div>
@ -275,7 +275,7 @@ if ( $page_links )
<option value="edit"><?php _e('Edit'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<br class="clear" />
</div>
<br class="clear" />

4
wp-admin/export.php
View File

@ -42,14 +42,14 @@ require_once ('admin-header.php');
$authors = $wpdb->get_col( "SELECT post_author FROM $wpdb->posts GROUP BY post_author" );
foreach ( $authors as $id ) {
$o = get_userdata( $id );
echo "<option value='" . attr($o->ID) . "'>$o->display_name</option>";
echo "<option value='" . esc_attr($o->ID) . "'>$o->display_name</option>";
}
?>
</select>
</td>
</tr>
</table>
<p class="submit"><input type="submit" name="submit" class="button" value="<?php _ea('Download Export File'); ?>" />
<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Download Export File'); ?>" />
<input type="hidden" name="download" value="true" />
</p>
</form>

8
wp-admin/import/blogger.php
View File

@ -51,7 +51,7 @@ class Blogger_Import {
$welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
$prereqs = __('To use this importer, you must have a Google account and an upgraded (New, was Beta) blog hosted on blogspot.com or a custom domain (not FTP).');
$stepone = __('The first thing you need to do is tell Blogger to let WordPress access your account. You will be sent back here after providing authorization.');
$auth = _a('Authorize');
$auth = esc_attr__('Authorize');
echo "
<div class='wrap'>
@ -214,7 +214,7 @@ class Blogger_Import {
$value = $continue;
else
$value = $authors;
$value = attr($value);
$value = esc_attr($value);
$blogtitle = js_escape( $blog['title'] );
$pdone = isset($blog['posts_done']) ? (int) $blog['posts_done'] : 0;
$cdone = isset($blog['comments_done']) ? (int) $blog['comments_done'] : 0;
@ -663,7 +663,7 @@ class Blogger_Import {
foreach ( $blog['authors'] as $i => $author )
$rows .= "<tr><td><label for='authors[$i]'>{$author[0]}</label></td><td><select name='authors[$i]' id='authors[$i]'>" . $this->get_user_options($author[1]) . "</select></td></tr>";
return "<div class='wrap'><h2>$heading</h2><h3>$blogtitle</h3><p>$directions</p><form action='index.php?import=blogger&amp;noheader=true&saveauthors=1' method='post'><input type='hidden' name='blog' value='" . attr($importing_blog) . "' /><table cellpadding='5'><thead><td>$mapthis</td><td>$tothis</td></thead>$rows<tr><td></td><td class='submit'><input type='submit' class='button authorsubmit' value='$submit' /></td></tr></table></form></div>";
return "<div class='wrap'><h2>$heading</h2><h3>$blogtitle</h3><p>$directions</p><form action='index.php?import=blogger&amp;noheader=true&saveauthors=1' method='post'><input type='hidden' name='blog' value='" . esc_attr($importing_blog) . "' /><table cellpadding='5'><thead><td>$mapthis</td><td>$tothis</td></thead>$rows<tr><td></td><td class='submit'><input type='submit' class='button authorsubmit' value='$submit' /></td></tr></table></form></div>";
}
function get_user_options($current) {
@ -832,7 +832,7 @@ class Blogger_Import {
if ( $saved && !isset($_GET['noheader']) ) {
$restart = __('Restart');
$message = __('We have saved some information about your Blogger account in your WordPress database. Clearing this information will allow you to start over. Restarting will not affect any posts you have already imported. If you attempt to re-import a blog, duplicate posts and comments will be skipped.');
$submit = _a('Clear account information');
$submit = esc_attr__('Clear account information');
echo "<div class='wrap'><h2>$restart</h2><p>$message</p><form method='post' action='?import=blogger&amp;noheader=true'><p class='submit' style='text-align:left;'><input type='submit' class='button' value='$submit' name='restart' /></p></form></div>";
}
}

4
wp-admin/import/btt.php
View File

@ -35,7 +35,7 @@ class BunnyTags_Import {
echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
echo '<form action="admin.php?import=btt&amp;step=1" method="post">';
wp_nonce_field('import-btt');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Tags').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Tags').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -105,7 +105,7 @@ class BunnyTags_Import {
echo '<form action="admin.php?import=btt&amp;step='.($precheck? 2:3).'" method="post">';
wp_nonce_field('import-btt');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Next').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
echo '</form>';
echo '</div>';
}

12
wp-admin/import/dotclear.php
View File

@ -215,7 +215,7 @@ class Dotclear_Import {
echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
wp_nonce_field('import-dotclear');
$this->db_form();
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Categories').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Categories').'" /></p>';
echo '</form></div>';
}
@ -632,7 +632,7 @@ class Dotclear_Import {
echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
wp_nonce_field('import-dotclear');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Users'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Users'));
echo '</form>';
}
@ -645,7 +645,7 @@ class Dotclear_Import {
echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
wp_nonce_field('import-dotclear');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Posts'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Posts'));
echo '</form>';
}
@ -659,7 +659,7 @@ class Dotclear_Import {
echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
wp_nonce_field('import-dotclear');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Comments'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Comments'));
echo '</form>';
}
@ -671,7 +671,7 @@ class Dotclear_Import {
echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
wp_nonce_field('import-dotclear');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Links'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Links'));
echo '</form>';
}
@ -684,7 +684,7 @@ class Dotclear_Import {
echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
wp_nonce_field('import-dotclear');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Finish'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Finish'));
echo '</form>';
}

2
wp-admin/import/greymatter.php
View File

@ -66,7 +66,7 @@ class GM_Import {
<?php _e('This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don&#8217;t know that number, just log into your FTP and look it out<br />in the entries&#8217; folder)') ?></td>
</tr>
</table>
<p class="submit"><input type="submit" name="submit" class="button" value="<?php _ea('Start Importing') ?>" /></p>
<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Start Importing') ?>" /></p>
</form>
<?php
$this->footer();

8
wp-admin/import/jkw.php
View File

@ -34,11 +34,11 @@ class JeromesKeyword_Import {
echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
echo '<form action="admin.php?import=jkw&amp;step=1" method="post">';
wp_nonce_field('import-jkw');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Version 1.x').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 1.x').'" /></p>';
echo '</form>';
echo '<form action="admin.php?import=jkw&amp;step=3" method="post">';
wp_nonce_field('import-jkw');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import Version 2.0a').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 2.0a').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -120,7 +120,7 @@ class JeromesKeyword_Import {
echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 2:6).'" method="post">';
wp_nonce_field('import-jkw');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Next').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -153,7 +153,7 @@ class JeromesKeyword_Import {
}
echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 4:5).'" method="post">';
wp_nonce_field('import-jkw');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Next').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
echo '</form>';
echo '</div>';
}

20
wp-admin/import/livejournal.php
View File

@ -181,12 +181,12 @@ class LJ_API_Import {
<form action="admin.php?import=livejournal" method="post">
<?php wp_nonce_field( 'lj-api-import' ) ?>
<?php if ( get_option( 'ljapi_username' ) && get_option( 'ljapi_password' ) ) : ?>
<input type="hidden" name="step" value="<?php echo attr( get_option( 'ljapi_step' ) ) ?>" />
<input type="hidden" name="step" value="<?php echo esc_attr( get_option( 'ljapi_step' ) ) ?>" />
<p><?php _e( 'It looks like you attempted to import your LiveJournal posts previously and got interrupted.' ) ?></p>
<p class="submit">
<input type="submit" class="button-primary" value="<?php _ea( 'Continue previous import' ) ?>" />
<input type="submit" class="button-primary" value="<?php esc_attr_e( 'Continue previous import' ) ?>" />
</p>
<p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p>
<p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p>
<p>
<?php else : ?>
<input type="hidden" name="step" value="1" />
@ -223,7 +223,7 @@ class LJ_API_Import {
<p><?php _e( "<strong>WARNING:</strong> This can take a really long time if you have a lot of entries in your LiveJournal, or a lot of comments. Ideally, you should only start this process if you can leave your computer alone while it finishes the import." ) ?></p>
<p class="submit">
<input type="submit" class="button-primary" value="<?php _ea( 'Connect to LiveJournal and Import' ) ?>" />
<input type="submit" class="button-primary" value="<?php esc_attr_e( 'Connect to LiveJournal and Import' ) ?>" />
</p>
<p><?php _e( '<strong>NOTE:</strong> If the import process is interrupted for <em>any</em> reason, come back to this page and it will continue from where it stopped automatically.' ) ?></p>
@ -724,7 +724,7 @@ class LJ_API_Import {
if ( empty( $this->username ) || empty( $this->password ) ) {
?>
<p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p>
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
<?php
return false;
}
@ -736,7 +736,7 @@ class LJ_API_Import {
delete_option( 'ljapi_protected_password' );
?>
<p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p>
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
<p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
<?php
return false;
} else {
@ -816,7 +816,7 @@ class LJ_API_Import {
<form action="admin.php?import=livejournal" method="post" id="ljapi-auto-repost">
<?php wp_nonce_field( 'lj-api-import' ) ?>
<input type="hidden" name="step" id="step" value="1" />
<p><input type="submit" class="button-primary" value="<?php _ea( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p>
<p><input type="submit" class="button-primary" value="<?php esc_attr_e( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p>
</form>
<?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?>
<?php
@ -866,7 +866,7 @@ class LJ_API_Import {
<p><strong><?php printf( __( 'Imported comment batch %d of <strong>approximately</strong> %d' ), get_option( 'ljapi_comment_batch' ), $batch ) ?></strong></p>
<?php wp_nonce_field( 'lj-api-import' ) ?>
<input type="hidden" name="step" id="step" value="2" />
<p><input type="submit" class="button-primary" value="<?php _ea( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p>
<p><input type="submit" class="button-primary" value="<?php esc_attr_e( 'Import the next batch' ) ?>" /> <span id="auto-message"></span></p>
</form>
<?php $this->auto_ajax( 'ljapi-auto-repost', 'auto-message', 0 ); ?>
<?php
@ -941,8 +941,8 @@ class LJ_API_Import {
$str = '<form action="admin.php?import=livejournal" method="post" id="' . $id . '">';
$str .= wp_nonce_field( 'lj-api-import', '_wpnonce', true, false );
$str .= wp_referer_field( false );
$str .= '<input type="hidden" name="step" id="step" value="' . attr($next_step) . '" />';
$str .= '<p><input type="submit" class="button-primary" value="' . attr( $label ) . '" /> <span id="auto-message"></span></p>';
$str .= '<input type="hidden" name="step" id="step" value="' . esc_attr($next_step) . '" />';
$str .= '<p><input type="submit" class="button-primary" value="' . esc_attr( $label ) . '" /> <span id="auto-message"></span></p>';
$str .= '</form>';
return $str;

8
wp-admin/import/mt.php
View File

@ -39,14 +39,14 @@ class MT_Import {
<p><?php _e('Howdy! We&#8217;re about to begin importing all of your Movable Type or Typepad entries into WordPress. To begin, either choose a file to upload and click &#8220;Upload file and import&#8221;, or use FTP to upload your MT export file as <code>mt-export.txt</code> in your <code>/wp-content/</code> directory and then click "Import mt-export.txt"'); ?></p>
<?php wp_import_upload_form( add_query_arg('step', 1) ); ?>
<form method="post" action="<?php echo attr(add_query_arg('step', 1)); ?>" class="import-upload-form">
<form method="post" action="<?php echo esc_attr(add_query_arg('step', 1)); ?>" class="import-upload-form">
<?php wp_nonce_field('import-upload'); ?>
<p>
<input type="hidden" name="upload_type" value="ftp" />
<?php _e('Or use <code>mt-export.txt</code> in your <code>/wp-content/</code> directory'); ?></p>
<p class="submit">
<input type="submit" class="button" value="<?php _ea('Import mt-export.txt'); ?>" />
<input type="submit" class="button" value="<?php esc_attr_e('Import mt-export.txt'); ?>" />
</p>
</form>
<p><?php _e('The importer is smart enough not to import duplicates, so you can run this multiple times without worry if&#8212;for whatever reason&#8212;it doesn&#8217;t finish. If you get an <strong>out of memory</strong> error try splitting up the import file into pieces.'); ?> </p>
@ -207,12 +207,12 @@ class MT_Import {
$j = -1;
foreach ($authors as $author) {
++ $j;
echo '<li><label>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'. attr($author) .'" name="'.'user[]'.'" maxlength="30"> <br />');
echo '<li><label>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'. esc_attr($author) .'" name="'.'user[]'.'" maxlength="30"> <br />');
$this->users_form($j);
echo '</label></li>';
}
echo '<p class="submit"><input type="submit" class="button" value="'._a('Submit').'"></p>'.'<br />';
echo '<p class="submit"><input type="submit" class="button" value="'.esc_attr__('Submit').'"></p>'.'<br />';
echo '</form>';
echo '</ol></div>';

2
wp-admin/import/opml.php
View File

@ -64,7 +64,7 @@ foreach ($categories as $category) {
?>
</select></p>
<p class="submit"><input type="submit" name="submit" value="<?php _ea('Import OPML File') ?>" /></p>
<p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Import OPML File') ?>" /></p>
</form>
</div>

6
wp-admin/import/stp.php
View File

@ -33,7 +33,7 @@ class STP_Import {
echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
echo '<form action="admin.php?import=stp&amp;step=1" method="post">';
wp_nonce_field('import-stp');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 1').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 1').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -93,7 +93,7 @@ class STP_Import {
echo '<form action="admin.php?import=stp&amp;step=2" method="post">';
wp_nonce_field('import-stp');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 2').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 2').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -109,7 +109,7 @@ class STP_Import {
echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag was added!', 'Done! <strong>%s</strong> tags were added!', $tags_added), $tags_added ) . '<br /></p>';
echo '<form action="admin.php?import=stp&amp;step=3" method="post">';
wp_nonce_field('import-stp');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 3').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 3').'" /></p>';
echo '</form>';
echo '</div>';
}

12
wp-admin/import/textpattern.php
View File

@ -70,7 +70,7 @@ class Textpattern_Import {
echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
wp_nonce_field('import-textpattern');
$this->db_form();
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Import').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -505,7 +505,7 @@ class Textpattern_Import {
echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
wp_nonce_field('import-textpattern');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Users'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Users'));
echo '</form>';
}
@ -518,7 +518,7 @@ class Textpattern_Import {
echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
wp_nonce_field('import-textpattern');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Posts'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Posts'));
echo '</form>';
}
@ -532,7 +532,7 @@ class Textpattern_Import {
echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
wp_nonce_field('import-textpattern');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Comments'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Comments'));
echo '</form>';
}
@ -544,7 +544,7 @@ class Textpattern_Import {
echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
wp_nonce_field('import-textpattern');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Import Links'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Links'));
echo '</form>';
}
@ -557,7 +557,7 @@ class Textpattern_Import {
echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
wp_nonce_field('import-textpattern');
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', _a('Finish'));
printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Finish'));
echo '</form>';
}

8
wp-admin/import/utw.php
View File

@ -33,7 +33,7 @@ class UTW_Import {
echo '<p>'.__('To accommodate larger databases for those tag-crazy authors out there, we have made this into an easy 5-step program to help you kick that nasty UTW habit. Just keep clicking along and we will let you know when you are in the clear!').'</p>';
echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
echo '<form action="admin.php?import=utw&amp;step=1" method="post">';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 1').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 1').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -120,7 +120,7 @@ class UTW_Import {
echo '<form action="admin.php?import=utw&amp;step=2" method="post">';
wp_nonce_field('import-utw');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 2').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 2').'" /></p>';
echo '</form>';
echo '</div>';
}
@ -156,7 +156,7 @@ class UTW_Import {
echo '<form action="admin.php?import=utw&amp;step=3" method="post">';
wp_nonce_field('import-utw');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 3').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 3').'" /></p>';
echo '</form>';
echo '</div>';
@ -175,7 +175,7 @@ class UTW_Import {
echo '<form action="admin.php?import=utw&amp;step=4" method="post">';
wp_nonce_field('import-utw');
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'._a('Step 4').'" /></p>';
echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 4').'" /></p>';
echo '</form>';
echo '</div>';

6
wp-admin/import/wordpress.php
View File

@ -233,7 +233,7 @@ class WP_Import {
}
echo '<p class="submit">';
echo '<input type="submit" class="button" value="'. _a('Submit') .'" />'.'<br />';
echo '<input type="submit" class="button" value="'. esc_attr__('Submit') .'" />'.'<br />';
echo '</p>';
echo '</form>';
@ -242,14 +242,14 @@ class WP_Import {
function users_form($n, $author) {
if ( $this->allow_create_users() ) {
printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'. attr($author) .'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />');
printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'. esc_attr($author) .'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />');
}
else {
echo __('Map to existing').'<br />';
}
// keep track of $n => $author name
echo '<input type="hidden" name="author_in['.intval($n).']" value="'.attr($author).'" />';
echo '<input type="hidden" name="author_in['.intval($n).']" value="' . esc_attr($author).'" />';
$users = get_users_of_blog();
?><select name="user_select[<?php echo $n; ?>]">

10
wp-admin/import/wp-cat2tag.php
View File

@ -103,7 +103,7 @@ function check_all_rows() {
</script>
<form name="catlist" id="catlist" action="admin.php?import=wp-cat2tag&amp;step=2" method="post">
<p><input type="button" class="button-secondary" value="<?php _ea('Check All'); ?>" onclick="this.value=check_all_rows()" />
<p><input type="button" class="button-secondary" value="<?php esc_attr_e('Check All'); ?>" onclick="this.value=check_all_rows()" />
<?php wp_nonce_field('import-cat2tag'); ?></p>
<ul style="list-style:none">
@ -128,7 +128,7 @@ function check_all_rows() {
<?php if ( ! empty($this->hybrids_ids) )
echo '<p><a name="note"></a>' . __('* This category is also a tag. Converting it will add that tag to all posts that are currently in the category.') . '</p>'; ?>
<p class="submit"><input type="submit" name="submit" class="button" value="<?php _ea('Convert Categories to Tags'); ?>" /></p>
<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Convert Categories to Tags'); ?>" /></p>
</form>
<?php }
@ -179,12 +179,12 @@ function check_all_tagrows() {
</script>
<form name="taglist" id="taglist" action="admin.php?import=wp-cat2tag&amp;step=4" method="post">
<p><input type="button" class="button-secondary" value="<?php _ea('Check All'); ?>" onclick="this.value=check_all_tagrows()" />
<p><input type="button" class="button-secondary" value="<?php esc_attr_e('Check All'); ?>" onclick="this.value=check_all_tagrows()" />
<?php wp_nonce_field('import-cat2tag'); ?></p>
<ul style="list-style:none">
<?php foreach ( $this->all_tags as $tag ) { ?>
<li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id), $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>
<li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo esc_attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id), $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>
<?php } ?>
</ul>
@ -192,7 +192,7 @@ function check_all_tagrows() {
<?php if ( ! empty($this->hybrids_ids) )
echo '<p><a name="note"></a>' . __('* This tag is also a category. When converted, all posts associated with the tag will also be in the category.') . '</p>'; ?>
<p class="submit"><input type="submit" name="submit_tags" class="button" value="<?php _ea('Convert Tags to Categories'); ?>" /></p>
<p class="submit"><input type="submit" name="submit_tags" class="button" value="<?php esc_attr_e('Convert Tags to Categories'); ?>" /></p>
</form>
<?php }

2
wp-admin/includes/bookmark.php
View File

@ -59,7 +59,7 @@ function get_default_link_to_edit() {
$link->link_url = '';
if ( isset( $_GET['name'] ) )
$link->link_name = attr( $_GET['name']);
$link->link_name = esc_attr( $_GET['name']);
else
$link->link_name = '';

24
wp-admin/includes/class-wp-upgrader.php
View File

@ -820,8 +820,8 @@ class Plugin_Upgrader_Skin extends WP_Upgrader_Skin {
echo '<iframe style="border:0;overflow:hidden" width="100%" height="170px" src="' . wp_nonce_url('update.php?action=activate-plugin&plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) .'"></iframe>';
}
$update_actions = array(
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $this->plugin, 'activate-plugin_' . $this->plugin) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>',
'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . esc_attr__('Goto plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>'
);
if ( $this->plugin_active )
unset( $update_actions['activate_plugin'] );
@ -871,13 +871,13 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin {
$plugin_file = $this->upgrader->plugin_info();
$install_actions = array(
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attr(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>',
);
if ( $this->type == 'web' )
$install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . attr(__('Return to Plugin Installer')) . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';
$install_actions['plugins_page'] = '<a href="' . admin_url('plugin-install.php') . '" title="' . esc_attr__('Return to Plugin Installer') . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';
else
$install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . attr(__('Return to Plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>';
$install_actions['plugins_page'] = '<a href="' . admin_url('plugins.php') . '" title="' . esc_attr__('Return to Plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>';
if ( ! $this->result || is_wp_error($this->result) )
@ -936,14 +936,14 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin {
$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=" . urlencode($template) . "&amp;stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
$install_actions = array(
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>',
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>'
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>',
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>'
);
if ( $this->type == 'web' )
$install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . attr(__('Return to Theme Installer')) . '" target="_parent">' . __('Return to Theme Installer.') . '</a>';
$install_actions['themes_page'] = '<a href="' . admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer.') . '</a>';
else
$install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>';
$install_actions['themes_page'] = '<a href="' . admin_url('themes.php') . '" title="' . esc_attr__('Themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>';
if ( ! $this->result || is_wp_error($this->result) )
unset( $install_actions['activate'], $install_actions['preview'] );
@ -995,9 +995,9 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin {
$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=" . urlencode($template) . "&amp;stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
$update_actions = array(
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>',
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>',
'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . attr(__('Return to Themes page')) . '" target="_parent">' . __('Return to Themes page') . '</a>',
'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>',
'activate' => '<a href="' . $activate_link . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>',
'themes_page' => '<a href="' . admin_url('themes.php') . '" title="' . esc_attr__('Return to Themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>',
);
if ( ( ! $this->result || is_wp_error($this->result) ) || $stylesheet == get_stylesheet() )
unset($update_actions['preview'], $update_actions['activate']);

20
wp-admin/includes/dashboard.php
View File

@ -132,7 +132,7 @@ function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_
function _wp_dashboard_control_callback( $dashboard, $meta_box ) {
echo '<form action="" method="post" class="dashboard-widget-control-form">';
wp_dashboard_trigger_widget_control( $meta_box['id'] );
echo "<p class='submit'><input type='hidden' name='widget_id' value='" . attr($meta_box['id']) . "' /><input type='submit' value='" . _a( 'Submit' ) . "' /></p>";
echo "<p class='submit'><input type='hidden' name='widget_id' value='" . esc_attr($meta_box['id']) . "' /><input type='submit' value='" . esc_attr__( 'Submit' ) . "' /></p>";
echo '</form>';
}
@ -388,7 +388,7 @@ function wp_dashboard_quick_press() {
<form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
<h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
<div class="input-text-wrap">
<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attr( $post->post_title ); ?>" />
<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo esc_attr( $post->post_title ); ?>" />
</div>
<?php if ( current_user_can( 'upload_files' ) ) : ?>
@ -413,12 +413,12 @@ function wp_dashboard_quick_press() {
<input type="hidden" name="action" id="quickpost-action" value="post-quickpress-save" />
<input type="hidden" name="quickpress_post_ID" value="<?php echo (int) $post->ID; ?>" />
<?php wp_nonce_field('add-post'); ?>
<input type="submit" name="save" id="save-post" class="button" tabindex="4" value="<?php _ea('Save Draft'); ?>" />
<input type="reset" value="<?php _ea( 'Reset' ); ?>" class="button" />
<input type="submit" name="save" id="save-post" class="button" tabindex="4" value="<?php esc_attr_e('Save Draft'); ?>" />
<input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" />
<?php if ( current_user_can('publish_posts') ) { ?>
<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php _ea('Publish'); ?>" />
<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php esc_attr_e('Publish'); ?>" />
<?php } else { ?>
<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php _ea('Submit for Review'); ?>" />
<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php esc_attr_e('Submit for Review'); ?>" />
<?php } ?>
<br class="clear" />
</p>
@ -449,7 +449,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
foreach ( $drafts as $draft ) {
$url = get_edit_post_link( $draft->ID );
$title = _draft_or_post_title( $draft->ID );
$item = "<h4><a href='$url' title='" . sprintf( __( 'Edit &#8220;%s&#8221;' ), attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
$item = "<h4><a href='$url' title='" . sprintf( __( 'Edit &#8220;%s&#8221;' ), esc_attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
if ( $the_content = preg_split( '#\s#', strip_tags( $draft->post_content ), 11, PREG_SPLIT_NO_EMPTY ) )
$item .= '<p>' . join( ' ', array_slice( $the_content, 0, 10 ) ) . ( 10 < count( $the_content ) ? '&hellip;' : '' ) . '</p>';
$list[] = $item;
@ -596,9 +596,9 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
<textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
<div class="author-email"><?php echo attr( $comment->comment_author_email ); ?></div>
<div class="author"><?php echo attr( $comment->comment_author ); ?></div>
<div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
<div class="author-email"><?php echo esc_attr( $comment->comment_author_email ); ?></div>
<div class="author"><?php echo esc_attr( $comment->comment_author ); ?></div>
<div class="author-url"><?php echo esc_attr( $comment->comment_author_url ); ?></div>
<div class="comment_status"><?php echo $comment->comment_approved; ?></div>
</div>
</div>

12
wp-admin/includes/file.php
View File

@ -732,12 +732,12 @@ jQuery(function($){
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th>
<td><input name="hostname" type="text" id="hostname" value="<?php echo attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
<td><input name="hostname" type="text" id="hostname" value="<?php echo esc_attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
</tr>
<tr valign="top">
<th scope="row"><label for="username"><?php _e('Username') ?></label></th>
<td><input name="username" type="text" id="username" value="<?php echo attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
<td><input name="username" type="text" id="username" value="<?php echo esc_attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
</tr>
<tr valign="top">
@ -751,7 +751,7 @@ jQuery(function($){
<label for="public_key"><?php _e('Public Key:') ?></label ><br />
<label for="private_key"><?php _e('Private Key:') ?></label>
</div></th>
<td><br /><input name="public_key" type="text" id="public_key" value="<?php echo attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
<td><br /><input name="public_key" type="text" id="public_key" value="<?php echo esc_attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo esc_attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
<div><?php _e('Enter the location on the server where the keys are located. If a passphrase is needed, enter that in the password field above.') ?></div></td>
</tr>
@ -768,13 +768,13 @@ jQuery(function($){
</table>
<?php if ( isset( $_POST['version'] ) ) : ?>
<input type="hidden" name="version" value="<?php echo attr($_POST['version']) ?>" />
<input type="hidden" name="version" value="<?php echo esc_attr($_POST['version']) ?>" />
<?php endif; ?>
<?php if ( isset( $_POST['locale'] ) ) : ?>
<input type="hidden" name="locale" value="<?php echo attr($_POST['locale']) ?>" />
<input type="hidden" name="locale" value="<?php echo esc_attr($_POST['locale']) ?>" />
<?php endif; ?>
<p class="submit">
<input id="upgrade" name="upgrade" type="submit" class="button" value="<?php _ea('Proceed'); ?>" />
<input id="upgrade" name="upgrade" type="submit" class="button" value="<?php esc_attr_e('Proceed'); ?>" />
</p>
</div>
</form>

2
wp-admin/includes/manifest.php
View File

@ -26,7 +26,7 @@ function add_filter() {}
/**
* @ignore
*/
function attr() {}
function esc_attr() {}
/**
* @ignore

84
wp-admin/includes/media.php
View File

@ -78,7 +78,7 @@ function the_media_upload_tabs() {
$class = " class='current'";
$href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
$link = "<a href='" . clean_url($href) . "'$class>$text</a>";
echo "\t<li id='" . attr("tab-$callback") . "'>$link</li>\n";
echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n";
}
echo "</ul>\n";
}
@ -104,7 +104,7 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal
$html = get_image_tag($id, $htmlalt, $title, $align, $size);
$rel = $rel ? ' rel="attachment wp-att-'.attr($id).'"' : '';
$rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : '';
if ( $url )
$html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
@ -428,7 +428,7 @@ function media_upload_form_handler() {
$html = $attachment['post_title'];
if ( !empty($attachment['url']) ) {
if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) )
$rel = " rel='attachment wp-att-".attr($send_id)."'";
$rel = " rel='attachment wp-att-" . esc_attr($send_id)."'";
$html = "<a href='{$attachment['url']}'$rel>$html</a>";
}
$html = apply_filters('media_send_to_editor', $html, $send_id, $attachment);
@ -463,9 +463,9 @@ function media_upload_image() {
$src = $_POST['insertonly']['src'];
if ( !empty($src) && !strpos($src, '://') )
$src = "http://$src";
$alt = attr($_POST['insertonly']['alt']);
$alt = esc_attr($_POST['insertonly']['alt']);
if ( isset($_POST['insertonly']['align']) ) {
$align = attr($_POST['insertonly']['align']);
$align = esc_attr($_POST['insertonly']['align']);
$class = " class='align$align'";
}
if ( !empty($src) )
@ -557,7 +557,7 @@ function media_upload_audio() {
$href = $_POST['insertonly']['href'];
if ( !empty($href) && !strpos($href, '://') )
$href = "http://$href";
$title = attr($_POST['insertonly']['title']);
$title = esc_attr($_POST['insertonly']['title']);
if ( empty($title) )
$title = basename($href);
if ( !empty($title) && !empty($href) )
@ -611,7 +611,7 @@ function media_upload_video() {
$href = $_POST['insertonly']['href'];
if ( !empty($href) && !strpos($href, '://') )
$href = "http://$href";
$title = attr($_POST['insertonly']['title']);
$title = esc_attr($_POST['insertonly']['title']);
if ( empty($title) )
$title = basename($href);
if ( !empty($title) && !empty($href) )
@ -665,7 +665,7 @@ function media_upload_file() {
$href = $_POST['insertonly']['href'];
if ( !empty($href) && !strpos($href, '://') )
$href = "http://$href";
$title = attr($_POST['insertonly']['title']);
$title = esc_attr($_POST['insertonly']['title']);
if ( empty($title) )
$title = basename($href);
if ( !empty($title) && !empty($href) )
@ -755,7 +755,7 @@ function image_align_input_fields($post, $checked='') {
$out = array();
foreach ($alignments as $name => $label) {
$name = attr($name);
$name = esc_attr($name);
$out[] = "<input type='radio' name='attachments[{$post->ID}][align]' id='image-align-{$name}-{$post->ID}' value='$name'".
( $checked == $name ? " checked='checked'" : "" ) .
" /><label for='image-align-{$name}-{$post->ID}' class='align image-align-{$name}-label'>" . $label . "</label>";
@ -829,10 +829,10 @@ function image_link_input_fields($post, $url_type='') {
elseif ( $url_type == 'post' )
$url = $link;
return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attr($url) . "' /><br />
return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . esc_attr($url) . "' /><br />
<button type='button' class='button urlnone' title=''>" . __('None') . "</button>
<button type='button' class='button urlfile' title='" . attr($file) . "'>" . __('File URL') . "</button>
<button type='button' class='button urlpost' title='" . attr($link) . "'>" . __('Post URL') . "</button>
<button type='button' class='button urlfile' title='" . esc_attr($file) . "'>" . __('File URL') . "</button>
<button type='button' class='button urlpost' title='" . esc_attr($link) . "'>" . __('Post URL') . "</button>
";
}
@ -992,7 +992,7 @@ function get_attachment_fields_to_edit($post, $errors = null) {
'image_url' => array(
'label' => __('File URL'),
'input' => 'html',
'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . attr($image_url) . "' /><br />",
'html' => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . esc_attr($image_url) . "' /><br />",
'value' => isset($edit_post->post_url) ? $edit_post->post_url : '',
'helps' => __('Location of the uploaded file.'),
)
@ -1089,19 +1089,19 @@ function get_media_item( $attachment_id, $args = null ) {
$post = get_post($attachment_id);
$filename = basename($post->guid);
$title = attr($post->post_title);
$title = esc_attr($post->post_title);
if ( $_tags = get_the_tags($attachment_id) ) {
foreach ( $_tags as $tag )
$tags[] = $tag->name;
$tags = attr(join(', ', $tags));
$tags = esc_attr(join(', ', $tags));
}
$type = '';
if ( isset($post_mime_types) ) {
$keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
$type = array_shift($keys);
$type = "<input type='hidden' id='type-of-$attachment_id' value='" . attr( $type ) . "' />";
$type = "<input type='hidden' id='type-of-$attachment_id' value='" . esc_attr( $type ) . "' />";
}
$form_fields = get_attachment_fields_to_edit($post, $errors);
@ -1160,7 +1160,7 @@ function get_media_item( $attachment_id, $args = null ) {
$delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
if ( $send )
$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . _a( 'Insert into Post' ) . "' />";
$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />";
if ( $delete )
$delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
if ( ( $send || $delete ) && !isset($form_fields['buttons']) )
@ -1198,7 +1198,7 @@ function get_media_item( $attachment_id, $args = null ) {
elseif ( $field['input'] == 'textarea' ) {
$item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
} else {
$item .= "<input type='text' id='$name' name='$name' value='" . attr( $field['value'] ) . "'" . $aria_required . "/>";
$item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
}
if ( !empty($field['helps']) )
$item .= "<p class='help'>" . join( "</p>\n<p class='help'>", array_unique((array) $field['helps']) ) . '</p>';
@ -1226,7 +1226,7 @@ function get_media_item( $attachment_id, $args = null ) {
$item .= "\t</table>\n";
foreach ( $hidden_fields as $name => $value )
$item .= "\t<input type='hidden' name='$name' id='$name' value='" . attr( $value ) . "' />\n";
$item .= "\t<input type='hidden' name='$name' id='$name' value='" . esc_attr( $value ) . "' />\n";
if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) {
$parent = (int) $_REQUEST['post_id'];
@ -1307,7 +1307,7 @@ SWFUpload.onload = function() {
button_width: "132",
button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
button_placeholder_id: "flash-browse-button",
upload_url : "<?php echo attr( $flash_action_url ); ?>",
upload_url : "<?php echo esc_attr( $flash_action_url ); ?>",
flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>",
file_post_name: "async-upload",
file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
@ -1355,7 +1355,7 @@ SWFUpload.onload = function() {
<?php do_action('pre-html-upload-ui'); ?>
<p id="async-upload-wrap">
<label class="invisible" for="async-upload"><?php _e('Upload'); ?></label>
<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php _ea('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php esc_attr_e('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
</p>
<div class="clear"></div>
<?php if ( is_lighttpd_before_150() ): ?>
@ -1385,7 +1385,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
$form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
?>
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
<?php wp_nonce_field('media-form'); ?>
@ -1417,7 +1417,7 @@ if ( $id ) {
}
?>
</div>
<input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
<?php
}
@ -1441,7 +1441,7 @@ function media_upload_type_url_form($type = 'file', $errors = null, $id = null)
$callback = "type_url_form_$type";
?>
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
<?php wp_nonce_field('media-form'); ?>
@ -1575,7 +1575,7 @@ jQuery(function($){
<a href="#" id="desc"><?php _e('Descending'); ?></a> |
<a href="#" id="clear"><?php _e('Clear'); ?></a>
</div>
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
<?php wp_nonce_field('media-form'); ?>
<?php //media_upload_form( $errors ); ?>
<table class="widefat" cellspacing="0">
@ -1590,10 +1590,10 @@ jQuery(function($){
</div>
<p class="ml-submit">
<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php _ea( 'Save all changes' ); ?>" />
<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
<input type="hidden" name="type" value="<?php echo attr( $GLOBALS['type'] ); ?>" />
<input type="hidden" name="tab" value="<?php echo attr( $GLOBALS['tab'] ); ?>" />
<input type="hidden" name="type" value="<?php echo esc_attr( $GLOBALS['type'] ); ?>" />
<input type="hidden" name="tab" value="<?php echo esc_attr( $GLOBALS['tab'] ); ?>" />
</p>
<div id="gallery-settings" style="display:none;">
@ -1667,8 +1667,8 @@ jQuery(function($){
</tbody></table>
<p class="ml-submit">
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php _ea( 'Insert gallery' ); ?>" />
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php _ea( 'Update gallery settings' ); ?>" />
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php esc_attr_e( 'Insert gallery' ); ?>" />
<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php esc_attr_e( 'Update gallery settings' ); ?>" />
</p>
</div>
</form>
@ -1704,15 +1704,15 @@ function media_upload_library_form($errors) {
?>
<form id="filter" action="" method="get">
<input type="hidden" name="type" value="<?php echo attr( $type ); ?>" />
<input type="hidden" name="tab" value="<?php echo attr( $tab ); ?>" />
<input type="hidden" name="type" value="<?php echo esc_attr( $type ); ?>" />
<input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" />
<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? attr( $_GET['post_mime_type'] ) : ''; ?>" />
<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? esc_attr( $_GET['post_mime_type'] ) : ''; ?>" />
<p id="media-search" class="search-box">
<label class="invisible" for="media-search-input"><?php _e('Search Media');?>:</label>
<input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" />
</p>
<ul class="subsubsub">
@ -1791,7 +1791,7 @@ foreach ($arc_result as $arc_row) {
else
$default = '';
echo "<option$default value='" . attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
echo "</option>\n";
}
@ -1799,7 +1799,7 @@ foreach ($arc_result as $arc_row) {
</select>
<?php } ?>
<input type="submit" id="post-query-submit" value="<?php echo attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
<input type="submit" id="post-query-submit" value="<?php echo esc_attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
</div>
@ -1807,7 +1807,7 @@ foreach ($arc_result as $arc_row) {
</div>
</form>
<form enctype="multipart/form-data" method="post" action="<?php echo attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
<?php wp_nonce_field('media-form'); ?>
<?php //media_upload_form( $errors ); ?>
@ -1829,7 +1829,7 @@ jQuery(function($){
<?php echo get_media_items(null, $errors); ?>
</div>
<p class="ml-submit">
<input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
</p>
</form>
@ -1911,7 +1911,7 @@ function type_url_form_image() {
<tr>
<td></td>
<td>
<input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . _a('Insert into Post') . '" />
<input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . esc_attr__('Insert into Post') . '" />
</td>
</tr>
</tbody></table>
@ -1947,7 +1947,7 @@ function type_url_form_audio() {
<tr>
<td></td>
<td>
<input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
<input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
</td>
</tr>
</tbody></table>
@ -1982,7 +1982,7 @@ function type_url_form_video() {
<tr>
<td></td>
<td>
<input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
<input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
</td>
</tr>
</tbody></table>
@ -2017,7 +2017,7 @@ function type_url_form_file() {
<tr>
<td></td>
<td>
<input type="submit" class="button" name="insertonlybutton" value="' . _a('Insert into Post') . '" />
<input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
</td>
</tr>
</tbody></table>

18
wp-admin/includes/plugin-install.php
View File

@ -162,9 +162,9 @@ function install_search_form(){
<option value="author"<?php selected('author', $type) ?>><?php _e('Author') ?></option>
<option value="tag"<?php selected('tag', $type) ?>><?php _x('Tag', 'Plugin Installer') ?></option>
</select>
<input type="text" name="s" value="<?php echo attr($term) ?>" />
<input type="text" name="s" value="<?php echo esc_attr($term) ?>" />
<label class="invisible" for="plugin-search-input"><?php _e('Search Plugins'); ?></label>
<input type="submit" id="plugin-search-input" name="search" value="<?php _ea('Search Plugins') ?>" class="button" />
<input type="submit" id="plugin-search-input" name="search" value="<?php esc_attr_e('Search Plugins') ?>" class="button" />
</form><?php
}
@ -213,7 +213,7 @@ function install_plugins_upload( $page = 1 ) {
<?php wp_nonce_field( 'plugin-upload') ?>
<label class="invisible" for="pluginzip"><?php _e('Plugin zip file'); ?></label>
<input type="file" id="pluginzip" name="pluginzip" />
<input type="submit" class="button" value="<?php _ea('Install Now') ?>" />
<input type="submit" class="button" value="<?php esc_attr_e('Install Now') ?>" />
</form>
<?php
}
@ -336,12 +336,12 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
$author = wp_kses($author, $plugins_allowedtags);
if( isset($plugin['homepage']) )
$title = '<a target="_blank" href="' . attr($plugin['homepage']) . '">' . $title . '</a>';
$title = '<a target="_blank" href="' . esc_attr($plugin['homepage']) . '">' . $title . '</a>';
$action_links = array();
$action_links[] = '<a href="' . admin_url('plugin-install.php?tab=plugin-information&amp;plugin=' . $plugin['slug'] .
'&amp;TB_iframe=true&amp;width=600&amp;height=800') . '" class="thickbox onclick" title="' .
attr($name) . '">' . __('Install') . '</a>';
esc_attr($name) . '">' . __('Install') . '</a>';
$action_links = apply_filters('plugin_install_action_links', $action_links, $plugin);
?>
@ -350,7 +350,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
<td class="vers"><?php echo $version; ?></td>
<td class="vers">
<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $plugin['num_ratings']), number_format_i18n($plugin['num_ratings'])) ?>">
<div class="star star-rating" style="width: <?php echo attr($plugin['rating']) ?>px"></div>
<div class="star star-rating" style="width: <?php echo esc_attr($plugin['rating']) ?>px"></div>
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
@ -418,7 +418,7 @@ function install_plugin_information() {
$class = ( $section_name == $section ) ? ' class="current"' : '';
$href = add_query_arg( array('tab' => $tab, 'section' => $section_name) );
$href = clean_url($href);
$san_title = attr(sanitize_title_with_dashes($title));
$san_title = esc_attr(sanitize_title_with_dashes($title));
echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n";
}
echo "</ul>\n";
@ -507,7 +507,7 @@ function install_plugin_information() {
</ul>
<h2><?php _e('Average Rating') ?></h2>
<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>">
<div class="star star-rating" style="width: <?php echo attr($api->rating) ?>px"></div>
<div class="star star-rating" style="width: <?php echo esc_attr($api->rating) ?>px"></div>
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
@ -532,7 +532,7 @@ function install_plugin_information() {
$content = links_add_base_url($content, 'http://wordpress.org/extend/plugins/' . $api->slug . '/');
$content = links_add_target($content, '_blank');
$san_title = attr(sanitize_title_with_dashes($title));
$san_title = esc_attr(sanitize_title_with_dashes($title));
$display = ( $section_name == $section ) ? 'block' : 'none';

2
wp-admin/includes/plugin.php
View File

@ -1116,7 +1116,7 @@ function remove_option_whitelist( $del_options, $options = '' ) {
* @param string $option_group A settings group name. This should match the group name used in register_setting().
*/
function settings_fields($option_group) {
echo "<input type='hidden' name='option_page' value='" . attr($option_group) . "' />";
echo "<input type='hidden' name='option_page' value='" . esc_attr($option_group) . "' />";
echo '<input type="hidden" name="action" value="update" />';
wp_nonce_field("$option_group-options");
}

2
wp-admin/includes/taxonomy.php
View File

@ -222,7 +222,7 @@ function get_terms_to_edit( $post_id, $taxonomy = 'post_tag' ) {
foreach ( $tags as $tag )
$tag_names[] = $tag->name;
$tags_to_edit = join( ',', $tag_names );
$tags_to_edit = attr( $tags_to_edit );
$tags_to_edit = esc_attr( $tags_to_edit );
$tags_to_edit = apply_filters( 'terms_to_edit', $tags_to_edit, $taxonomy );
return $tags_to_edit;

84
wp-admin/includes/template.php
View File

@ -125,7 +125,7 @@ function _cat_row( $category, $level, $name_override = false ) {
$name = ( $name_override ? $name_override : $pad . ' ' . $category->name );
$edit_link = "categories.php?action=edit&amp;cat_ID=$category->term_id";
if ( current_user_can( 'manage_categories' ) ) {
$edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>" . attr( $name ) . '</a><br />';
$edit = "<a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>" . esc_attr( $name ) . '</a><br />';
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
@ -264,7 +264,7 @@ function inline_edit_term_row($type) {
<p class="inline-edit-save submit">
<a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a>
<?php $update_text = ( $is_tag ) ? __( 'Update Tag' ) : __( 'Update Category' ); ?>
<a accesskey="s" href="#inline-edit" title="<?php echo attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
<a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
<img class="waiting" style="display:none;" src="images/wpspin_light.gif" alt="" />
<span class="error" style="display:none;"></span>
<?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?>
@ -296,7 +296,7 @@ function link_cat_row( $category, $name_override = false ) {
$name = ( $name_override ? $name_override : $category->name );
$edit_link = "link-category.php?action=edit&amp;cat_ID=$category->term_id";
if ( current_user_can( 'manage_categories' ) ) {
$edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>$name</a><br />";
$edit = "<a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $category->name)) . "'>$name</a><br />";
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
@ -658,7 +658,7 @@ function _tag_row( $tag, $class = '', $taxonomy = 'post_tag' ) {
$out .= '<th scope="row" class="check-column"> <input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" /></th>';
break;
case 'name':
$out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr(sprintf(__('Edit &#8220;%s&#8221;'), $name)) . '">' . $name . '</a></strong><br />';
$out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $name)) . '">' . $name . '</a></strong><br />';
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
@ -1257,12 +1257,12 @@ function inline_edit_row( $type ) {
wp_nonce_field( 'inlineeditnonce', '_inline_edit', false );
$update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' );
?>
<a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr( $update_text ); ?></a>
<a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a>
<img class="waiting" style="display:none;" src="images/wpspin_light.gif" alt="" />
<?php } else {
$update_text = ( $is_page ) ? __( 'Update Pages' ) : __( 'Update Posts' );
?>
<input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr( $update_text ); ?>" />
<input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo esc_attr( $update_text ); ?>" />
<?php } ?>
<input type="hidden" name="post_view" value="<?php echo $m; ?>" />
<br class="clear" />
@ -1288,7 +1288,7 @@ function get_inline_data($post) {
if ( ! current_user_can('edit_' . $post->post_type, $post->ID) )
return;
$title = attr($post->post_title);
$title = esc_attr($post->post_title);
echo '
<div class="hidden" id="inline_' . $post->ID . '">
@ -1437,22 +1437,22 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'title':
$attributes = 'class="post-title column-title"' . $style;
?>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
<?php
if ( 'excerpt' == $mode )
the_excerpt();
$actions = array();
if ( current_user_can('edit_post', $post->ID) ) {
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_post', $post->ID) )
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
} else {
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
}
$actions = apply_filters('post_row_actions', $actions, $post);
$action_count = count($actions);
@ -1653,19 +1653,19 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
$attributes = 'class="post-title page-title column-title"' . $style;
$edit_link = get_edit_post_link( $page->ID );
?>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
<?php
$actions = array();
if ( current_user_can('edit_page', $page->ID) ) {
$actions['edit'] = '<a href="' . $edit_link . '" title="' . attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
$actions['edit'] = '<a href="' . $edit_link . '" title="' . esc_attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
$actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_page', $page->ID) )
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
} else {
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
}
$actions = apply_filters('page_row_actions', $actions, $page);
$action_count = count($actions);
@ -2124,9 +2124,9 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
comment_text(); ?>
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
<textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
<div class="author-email"><?php if ( $user_can ) echo attr( $comment->comment_author_email ); ?></div>
<div class="author"><?php if ( $user_can ) echo attr( $comment->comment_author ); ?></div>
<div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
<div class="author-email"><?php if ( $user_can ) echo esc_attr( $comment->comment_author_email ); ?></div>
<div class="author"><?php if ( $user_can ) echo esc_attr( $comment->comment_author ); ?></div>
<div class="author-url"><?php echo esc_attr( $comment->comment_author_url ); ?></div>
<div class="comment_status"><?php echo $comment->comment_approved; ?></div>
</div>
<?php
@ -2305,7 +2305,7 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single',
<input type="hidden" name="status" id="status" value="" />
<input type="hidden" name="position" id="position" value="<?php echo $position; ?>" />
<input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" />
<input type="hidden" name="mode" id="mode" value="<?php echo attr($mode); ?>" />
<input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" />
<?php wp_nonce_field( 'replyto-comment', '_ajax_nonce', false ); ?>
<?php wp_comment_form_unfiltered_html_nonce(); ?>
<?php if ( $table_row ) : ?>
@ -2427,7 +2427,7 @@ function _list_meta_row( $entry, &$count ) {
}
}
$entry['meta_key'] = attr($entry['meta_key']);
$entry['meta_key'] = esc_attr($entry['meta_key']);
$entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
$entry['meta_id'] = (int) $entry['meta_id'];
@ -2437,8 +2437,8 @@ function _list_meta_row( $entry, &$count ) {
$r .= "\n\t\t<td class='left'><label class='invisible' for='meta[{$entry['meta_id']}][key]'>" . __( 'Key' ) . "</label><input name='meta[{$entry['meta_id']}][key]' id='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' />";
$r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' ";
$r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='". _a( 'Delete' ) ."' />";
$r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='". _a( 'Update' ) ."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
$r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='". esc_attr__( 'Delete' ) ."' />";
$r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='". esc_attr__( 'Update' ) ."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
$r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
$r .= "</td>";
@ -2482,8 +2482,8 @@ function meta_form() {
<?php
foreach ( $keys as $key ) {
$key = attr( $key );
echo "\n<option value='" . attr($key) . "'>$key</option>";
$key = esc_attr( $key );
echo "\n<option value='" . esc_attr($key) . "'>$key</option>";
}
?>
</select>
@ -2499,7 +2499,7 @@ function meta_form() {
</tr>
<tr><td colspan="2" class="submit">
<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php _ea( 'Add Custom Field' ) ?>" />
<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php esc_attr_e( 'Add Custom Field' ) ?>" />
<?php wp_nonce_field( 'add-meta', '_ajax_nonce', false ); ?>
</td></tr>
</tbody>
@ -2719,9 +2719,9 @@ function wp_dropdown_roles( $selected = false ) {
foreach( $editable_roles as $role => $details ) {
$name = translate_user_role($details['name'] );
if ( $selected == $role ) // Make default first in list
$p = "\n\t<option selected='selected' value='" . attr($role) . "'>$name</option>";
$p = "\n\t<option selected='selected' value='" . esc_attr($role) . "'>$name</option>";
else
$r .= "\n\t<option value='" . attr($role) . "'>$name</option>";
$r .= "\n\t<option value='" . esc_attr($role) . "'>$name</option>";
}
echo $p . $r;
}
@ -2792,7 +2792,7 @@ function wp_import_upload_form( $action ) {
<p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php
else :
?>
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr($action) ?>">
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr($action) ?>">
<p>
<?php wp_nonce_field('import-upload'); ?>
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
@ -2801,7 +2801,7 @@ function wp_import_upload_form( $action ) {
<input type="hidden" name="max_file_size" value="<?php echo $bytes; ?>" />
</p>
<p class="submit">
<input type="submit" class="button" value="<?php _ea( 'Upload file and import' ); ?>" />
<input type="submit" class="button" value="<?php esc_attr_e( 'Upload file and import' ); ?>" />
</p>
</form>
<?php
@ -2815,7 +2815,7 @@ function wp_import_upload_form( $action ) {
*/
function wp_remember_old_slug() {
global $post;
$name = attr($post->post_name); // just in case
$name = esc_attr($post->post_name); // just in case
if ( strlen($name) )
echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
}
@ -3154,14 +3154,14 @@ function find_posts_div($found_action = '') {
<div class="find-box-inside">
<div class="find-box-search">
<?php if ( $found_action ) { ?>
<input type="hidden" name="found_action" value="<?php echo attr($found_action); ?>" />
<input type="hidden" name="found_action" value="<?php echo esc_attr($found_action); ?>" />
<?php } ?>
<input type="hidden" name="affected" id="affected" value="" />
<?php wp_nonce_field( 'find-posts', '_ajax_nonce', false ); ?>
<label class="invisible" for="find-posts-input"><?php _e( 'Search' ); ?></label>
<input type="text" id="find-posts-input" name="ps" value="" />
<input type="button" onclick="findPosts.send();" value="<?php _ea( 'Search' ); ?>" class="button" /><br />
<input type="button" onclick="findPosts.send();" value="<?php esc_attr_e( 'Search' ); ?>" class="button" /><br />
<input type="radio" name="find-posts-what" id="find-posts-posts" checked="checked" value="posts" />
<label for="find-posts-posts"><?php _e( 'Posts' ); ?></label>
@ -3171,8 +3171,8 @@ function find_posts_div($found_action = '') {
<div id="find-posts-response"></div>
</div>
<div class="find-box-buttons">
<input type="button" class="button alignleft" onclick="findPosts.close();" value="<?php _ea('Close'); ?>" />
<input id="find-posts-submit" type="submit" class="button-primary alignright" value="<?php _ea('Select'); ?>" />
<input type="button" class="button alignleft" onclick="findPosts.close();" value="<?php esc_attr_e('Close'); ?>" />
<input id="find-posts-submit" type="submit" class="button-primary alignright" value="<?php esc_attr_e('Select'); ?>" />
</div>
</div>
<?php
@ -3181,7 +3181,7 @@ function find_posts_div($found_action = '') {
/**
* Display the post password.
*
* The password is passed through {@link attr()} to ensure that it
* The password is passed through {@link esc_attr()} to ensure that it
* is safe for placing in an html attribute.
*
* @uses attr
@ -3189,7 +3189,7 @@ function find_posts_div($found_action = '') {
*/
function the_post_password() {
global $post;
if ( isset( $post->post_password ) ) echo attr( $post->post_password );
if ( isset( $post->post_password ) ) echo esc_attr( $post->post_password );
}
/**
@ -3312,7 +3312,7 @@ function _draft_or_post_title($post_id = 0)
*
*/
function _admin_search_query() {
echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : '';
echo isset($_GET['s']) ? esc_attr( stripslashes( $_GET['s'] ) ) : '';
}
/**
@ -3643,8 +3643,8 @@ function screen_options($screen) {
$return .= "<div class='screen-options'>\n";
if ( !empty($per_page_label) )
$return .= "<label for='$option'>$per_page_label</label> <input type='text' class='screen-per-page' name='wp_screen_options[value]' id='$option' maxlength='3' value='$per_page' />\n";
$return .= "<input type='submit' class='button' value='" . _a('Apply') . "' />";
$return .= "<input type='hidden' name='wp_screen_options[option]' value='" . attr($option) . "' />";
$return .= "<input type='submit' class='button' value='" . esc_attr__('Apply') . "' />";
$return .= "<input type='hidden' name='wp_screen_options[option]' value='" . esc_attr($option) . "' />";
$return .= "</div>\n";
return $return;
}

18
wp-admin/includes/theme-install.php
View File

@ -158,8 +158,8 @@ function install_theme_search_form() {
<option value="author" <?php selected('author', $type) ?>><?php _e('Author'); ?></option>
<option value="tag" <?php selected('tag', $type) ?>><?php _e('Tag'); ?></option>
</select>
<input type="text" name="s" size="30" value="<?php echo attr($term) ?>" />
<input type="submit" name="search" value="<?php _ea('Search'); ?>" class="button" />
<input type="text" name="s" size="30" value="<?php echo esc_attr($term) ?>" />
<input type="submit" name="search" value="<?php esc_attr_e('Search'); ?>" class="button" />
</form>
<?php
}
@ -202,7 +202,7 @@ function install_themes_dashboard() {
if ( isset($trans[$feature]) )
$feature_name = $trans[$feature];
$feature_name = wp_specialchars( $feature_name );
$feature = attr($feature);
$feature = esc_attr($feature);
?>
<li>
@ -218,7 +218,7 @@ function install_themes_dashboard() {
</div>
<br class="clear" />
<input type="submit" name="search" value="<?php _ea('Find Themes'); ?>" class="button" />
<input type="submit" name="search" value="<?php esc_attr_e('Find Themes'); ?>" class="button" />
</form>
<?php
}
@ -281,7 +281,7 @@ function install_themes_upload($page = 1) {
<?php wp_nonce_field( 'theme-upload') ?>
<input type="file" name="themezip" />
<input type="submit"
class="button" value="<?php _ea('Install Now') ?>" />
class="button" value="<?php esc_attr_e('Install Now') ?>" />
</form>
<?php
}
@ -301,8 +301,8 @@ function display_theme($theme, $actions = null, $show_details = true) {
if ( !is_array($actions) ) {
$actions = array();
$actions[] = '<a href="' . admin_url('theme-install.php?tab=theme-information&amp;theme=' . $theme->slug .
'&amp;TB_iframe=true&amp;tbWidth=500&amp;tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . attr(sprintf(__('Install &#8220;%s&#8221;'), $name)) . '">' . __('Install') . '</a>';
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>';
'&amp;TB_iframe=true&amp;tbWidth=500&amp;tbHeight=350') . '" class="thickbox thickbox-preview onclick" title="' . esc_attr(sprintf(__('Install &#8220;%s&#8221;'), $name)) . '">' . __('Install') . '</a>';
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)) . '">' . __('Preview') . '</a>';
$actions = apply_filters('theme_install_action_links', $actions, $theme);
}
@ -310,7 +310,7 @@ function display_theme($theme, $actions = null, $show_details = true) {
?>
<a class='thickbox thickbox-preview screenshot'
href='<? echo clean_url($preview_link); ?>'
title='<?php echo attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)); ?>'>
title='<?php echo esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)); ?>'>
<img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' />
</a>
<h3><?php echo $name ?></h3>
@ -331,7 +331,7 @@ function display_theme($theme, $actions = null, $show_details = true) {
<p><strong><?php _e('Downloaded:') ?></strong> <?php printf(_n('%s time', '%s times', $theme->downloaded), number_format_i18n($theme->downloaded)) ?></p>
<?php endif; ?>
<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $theme->num_ratings), number_format_i18n($theme->num_ratings)) ?>">
<div class="star star-rating" style="width: <?php echo attr($theme->rating) ?>px"></div>
<div class="star star-rating" style="width: <?php echo esc_attr($theme->rating) ?>px"></div>
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>

18
wp-admin/includes/user.php
View File

@ -366,16 +366,16 @@ function get_others_pending($user_id) {
*/
function get_user_to_edit( $user_id ) {
$user = new WP_User( $user_id );
$user->user_login = attr($user->user_login);
$user->user_email = attr($user->user_email);
$user->user_login = esc_attr($user->user_login);
$user->user_email = esc_attr($user->user_email);
$user->user_url = clean_url($user->user_url);
$user->first_name = attr($user->first_name);
$user->last_name = attr($user->last_name);
$user->display_name = attr($user->display_name);
$user->nickname = attr($user->nickname);
$user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attr($user->aim) : '';
$user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attr($user->yim) : '';
$user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attr($user->jabber) : '';
$user->first_name = esc_attr($user->first_name);
$user->last_name = esc_attr($user->last_name);
$user->display_name = esc_attr($user->display_name);
$user->nickname = esc_attr($user->nickname);
$user->aim = isset( $user->aim ) && !empty( $user->aim ) ? esc_attr($user->aim) : '';
$user->yim = isset( $user->yim ) && !empty( $user->yim ) ? esc_attr($user->yim) : '';
$user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? esc_attr($user->jabber) : '';
$user->description = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : '';
return $user;

16
wp-admin/includes/widgets.php
View File

@ -183,18 +183,18 @@ function wp_widget_control( $sidebar_args ) {
else
echo "\t\t<p>" . __('There are no options for this widget.') . "</p>\n"; ?>
<input type="hidden" name="widget-id" class="widget-id" value="<?php echo attr($id_format); ?>" />
<input type="hidden" name="id_base" class="id_base" value="<?php echo attr($id_base); ?>" />
<input type="hidden" name="widget-width" class="widget-width" value="<?php echo attr($control['width']); ?>" />
<input type="hidden" name="widget-height" class="widget-height" value="<?php echo attr($control['height']); ?>" />
<input type="hidden" name="widget_number" class="widget_number" value="<?php echo attr($widget_number); ?>" />
<input type="hidden" name="multi_number" class="multi_number" value="<?php echo attr($multi_number); ?>" />
<input type="hidden" name="add_new" class="add_new" value="<?php echo attr($add_new); ?>" />
<input type="hidden" name="widget-id" class="widget-id" value="<?php echo esc_attr($id_format); ?>" />
<input type="hidden" name="id_base" class="id_base" value="<?php echo esc_attr($id_base); ?>" />
<input type="hidden" name="widget-width" class="widget-width" value="<?php echo esc_attr($control['width']); ?>" />
<input type="hidden" name="widget-height" class="widget-height" value="<?php echo esc_attr($control['height']); ?>" />
<input type="hidden" name="widget_number" class="widget_number" value="<?php echo esc_attr($widget_number); ?>" />
<input type="hidden" name="multi_number" class="multi_number" value="<?php echo esc_attr($multi_number); ?>" />
<input type="hidden" name="add_new" class="add_new" value="<?php echo esc_attr($add_new); ?>" />
<div class="widget-control-actions">
<a class="button widget-control-remove alignleft" href="<?php echo $edit ? clean_url( add_query_arg( array( 'remove' => $id_format, 'key' => $key, '_wpnonce' => $nonce ) ) ) : '#remove'; ?>"><?php _e('Remove'); ?></a>
<?php if ( 'noform' !== $has_form ) { ?>
<input type="submit" name="savewidget" class="button-primary widget-control-save alignright" value="<?php _ea('Save'); ?>" />
<input type="submit" name="savewidget" class="button-primary widget-control-save alignright" value="<?php esc_attr_e('Save'); ?>" />
<?php } ?>
<br class="clear" />
</div>

6
wp-admin/install.php
View File

@ -57,18 +57,18 @@ function display_setup_form( $error = null ) {
<table class="form-table">
<tr>
<th scope="row"><label for="weblog_title"><?php _e('Blog Title'); ?></label></th>
<td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? attr($_POST['weblog_title']) : '' ); ?>" /></td>
<td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? esc_attr($_POST['weblog_title']) : '' ); ?>" /></td>
</tr>
<tr>
<th scope="row"><label for="admin_email"><?php _e('Your E-mail'); ?></label></th>
<td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? attr($_POST['admin_email']) : '' ); ?>" /><br />
<td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? esc_attr($_POST['admin_email']) : '' ); ?>" /><br />
<?php _e('Double-check your email address before continuing.'); ?>
</tr>
<tr>
<td colspan="2"><label><input type="checkbox" name="blog_public" value="1"<?php if( isset($_POST) && ! empty($_POST) && isset( $_POST['blog_public'] ) ) : ?> checked="checked"<?php endif; ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
</tr>
</table>
<p class="step"><input type="submit" name="Submit" value="<?php _ea('Install WordPress'); ?>" class="button" /></p>
<p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e('Install WordPress'); ?>" class="button" /></p>
</form>
<?php
}

16
wp-admin/link-manager.php
View File

@ -90,7 +90,7 @@ if ( isset($_GET['deleted']) ) {
<p class="search-box">
<label class="invisible" for="link-search-input"><?php _e( 'Search Links' ); ?>:</label>
<input type="text" id="link-search-input" name="s" value="<?php _admin_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Links' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Links' ); ?>" class="button" />
</p>
</form>
<br class="clear" />
@ -103,14 +103,14 @@ if ( isset($_GET['deleted']) ) {
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php
$categories = get_terms('link_category', "hide_empty=1");
$select_cat = "<select name=\"cat_id\">\n";
$select_cat .= '<option value="all"' . (($cat_id == 'all') ? " selected='selected'" : '') . '>' . __('View all Categories') . "</option>\n";
foreach ((array) $categories as $cat)
$select_cat .= '<option value="' . attr($cat->term_id) . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n";
$select_cat .= '<option value="' . esc_attr($cat->term_id) . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n";
$select_cat .= "</select>\n";
$select_order = "<select name=\"order_by\">\n";
@ -124,7 +124,7 @@ echo $select_cat;
echo $select_order;
?>
<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />
</div>
@ -165,7 +165,7 @@ if ( $links ) {
foreach ($links as $link) {
$link = sanitize_bookmark($link);
$link->link_name = attr($link->link_name);
$link->link_name = esc_attr($link->link_name);
$link->link_category = wp_get_link_cats($link->link_id);
$short_url = str_replace('http://', '', $link->link_url);
$short_url = preg_replace('/^www\./i', '', $short_url);
@ -190,11 +190,11 @@ if ( $links ) {
switch($column_name) {
case 'cb':
echo '<th scope="row" class="check-column"><input type="checkbox" name="linkcheck[]" value="'. attr($link->link_id) .'" /></th>';
echo '<th scope="row" class="check-column"><input type="checkbox" name="linkcheck[]" value="'. esc_attr($link->link_id) .'" /></th>';
break;
case 'name':
echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit &#8220;%s&#8221;'), $link->link_name)) . "'>$link->link_name</a></strong><br />";
echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $link->link_name)) . "'>$link->link_name</a></strong><br />";
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id) . "' onclick=\"if ( confirm('" . js_escape(sprintf( __("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
@ -261,7 +261,7 @@ if ( $links ) {
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
</div>
<br class="clear" />

2
wp-admin/load-scripts.php
View File

@ -35,7 +35,7 @@ function add_filter() {}
/**
* @ignore
*/
function attr() {}
function esc_attr() {}
/**
* @ignore

2
wp-admin/load-styles.php
View File

@ -35,7 +35,7 @@ function add_filter() {}
/**
* @ignore
*/
function attr() {}
function esc_attr() {}
/**
* @ignore

2
wp-admin/media-upload.php
View File

@ -78,7 +78,7 @@ if ( isset($_GET['inline']) ) {
<?php wp_nonce_field('media-form'); ?>
<div id="media-items"> </div>
<p>
<input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
</p>
</form>
</div>

6
wp-admin/media.php
View File

@ -93,9 +93,9 @@ case 'edit' :
</div>
<p class="submit">
<input type="submit" class="button-primary" name="save" value="<?php _ea('Update Media'); ?>" />
<input type="hidden" name="post_id" id="post_id" value="<?php echo isset($post_id) ? attr($post_id) : ''; ?>" />
<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo attr($att_id); ?>" />
<input type="submit" class="button-primary" name="save" value="<?php esc_attr_e('Update Media'); ?>" />
<input type="hidden" name="post_id" id="post_id" value="<?php echo isset($post_id) ? esc_attr($post_id) : ''; ?>" />
<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($att_id); ?>" />
<input type="hidden" name="action" value="editattachment" />
<?php wp_original_referer_field(true, 'previous'); ?>
<?php wp_nonce_field('media-form'); ?>

2
wp-admin/menu.php
View File

@ -39,7 +39,7 @@ $menu[5] = array( __('Posts'), 'edit_posts', 'edit.php', '', 'open-if-no-js menu
if ( $tax->hierarchical || ! in_array('post', (array) $tax->object_type, true) )
continue;
$submenu['edit.php'][$i] = array( attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name );
$submenu['edit.php'][$i] = array( esc_attr($tax->label), 'manage_categories', 'edit-tags.php?taxonomy=' . $tax->name );
++$i;
}

16
wp-admin/options-discussion.php
View File

@ -54,7 +54,7 @@ include('admin-header.php');
<label for="close_comments_for_old_posts">
<input name="close_comments_for_old_posts" type="checkbox" id="close_comments_for_old_posts" value="1" <?php checked('1', get_option('close_comments_for_old_posts')); ?> />
<?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . attr(get_option('close_comments_days_old')) . '" class="small-text" />') ?>
<?php printf( __('Automatically close comments on articles older than %s days'), '</label><input name="close_comments_days_old" type="text" id="close_comments_days_old" value="' . esc_attr(get_option('close_comments_days_old')) . '" class="small-text" />') ?>
<br />
<label for="thread_comments">
<input name="thread_comments" type="checkbox" id="thread_comments" value="1" <?php checked('1', get_option('thread_comments')); ?> />
@ -64,7 +64,7 @@ $maxdeep = (int) apply_filters( 'thread_comments_depth_max', 10 );
$thread_comments_depth = '</label><select name="thread_comments_depth" id="thread_comments_depth">';
for ( $i = 1; $i <= $maxdeep; $i++ ) {
$thread_comments_depth .= "<option value='" . attr($i) . "'";
$thread_comments_depth .= "<option value='" . esc_attr($i) . "'";
if ( get_option('thread_comments_depth') == $i ) $thread_comments_depth .= " selected='selected'";
$thread_comments_depth .= ">$i</option>";
}
@ -83,7 +83,7 @@ $default_comments_page .= '>' . __('last') . '</option><option value="oldest"';
if ( 'oldest' == get_option('default_comments_page') ) $default_comments_page .= ' selected="selected"';
$default_comments_page .= '>' . __('first') . '</option></select>';
printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . attr(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page );
printf( __('Break comments into pages with %1$s comments per page and the %2$s page displayed by default'), '</label><label for="comments_per_page"><input name="comments_per_page" type="text" id="comments_per_page" value="' . esc_attr(get_option('comments_per_page')) . '" class="small-text" />', $default_comments_page );
?></label>
<br />
@ -125,7 +125,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
<tr valign="top">
<th scope="row"><?php _e('Comment Moderation') ?></th>
<td><fieldset><legend class="invisible"><?php _e('Comment Moderation') ?></legend>
<p><label for="comment_max_links"><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" value="' . attr(get_option('comment_max_links')) . '" class="small-text" />' ) ?></label></p>
<p><label for="comment_max_links"><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" value="' . esc_attr(get_option('comment_max_links')) . '" class="small-text" />' ) ?></label></p>
<p><label for="moderation_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the <a href="edit-comments.php?comment_status=moderated">moderation queue</a>. One word or IP per line. It will match inside words, so &#8220;press&#8221; will match &#8220;WordPress&#8221;.') ?></label></p>
<p>
@ -159,7 +159,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
$yesorno = array(0 => __("Don&#8217;t show Avatars"), 1 => __('Show Avatars'));
foreach ( $yesorno as $key => $value) {
$selected = (get_option('show_avatars') == $key) ? 'checked="checked"' : '';
echo "\n\t<label><input type='radio' name='show_avatars' value='" . attr($key) . "' $selected/> $value</label><br />";
echo "\n\t<label><input type='radio' name='show_avatars' value='" . esc_attr($key) . "' $selected/> $value</label><br />";
}
?>
</fieldset></td>
@ -172,7 +172,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
$ratings = array( 'G' => __('G &#8212; Suitable for all audiences'), 'PG' => __('PG &#8212; Possibly offensive, usually for audiences 13 and above'), 'R' => __('R &#8212; Intended for adult audiences above 17'), 'X' => __('X &#8212; Even more mature than above'));
foreach ($ratings as $key => $rating) :
$selected = (get_option('avatar_rating') == $key) ? 'checked="checked"' : '';
echo "\n\t<label><input type='radio' name='avatar_rating' value='" . attr($key) . "' $selected/> $rating</label><br />";
echo "\n\t<label><input type='radio' name='avatar_rating' value='" . esc_attr($key) . "' $selected/> $rating</label><br />";
endforeach;
?>
@ -201,7 +201,7 @@ $size = 32;
$avatar_list = '';
foreach ( $avatar_defaults as $default_key => $default_name ) {
$selected = ($default == $default_key) ? 'checked="checked" ' : '';
$avatar_list .= "\n\t<label><input type='radio' name='avatar_default' id='avatar_{$default_key}' value='" . attr($default_key) . "' {$selected}/> ";
$avatar_list .= "\n\t<label><input type='radio' name='avatar_default' id='avatar_{$default_key}' value='" . esc_attr($default_key) . "' {$selected}/> ";
$avatar = get_avatar( $user_email, $size, $default_key );
$avatar_list .= preg_replace("/src='(.+?)'/", "src='\$1&amp;forcedefault=1'", $avatar);
@ -220,7 +220,7 @@ echo apply_filters('default_avatar_select', $avatar_list);
<?php do_settings_sections('discussion'); ?>
<p class="submit">
<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>
</div>

14
wp-admin/options-general.php
View File

@ -120,7 +120,7 @@ foreach ( $offset_range as $offset ) {
$selected = " selected='selected'";
$current_offset_name = $offset_name;
}
echo "<option value=\"" . attr($offset) . "\"$selected>" . sprintf(__('UTC %s'), $offset_name) . '</option>';
echo "<option value=\"" . esc_attr($offset) . "\"$selected>" . sprintf(__('UTC %s'), $offset_name) . '</option>';
}
?>
</select>
@ -210,7 +210,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
$custom = TRUE;
foreach ( $date_formats as $format ) {
echo "\t<label title='" . attr($format) . "'><input type='radio' name='date_format' value='" . attr($format) . "'";
echo "\t<label title='" . esc_attr($format) . "'><input type='radio' name='date_format' value='" . esc_attr($format) . "'";
if ( get_option('date_format') === $format ) { // checked() uses "==" rather than "==="
echo " checked='checked'";
$custom = FALSE;
@ -220,7 +220,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
echo ' <label><input type="radio" name="date_format" id="date_format_custom_radio" value="\c\u\s\t\o\m"';
checked( $custom );
echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . attr( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n";
echo '/> ' . __('Custom:') . ' </label><input type="text" name="date_format_custom" value="' . esc_attr( get_option('date_format') ) . '" class="small-text" /> ' . date_i18n( get_option('date_format') ) . "\n";
echo "\t<p>" . __('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click &#8220;Save Changes&#8221; to update sample output.') . "</p>\n";
?>
@ -242,7 +242,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
$custom = TRUE;
foreach ( $time_formats as $format ) {
echo "\t<label title='" . attr($format) . "'><input type='radio' name='time_format' value='" . attr($format) . "'";
echo "\t<label title='" . esc_attr($format) . "'><input type='radio' name='time_format' value='" . esc_attr($format) . "'";
if ( get_option('time_format') === $format ) { // checked() uses "==" rather than "==="
echo " checked='checked'";
$custom = FALSE;
@ -252,7 +252,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
echo ' <label><input type="radio" name="time_format" id="time_format_custom_radio" value="\c\u\s\t\o\m"';
checked( $custom );
echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . attr( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n";
echo '/> ' . __('Custom:') . ' </label><input type="text" name="time_format_custom" value="' . esc_attr( get_option('time_format') ) . '" class="small-text" /> ' . date_i18n( get_option('time_format') ) . "\n";
?>
</fieldset>
</td>
@ -263,7 +263,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
<?php
for ($day_index = 0; $day_index <= 6; $day_index++) :
$selected = (get_option('start_of_week') == $day_index) ? 'selected="selected"' : '';
echo "\n\t<option value='" . attr($day_index) . "' $selected>" . $wp_locale->get_weekday($day_index) . '</option>';
echo "\n\t<option value='" . esc_attr($day_index) . "' $selected>" . $wp_locale->get_weekday($day_index) . '</option>';
endfor;
?>
</select></td>
@ -274,7 +274,7 @@ endfor;
<?php do_settings_sections('general'); ?>
<p class="submit">
<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>

2
wp-admin/options-media.php
View File

@ -65,7 +65,7 @@ include('admin-header.php');
<?php do_settings_sections('media'); ?>
<p class="submit">
<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>

6
wp-admin/options-misc.php
View File

@ -27,14 +27,14 @@ include('admin-header.php');
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="upload_path"><?php _e('Store uploads in this folder'); ?></label></th>
<td><input name="upload_path" type="text" id="upload_path" value="<?php echo attr(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" />
<td><input name="upload_path" type="text" id="upload_path" value="<?php echo esc_attr(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" class="regular-text code" />
<span class="description"><?php _e('Default is <code>wp-content/uploads</code>'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="upload_url_path"><?php _e('Full URL path to files'); ?></label></th>
<td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo attr( get_option('upload_url_path')); ?>" class="regular-text code" />
<td><input name="upload_url_path" type="text" id="upload_url_path" value="<?php echo esc_attr( get_option('upload_url_path')); ?>" class="regular-text code" />
<span class="description"><?php _e('Configuring this is optional. By default, it should be blank.'); ?></span>
</td>
</tr>
@ -67,7 +67,7 @@ include('admin-header.php');
<?php do_settings_sections('misc'); ?>
<p class="submit">
<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>

14
wp-admin/options-permalink.php
View File

@ -151,15 +151,15 @@ $structures = array(
<td><code><?php echo get_option('home'); ?>/?p=123</code></td>
</tr>
<tr>
<th><label><input name="selection" type="radio" value="<?php echo attr($structures[1]); ?>" class="tog" <?php checked($structures[1], $permalink_structure); ?> /> <?php _e('Day and name'); ?></label></th>
<th><label><input name="selection" type="radio" value="<?php echo esc_attr($structures[1]); ?>" class="tog" <?php checked($structures[1], $permalink_structure); ?> /> <?php _e('Day and name'); ?></label></th>
<td><code><?php echo get_option('home') . $prefix . '/' . date('Y') . '/' . date('m') . '/' . date('d') . '/sample-post/'; ?></code></td>
</tr>
<tr>
<th><label><input name="selection" type="radio" value="<?php echo attr($structures[2]); ?>" class="tog" <?php checked($structures[2], $permalink_structure); ?> /> <?php _e('Month and name'); ?></label></th>
<th><label><input name="selection" type="radio" value="<?php echo esc_attr($structures[2]); ?>" class="tog" <?php checked($structures[2], $permalink_structure); ?> /> <?php _e('Month and name'); ?></label></th>
<td><code><?php echo get_option('home') . $prefix . '/' . date('Y') . '/' . date('m') . '/sample-post/'; ?></code></td>
</tr>
<tr>
<th><label><input name="selection" type="radio" value="<?php echo attr($structures[3]); ?>" class="tog" <?php checked($structures[3], $permalink_structure); ?> /> <?php _e('Numeric'); ?></label></th>
<th><label><input name="selection" type="radio" value="<?php echo esc_attr($structures[3]); ?>" class="tog" <?php checked($structures[3], $permalink_structure); ?> /> <?php _e('Numeric'); ?></label></th>
<td><code><?php echo get_option('home') . $prefix ; ?>/archives/123</code></td>
</tr>
<tr>
@ -173,7 +173,7 @@ $structures = array(
</label>
</th>
<td>
<input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo attr($permalink_structure); ?>" class="regular-text code" />
<input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo esc_attr($permalink_structure); ?>" class="regular-text code" />
</td>
</tr>
</table>
@ -188,11 +188,11 @@ $structures = array(
<table class="form-table">
<tr>
<th><label for="category_base"><?php _e('Category base'); ?></label></th>
<td><input name="category_base" id="category_base" type="text" value="<?php echo attr($category_base); ?>" class="regular-text code" /></td>
<td><input name="category_base" id="category_base" type="text" value="<?php echo esc_attr($category_base); ?>" class="regular-text code" /></td>
</tr>
<tr>
<th><label for="tag_base"><?php _e('Tag base'); ?></label></th>
<td><input name="tag_base" id="tag_base" type="text" value="<?php echo attr($tag_base); ?>" class="regular-text code" /></td>
<td><input name="tag_base" id="tag_base" type="text" value="<?php echo esc_attr($tag_base); ?>" class="regular-text code" /></td>
</tr>
<?php do_settings_fields('permalink', 'optional'); ?>
</table>
@ -200,7 +200,7 @@ $structures = array(
<?php do_settings_sections('permalink'); ?>
<p class="submit">
<input type="submit" name="submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>
<?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>

2
wp-admin/options-privacy.php
View File

@ -39,7 +39,7 @@ include('./admin-header.php');
<?php do_settings_sections('privacy'); ?>
<p class="submit">
<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>

2
wp-admin/options-reading.php
View File

@ -80,7 +80,7 @@ include('admin-header.php');
<?php do_settings_sections('reading'); ?>
<p class="submit">
<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>
</div>

2
wp-admin/options-writing.php
View File

@ -127,7 +127,7 @@ wp_dropdown_categories(array('hide_empty' => 0, 'name' => 'default_email_categor
<?php do_settings_sections('writing'); ?>
<p class="submit">
<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
<input type="submit" name="Submit" class="button-primary" value="<?php esc_attr_e('Save Changes') ?>" />
</p>
</form>
</div>

6
wp-admin/options.php
View File

@ -99,7 +99,7 @@ $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name
foreach ( (array) $options as $option) :
$disabled = '';
$option->option_name = attr($option->option_name);
$option->option_name = esc_attr($option->option_name);
if ( is_serialized($option->option_value) ) {
if ( is_serialized_string($option->option_value) ) {
// this is a serialized string, so we should display it
@ -122,7 +122,7 @@ foreach ( (array) $options as $option) :
<td>";
if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attr($value) . "'$disabled />";
else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . esc_attr($value) . "'$disabled />";
echo "</td>
</tr>";
@ -130,7 +130,7 @@ endforeach;
?>
</table>
<?php $options_to_update = implode(',', $options_to_update); ?>
<p class="submit"><input type="hidden" name="page_options" value="<?php echo attr($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
<p class="submit"><input type="hidden" name="page_options" value="<?php echo esc_attr($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
</form>
</div>

20
wp-admin/plugin-editor.php
View File

@ -116,7 +116,7 @@ default:
$docs_select = '<select name="docs-list" id="docs-list">';
$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
foreach ( $functions as $function) {
$docs_select .= '<option value="' . attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
$docs_select .= '<option value="' . esc_attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
}
$docs_select .= '</select>';
}
@ -132,7 +132,7 @@ default:
<div id="message" class="updated fade"><p><?php _e('This plugin has been deactivated because your changes resulted in a <strong>fatal error</strong>.') ?></p>
<?php
if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $file) ) { ?>
<iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&amp;plugin=<?php echo attr($file); ?>&amp;_wpnonce=<?php echo attr($_GET['_error_nonce']); ?>"></iframe>
<iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&amp;plugin=<?php echo esc_attr($file); ?>&amp;_wpnonce=<?php echo esc_attr($_GET['_error_nonce']); ?>"></iframe>
<?php } ?>
</div>
<?php endif; ?>
@ -150,13 +150,13 @@ default:
$selected = " selected='selected'";
else
$selected = '';
$plugin_name = attr($plugin_name);
$plugin_key = attr($plugin_key);
$plugin_name = esc_attr($plugin_name);
$plugin_key = esc_attr($plugin_key);
echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>";
}
?>
</select>
<input type="submit" name="Submit" value="<?php _ea('Select') ?>" class="button" />
<input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" />
</form>
</div>
<div class="tablenav">
@ -204,11 +204,11 @@ foreach ( $plugin_files as $plugin_file ) :
<?php wp_nonce_field('edit-plugin_' . $file) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo attr($file) ?>" />
<input type="hidden" name="plugin" value="<?php echo attr($plugin) ?>" />
<input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" />
<input type="hidden" name="plugin" value="<?php echo esc_attr($plugin) ?>" />
</div>
<?php if ( count( $functions ) ) : ?>
<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value="<?php _ea( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value="<?php esc_attr_e( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
<?php endif; ?>
<?php if ( is_writeable($real_file) ) : ?>
<?php if ( in_array($file, (array) get_option('active_plugins')) ) { ?>
@ -217,9 +217,9 @@ foreach ( $plugin_files as $plugin_file ) :
<p class="submit">
<?php
if ( isset($_GET['phperror']) )
echo "<input type='hidden' name='phperror' value='1' /><input type='submit' name='submit' class='button-primary' value='" . _a('Update File and Attempt to Reactivate') . "' tabindex='2' />";
echo "<input type='hidden' name='phperror' value='1' /><input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File and Attempt to Reactivate') . "' tabindex='2' />";
else
echo "<input type='submit' name='submit' class='button-primary' value='" . _a('Update File') . "' tabindex='2' />";
echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />";
?>
</p>
<?php else : ?>

20
wp-admin/plugins.php
View File

@ -139,13 +139,13 @@ if ( !empty($action) ) {
<input type="hidden" name="action" value="delete-selected" />
<?php
foreach ( (array)$plugins as $plugin )
echo '<input type="hidden" name="checked[]" value="' . attr($plugin) . '" />';
echo '<input type="hidden" name="checked[]" value="' . esc_attr($plugin) . '" />';
?>
<?php wp_nonce_field('bulk-manage-plugins') ?>
<input type="submit" name="submit" value="<?php _ea('Yes, Delete these files') ?>" class="button" />
<input type="submit" name="submit" value="<?php esc_attr_e('Yes, Delete these files') ?>" class="button" />
</form>
<form method="post" action="<?php echo clean_url(wp_get_referer()); ?>" style="display:inline;">
<input type="submit" name="submit" value="<?php _ea('No, Return me to the plugin list') ?>" class="button" />
<input type="submit" name="submit" value="<?php esc_attr_e('No, Return me to the plugin list') ?>" class="button" />
</form>
<p><a href="#" onclick="jQuery('#files-list').toggle(); return false;"><?php _e('Click to view entire list of files which will be deleted'); ?></a></p>
@ -194,7 +194,7 @@ if ( !empty($invalid) )
<div id="message" class="updated fade"><p><?php _e('Plugin could not be activated because it triggered a <strong>fatal error</strong>.') ?></p>
<?php
if ( wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin) ) { ?>
<iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&amp;plugin=' . attr($plugin) . '&amp;_wpnonce=' . attr($_GET['_error_nonce'])); ?>"></iframe>
<iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&amp;plugin=' . esc_attr($plugin) . '&amp;_wpnonce=' . esc_attr($_GET['_error_nonce'])); ?>"></iframe>
<?php
}
?>
@ -369,7 +369,7 @@ function print_plugins_table($plugins, $context = '') {
$class = $is_active ? 'active' : 'inactive';
echo "
<tr class='$class'>
<th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . attr($plugin_file) . "' /></th>
<th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . esc_attr($plugin_file) . "' /></th>
<td class='plugin-title'><strong>{$plugin_data['Title']}</strong>";
$i = 0;
echo '<div class="row-actions">';
@ -413,9 +413,9 @@ function print_plugin_actions($context) {
<option value="delete-selected"><?php _e('Delete'); ?></option>
<?php endif; ?>
</select>
<input type="submit" name="doaction_active" value="<?php _ea('Apply'); ?>" class="button-secondary action" />
<input type="submit" name="doaction_active" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary action" />
<?php if( 'recent' == $context ) : ?>
<input type="submit" name="clear-recent-list" value="<?php _ea('Clear List') ?>" class="button-secondary" />
<input type="submit" name="clear-recent-list" value="<?php esc_attr_e('Clear List') ?>" class="button-secondary" />
<?php endif; ?>
</div>
<?php
@ -426,14 +426,14 @@ function print_plugin_actions($context) {
<p class="search-box">
<label class="invisible" for="plugin-search-input"><?php _e( 'Search Plugins' ); ?>:</label>
<input type="text" id="plugin-search-input" name="s" value="<?php _admin_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Plugins' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Plugins' ); ?>" class="button" />
</p>
</form>
<form method="post" action="<?php echo admin_url('plugins.php') ?>">
<?php wp_nonce_field('bulk-manage-plugins') ?>
<input type="hidden" name="plugin_status" value="<?php echo attr($status) ?>" />
<input type="hidden" name="paged" value="<?php echo attr($page) ?>" />
<input type="hidden" name="plugin_status" value="<?php echo esc_attr($status) ?>" />
<input type="hidden" name="paged" value="<?php echo esc_attr($page) ?>" />
<ul class="subsubsub">
<?php

30
wp-admin/press-this.php
View File

@ -135,12 +135,12 @@ switch ($_REQUEST['ajax']) {
<h3 class="tb"><label for="this_photo_description"><?php _e('Description') ?></label></h3>
<div class="titlediv">
<div class="titlewrap">
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/>
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo esc_attr($title);?>"/>
</div>
</div>
<p class="centered"><input type="hidden" name="this_photo" value="<?php echo attr($image); ?>" id="this_photo" />
<a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attr(__('Click to insert.')); ?>" title="<?php echo attr(__('Click to insert.')); ?>" /></a></p>
<p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" />
<a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p>
<p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p>
@ -168,7 +168,7 @@ switch ($_REQUEST['ajax']) {
<h3 class="tb"><label for="photo_description"><?php _e('Description') ?></label></h3>
<div id="titlediv">
<div class="titlewrap">
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attr($title);?>"/>
<input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo esc_attr($title);?>"/>
</div>
</div>
@ -377,17 +377,17 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
jQuery('#extra_fields').show();
switch(tab_name) {
case 'video' :
jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attr($selection); ?>'}, function() {
jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() {
<?php
$content = '';
if ( preg_match("/youtube\.com\/watch/i", $url) ) {
list($domain, $video_id) = split("v=", $url);
$video_id = attr($video_id);
$video_id = esc_attr($video_id);
$content = '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/' . $video_id . '"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/' . $video_id . '" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>';
} elseif ( preg_match("/vimeo\.com\/[0-9]+/i", $url) ) {
list($domain, $video_id) = split(".com/", $url);
$video_id = attr($video_id);
$video_id = esc_attr($video_id);
$content = '<object width="400" height="225"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&amp;server=www.vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1" /> <embed src="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&amp;server=www.vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="225"></embed></object>';
if ( trim($selection) == '' )
@ -457,11 +457,11 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
<h3><?php _e('Publish') ?></h3>
<div class="inside">
<p>
<input class="button" type="submit" name="draft" value="<?php _ea('Save Draft') ?>" id="save" />
<input class="button" type="submit" name="draft" value="<?php esc_attr_e('Save Draft') ?>" id="save" />
<?php if ( current_user_can('publish_posts') ) { ?>
<input class="button-primary" type="submit" name="publish" value="<?php _ea('Publish') ?>" id="publish" />
<input class="button-primary" type="submit" name="publish" value="<?php esc_attr_e('Publish') ?>" id="publish" />
<?php } else { ?>
<br /><br /><input class="button-primary" type="submit" name="review" value="<?php _ea('Submit for Review') ?>" id="review" />
<br /><br /><input class="button-primary" type="submit" name="review" value="<?php esc_attr_e('Submit for Review') ?>" id="review" />
<?php } ?>
<img src="images/wpspin_light.gif" alt="" id="saving" style="display:none;" />
</p>
@ -481,9 +481,9 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
<div id="category-adder" class="wp-hidden-children">
<a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a>
<p id="category-add" class="wp-hidden-child">
<label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
<label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
<label class="invisible" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _ea( 'Add' ); ?>" tabindex="3" />
<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" />
<?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
<span id="category-ajax-response"></span>
</p>
@ -499,8 +499,8 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
<label class="invisible" for="newtag"><?php _e('Post Tags'); ?></label>
<input type="hidden" name="tax_input[post_tag]" class="the-tags" id="tax-input[post_tag]" value="" />
<span class="ajaxtag" style="display:none;">
<input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _ea('Add new tag'); ?>" />
<input type="button" class="button tagadd" value="<?php _ea('Add'); ?>" tabindex="3" />
<input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" />
<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" />
</span>
</p>
<div class="tagchecklist"></div>
@ -518,7 +518,7 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
<div id="titlediv">
<div class="titlewrap">
<input name="title" id="title" class="text" value="<?php echo attr($title);?>"/>
<input name="title" id="title" class="text" value="<?php echo esc_attr($title);?>"/>
</div>
</div>

10
wp-admin/sidebar.php
View File

@ -88,10 +88,10 @@ form {
<form name="post" action="post.php" method="post">
<div>
<input type="hidden" name="action" value="post" />
<input type="hidden" name="user_ID" value="<?php echo attr($user_ID) ?>" />
<input type="hidden" name="user_ID" value="<?php echo esc_attr($user_ID) ?>" />
<input type="hidden" name="mode" value="sidebar" />
<input type="hidden" name="ping_status" value="<?php echo attr($post->ping_status); ?>" />
<input type="hidden" name="comment_status" value="<?php echo attr($post->comment_status); ?>" />
<input type="hidden" name="ping_status" value="<?php echo esc_attr($post->ping_status); ?>" />
<input type="hidden" name="comment_status" value="<?php echo esc_attr($post->comment_status); ?>" />
<?php wp_nonce_field('add-post');
if ( 'b' == $_GET['a'] )
@ -116,9 +116,9 @@ elseif ( 'c' == $_GET['a'] )
</div>
<p>
<input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" accesskey="s" class="button" value="<?php _ea('Save as Draft'); ?>" />
<input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" accesskey="s" class="button" value="<?php esc_attr_e('Save as Draft'); ?>" />
<?php if ( current_user_can('publish_posts') ) : ?>
<input name="publish" type="submit" id="publish" tabindex="6" accesskey="p" value="<?php _ea('Publish') ?>" class="button button-highlighted" />
<input name="publish" type="submit" id="publish" tabindex="6" accesskey="p" value="<?php esc_attr_e('Publish') ?>" class="button button-highlighted" />
<?php endif; ?>
</p>
</div>

16
wp-admin/theme-editor.php
View File

@ -94,9 +94,9 @@ default:
$functions = wp_doc_link_parse( $content );
$docs_select = '<select name="docs-list" id="docs-list">';
$docs_select .= '<option value="">' . _a( 'Function Name...' ) . '</option>';
$docs_select .= '<option value="">' . esc_attr__( 'Function Name...' ) . '</option>';
foreach ( $functions as $function ) {
$docs_select .= '<option value="' . attr( urlencode( $function ) ) . '">' . htmlspecialchars( $function ) . '()</option>';
$docs_select .= '<option value="' . esc_attr( urlencode( $function ) ) . '">' . htmlspecialchars( $function ) . '()</option>';
}
$docs_select .= '</select>';
}
@ -125,12 +125,12 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
$theme_name = $a_theme['Name'];
if ($theme_name == $theme) $selected = " selected='selected'";
else $selected = '';
$theme_name = attr($theme_name);
$theme_name = esc_attr($theme_name);
echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
}
?>
</select>
<input type="submit" name="Submit" value="<?php _ea('Select') ?>" class="button" />
<input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" />
</form>
</div>
<div class="tablenav">
@ -199,14 +199,14 @@ if ($allowed_files) :
<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo attr($file) ?>" />
<input type="hidden" name="theme" value="<?php echo attr($theme) ?>" />
<input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" />
<input type="hidden" name="theme" value="<?php echo esc_attr($theme) ?>" />
</div>
<?php if ( isset($functions ) && count($functions) ) { ?>
<div id="documentation">
<label for="docs-list"><?php _e('Documentation:') ?></label>
<?php echo $docs_select; ?>
<input type="button" class="button" value=" <?php _ea( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" />
<input type="button" class="button" value=" <?php esc_attr_e( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" />
</div>
<?php } ?>
@ -214,7 +214,7 @@ if ($allowed_files) :
<?php if ( is_writeable($real_file) ) : ?>
<p class="submit">
<?php
echo "<input type='submit' name='submit' class='button-primary' value='" . _a('Update File') . "' tabindex='2' />";
echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />";
?>
</p>
<?php else : ?>

6
wp-admin/themes.php
View File

@ -188,14 +188,14 @@ foreach ( $cols as $col => $theme_name ) {
$parent_theme = $themes[$theme_name]['Parent Theme'];
$preview_link = clean_url( get_option('home') . '/');
$preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) );
$preview_text = attr( sprintf( __('Preview of &#8220;%s&#8221;'), $title ) );
$preview_text = esc_attr( sprintf( __('Preview of &#8220;%s&#8221;'), $title ) );
$tags = $themes[$theme_name]['Tags'];
$thickbox_class = 'thickbox thickbox-preview';
$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=".urlencode($template)."&amp;stylesheet=".urlencode($stylesheet), 'switch-theme_' . $template);
$activate_text = attr( sprintf( __('Activate &#8220;%s&#8221;'), $title ) );
$activate_text = esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $title ) );
$actions = array();
$actions[] = '<a href="' . $activate_link . '" class="activatelink" title="' . $activate_text . '">' . __('Activate') . '</a>';
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . attr(sprintf(__('Preview &#8220;%s&#8221;'), $theme_name)) . '">' . __('Preview') . '</a>';
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $theme_name)) . '">' . __('Preview') . '</a>';
if ( current_user_can('update_themes') )
$actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . js_escape(sprintf( __("You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>';
$actions = apply_filters('theme_action_links', $actions, $themes[$theme_name]);

2
wp-admin/tools.php
View File

@ -84,7 +84,7 @@ if ( ! $is_opera ) {
<p><?php _e('Use Press This to clip text, images and videos from any web page. Then edit and add more straight from Press This before you save or publish it in a post on your blog.'); ?></p>
<p><?php _e('Drag-and-drop the following link to your bookmarks bar or right click it and add it to your favorites for a posting shortcut.') ?></p>
<p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo attr(__('Press This')) ?>"><?php _e('Press This') ?></a></p>
<p class="pressthis"><a href="<?php echo htmlspecialchars( get_shortcut_link() ); ?>" title="<?php echo esc_attr(__('Press This')) ?>"><?php _e('Press This') ?></a></p>
</div>
<?php endif; ?>
</div>

10
wp-admin/update-core.php
View File

@ -40,15 +40,15 @@ function list_core_update( $update ) {
echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">';
wp_nonce_field('upgrade-core');
echo '<p>';
echo '<input id="upgrade" class="button" type="submit" value="' . attr($submit) . '" name="upgrade" />&nbsp;';
echo '<input name="version" value="'. attr($update->current) .'" type="hidden"/>';
echo '<input name="locale" value="'. attr($update->locale) .'" type="hidden"/>';
echo '<input id="upgrade" class="button" type="submit" value="' . esc_attr($submit) . '" name="upgrade" />&nbsp;';
echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>';
echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>';
echo '<a href="' . clean_url($update->package) . '" class="button">' . $download . '</a>&nbsp;';
if ( 'en_US' != $update->locale )
if ( !isset( $update->dismissed ) || !$update->dismissed )
echo '<input id="dismiss" class="button" type="submit" value="' . _a('Hide this update') . '" name="dismiss" />';
echo '<input id="dismiss" class="button" type="submit" value="' . esc_attr__('Hide this update') . '" name="dismiss" />';
else
echo '<input id="undismiss" class="button" type="submit" value="' . _a('Bring back this update') . '" name="undismiss" />';
echo '<input id="undismiss" class="button" type="submit" value="' . esc_attr__('Bring back this update') . '" name="undismiss" />';
echo '</p>';
echo '</form>';

20
wp-admin/upload.php
View File

@ -211,7 +211,7 @@ unset($type_links);
<p class="search-box">
<label class="invisible" for="media-search-input"><?php _e( 'Search Media' ); ?>:</label>
<input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
<input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" />
<input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" />
</p>
</form>
@ -247,7 +247,7 @@ if ( $page_links ) : ?>
<option value="attach"><?php _e('Attach to a post'); ?></option>
<?php } ?>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php wp_nonce_field('bulk-media'); ?>
<?php
@ -272,7 +272,7 @@ foreach ($arc_result as $arc_row) {
else
$default = '';
echo "<option$default value='" . attr("$arc_row->yyear$arc_row->mmonth") . "'>";
echo "<option$default value='" . esc_attr("$arc_row->yyear$arc_row->mmonth") . "'>";
echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
echo "</option>\n";
}
@ -280,12 +280,12 @@ foreach ($arc_result as $arc_row) {
</select>
<?php endif; // month_count ?>
<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />
<?php } // ! is_singular ?>
<?php if ( isset($_GET['detached']) ) { ?>
<input type="submit" id="find_detached" name="find_detached" value="<?php _ea('Scan for lost attachments'); ?>" class="button-secondary" />
<input type="submit" id="find_detached" name="find_detached" value="<?php esc_attr_e('Scan for lost attachments'); ?>" class="button-secondary" />
<?php } ?>
</div>
@ -325,14 +325,14 @@ foreach ($arc_result as $arc_row) {
$att_title = wp_specialchars( _draft_or_post_title($post->ID) );
?>
<tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
<th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo attr($post->ID); ?>" /></th>
<th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /></th>
<td class="media-icon"><?php
if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?>
<a href="media.php?action=edit&amp;attachment_id=<?php echo $post->ID; ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $thumb; ?></a>
<a href="media.php?action=edit&amp;attachment_id=<?php echo $post->ID; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $thumb; ?></a>
<?php } ?></td>
<td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
<td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
<div class="row-actions">
@ -342,7 +342,7 @@ foreach ($arc_result as $arc_row) {
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
if ( current_user_can('delete_post', $post->ID) )
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
if ( current_user_can('edit_post', $post->ID) )
$actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>';
$actions = apply_filters( 'media_row_actions', $actions, $post );
@ -403,7 +403,7 @@ if ( $page_links )
<option value="attach"><?php _e('Attach to a post'); ?></option>
<?php } ?>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
</div>
<br class="clear" />

26
wp-admin/user-edit.php
View File

@ -215,7 +215,7 @@ $current_color = get_user_option('admin_color', $user_id);
if ( empty($current_color) )
$current_color = 'fresh';
foreach ( $_wp_admin_css_colors as $color => $color_info ): ?>
<div class="color-option"><input name="admin_color" id="admin_color_<?php echo $color; ?>" type="radio" value="<?php echo attr($color) ?>" class="tog" <?php checked($color, $current_color); ?> />
<div class="color-option"><input name="admin_color" id="admin_color_<?php echo $color; ?>" type="radio" value="<?php echo esc_attr($color) ?>" class="tog" <?php checked($color, $current_color); ?> />
<table class="color-palette">
<tr>
<?php foreach ( $color_info->colors as $html_color ): ?>
@ -248,7 +248,7 @@ do_action('personal_options', $profileuser);
<table class="form-table">
<tr>
<th><label for="user_login"><?php _e('Username'); ?></label></th>
<td><input type="text" name="user_login" id="user_login" value="<?php echo attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <?php _e('Your username cannot be changed.'); ?></td>
<td><input type="text" name="user_login" id="user_login" value="<?php echo esc_attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <?php _e('Your username cannot be changed.'); ?></td>
</tr>
<?php if ( !$is_profile_page ): ?>
@ -274,17 +274,17 @@ else
<tr>
<th><label for="first_name"><?php _e('First name') ?></label></th>
<td><input type="text" name="first_name" id="first_name" value="<?php echo attr($profileuser->first_name) ?>" class="regular-text" /></td>
<td><input type="text" name="first_name" id="first_name" value="<?php echo esc_attr($profileuser->first_name) ?>" class="regular-text" /></td>
</tr>
<tr>
<th><label for="last_name"><?php _e('Last name') ?></label></th>
<td><input type="text" name="last_name" id="last_name" value="<?php echo attr($profileuser->last_name) ?>" class="regular-text" /></td>
<td><input type="text" name="last_name" id="last_name" value="<?php echo esc_attr($profileuser->last_name) ?>" class="regular-text" /></td>
</tr>
<tr>
<th><label for="nickname"><?php _e('Nickname') ?></label></th>
<td><input type="text" name="nickname" id="nickname" value="<?php echo attr($profileuser->nickname) ?>" class="regular-text" /></td>
<td><input type="text" name="nickname" id="nickname" value="<?php echo esc_attr($profileuser->nickname) ?>" class="regular-text" /></td>
</tr>
<tr>
@ -303,7 +303,7 @@ else
$public_display = array_map( 'trim', $public_display );
foreach ( $public_display as $id => $item ) {
?>
<option id="<?php echo $id; ?>" value="<?php echo attr($item); ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option>
<option id="<?php echo $id; ?>" value="<?php echo esc_attr($item); ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option>
<?php
}
?>
@ -317,27 +317,27 @@ else
<table class="form-table">
<tr>
<th><label for="email"><?php _e('E-mail') ?></label></th>
<td><input type="text" name="email" id="email" value="<?php echo attr($profileuser->user_email) ?>" class="regular-text" /> <?php _e('Required.');?></td>
<td><input type="text" name="email" id="email" value="<?php echo esc_attr($profileuser->user_email) ?>" class="regular-text" /> <?php _e('Required.');?></td>
</tr>
<tr>
<th><label for="url"><?php _e('Website') ?></label></th>
<td><input type="text" name="url" id="url" value="<?php echo attr($profileuser->user_url) ?>" class="regular-text code" /></td>
<td><input type="text" name="url" id="url" value="<?php echo esc_attr($profileuser->user_url) ?>" class="regular-text code" /></td>
</tr>
<tr>
<th><label for="aim"><?php echo apply_filters('user_aim_label', __('AIM')); ?></label></th>
<td><input type="text" name="aim" id="aim" value="<?php echo attr($profileuser->aim) ?>" class="regular-text" /></td>
<td><input type="text" name="aim" id="aim" value="<?php echo esc_attr($profileuser->aim) ?>" class="regular-text" /></td>
</tr>
<tr>
<th><label for="yim"><?php echo apply_filters('user_yim_label', __('Yahoo IM')); ?></label></th>
<td><input type="text" name="yim" id="yim" value="<?php echo attr($profileuser->yim) ?>" class="regular-text" /></td>
<td><input type="text" name="yim" id="yim" value="<?php echo esc_attr($profileuser->yim) ?>" class="regular-text" /></td>
</tr>
<tr>
<th><label for="jabber"><?php echo apply_filters('user_jabber_label', __('Jabber / Google Talk')); ?></label></th>
<td><input type="text" name="jabber" id="jabber" value="<?php echo attr($profileuser->jabber) ?>" class="regular-text" /></td>
<td><input type="text" name="jabber" id="jabber" value="<?php echo esc_attr($profileuser->jabber) ?>" class="regular-text" /></td>
</tr>
</table>
@ -395,8 +395,8 @@ if ( $show_password_fields ) :
<p class="submit">
<input type="hidden" name="action" value="update" />
<input type="hidden" name="user_id" id="user_id" value="<?php echo attr($user_id); ?>" />
<input type="submit" class="button-primary" value="<?php $is_profile_page? _ea('Update Profile') : _ea('Update User') ?>" name="submit" />
<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr($user_id); ?>" />
<input type="submit" class="button-primary" value="<?php $is_profile_page? esc_attr_e('Update Profile') : esc_attr_e('Update User') ?>" name="submit" />
</p>
</form>
</div>

12
wp-admin/user-new.php
View File

@ -91,23 +91,23 @@ foreach ( array('user_login' => 'login', 'first_name' => 'firstname', 'last_name
<table class="form-table">
<tr class="form-field form-required">
<th scope="row"><label for="user_login"><?php _e('Username (required)') ?></label><input name="action" type="hidden" id="action" value="adduser" /></th>
<td ><input name="user_login" type="text" id="user_login" value="<?php echo attr($new_user_login); ?>" aria-required="true" /></td>
<td ><input name="user_login" type="text" id="user_login" value="<?php echo esc_attr($new_user_login); ?>" aria-required="true" /></td>
</tr>
<tr class="form-field">
<th scope="row"><label for="first_name"><?php _e('First Name') ?> </label></th>
<td><input name="first_name" type="text" id="first_name" value="<?php echo attr($new_user_firstname); ?>" /></td>
<td><input name="first_name" type="text" id="first_name" value="<?php echo esc_attr($new_user_firstname); ?>" /></td>
</tr>
<tr class="form-field">
<th scope="row"><label for="last_name"><?php _e('Last Name') ?> </label></th>
<td><input name="last_name" type="text" id="last_name" value="<?php echo attr($new_user_lastname); ?>" /></td>
<td><input name="last_name" type="text" id="last_name" value="<?php echo esc_attr($new_user_lastname); ?>" /></td>
</tr>
<tr class="form-field form-required">
<th scope="row"><label for="email"><?php _e('E-mail (required)') ?></label></th>
<td><input name="email" type="text" id="email" value="<?php echo attr($new_user_email); ?>" /></td>
<td><input name="email" type="text" id="email" value="<?php echo esc_attr($new_user_email); ?>" /></td>
</tr>
<tr class="form-field">
<th scope="row"><label for="url"><?php _e('Website') ?></label></th>
<td><input name="url" type="text" id="url" class="code" value="<?php echo attr($new_user_uri); ?>" /></td>
<td><input name="url" type="text" id="url" class="code" value="<?php echo esc_attr($new_user_uri); ?>" /></td>
</tr>
<?php if ( apply_filters('show_password_fields', true) ) : ?>
@ -132,7 +132,7 @@ foreach ( array('user_login' => 'login', 'first_name' => 'firstname', 'last_name
</tr>
</table>
<p class="submit">
<input name="adduser" type="submit" id="addusersub" class="button-primary" value="<?php _ea('Add User') ?>" />
<input name="adduser" type="submit" id="addusersub" class="button-primary" value="<?php esc_attr_e('Add User') ?>" />
</p>
</form>

22
wp-admin/users.php
View File

@ -28,10 +28,10 @@ if ( empty($doaction) ) {
}
if ( empty($_REQUEST) ) {
$referer = '<input type="hidden" name="wp_http_referer" value="'. attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
$referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
} elseif ( isset($_REQUEST['wp_http_referer']) ) {
$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
$referer = '<input type="hidden" name="wp_http_referer" value="' . attr($redirect) . '" />';
$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
} else {
$redirect = 'users.php';
$referer = '';
@ -149,7 +149,7 @@ case 'delete':
if ( $id == $current_user->ID ) {
echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
} else {
echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
$go_delete = true;
}
}
@ -157,7 +157,7 @@ case 'delete':
$user_dropdown = '<select name="reassign_user">';
foreach ( (array) $all_logins as $login )
if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) )
$user_dropdown .= "<option value=\"" . attr($login->ID) . "\">{$login->user_login}</option>";
$user_dropdown .= "<option value=\"" . esc_attr($login->ID) . "\">{$login->user_login}</option>";
$user_dropdown .= '</select>';
?>
</ul>
@ -170,7 +170,7 @@ case 'delete':
<?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li>
</ul></fieldset>
<input type="hidden" name="action" value="dodelete" />
<p class="submit"><input type="submit" name="submit" value="<?php _ea('Confirm Deletion'); ?>" class="button-secondary" /></p>
<p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Deletion'); ?>" class="button-secondary" /></p>
<?php else : ?>
<p><?php _e('There are no valid users selected for deletion.'); ?></p>
<?php endif; ?>
@ -291,8 +291,8 @@ unset($role_links);
<form class="search-form" action="" method="get">
<p class="search-box">
<label class="invisible" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label>
<input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" />
<input type="submit" value="<?php _ea( 'Search Users' ); ?>" class="button" />
<input type="text" id="user-search-input" name="usersearch" value="<?php echo esc_attr($wp_user_search->search_term); ?>" />
<input type="submit" value="<?php esc_attr_e( 'Search Users' ); ?>" class="button" />
</p>
</form>
@ -308,9 +308,9 @@ unset($role_links);
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<label class="invisible" for="new_role"><?php _e('Change role to&hellip;') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to&hellip;') ?></option><?php wp_dropdown_roles(); ?></select>
<input type="submit" value="<?php _ea('Change'); ?>" name="changeit" class="button-secondary" />
<input type="submit" value="<?php esc_attr_e('Change'); ?>" name="changeit" class="button-secondary" />
<?php wp_nonce_field('bulk-users'); ?>
</div>
@ -374,7 +374,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
</div>
<br class="clear" />
@ -388,7 +388,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
<?php
foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
$var = 'new_' . $var;
$$var = isset($_REQUEST[$formpost]) ? attr(stripslashes($_REQUEST[$formpost])) : '';
$$var = isset($_REQUEST[$formpost]) ? esc_attr(stripslashes($_REQUEST[$formpost])) : '';
}
unset($name);
?>

12
wp-admin/widgets.php
View File

@ -271,7 +271,7 @@ if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) {
<div class="widget-position">
<table class="widefat"><thead><tr><th><?php _e('Sidebar'); ?></th><th><?php _e('Position'); ?></th></tr></thead><tbody>
<?php foreach ( $wp_registered_sidebars as $sbname => $sbvalue ) {
echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='" . attr($sbname) . "'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>";
echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='" . esc_attr($sbname) . "'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>";
if ( 'wp_inactive_widgets' == $sbname ) {
echo '&nbsp;';
} else {
@ -301,12 +301,12 @@ if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) {
<?php if ( isset($_GET['addnew']) ) { ?>
<a href="widgets.php" class="button alignleft"><?php _e('Cancel'); ?></a>
<?php } else { ?>
<input type="submit" name="removewidget" class="button alignleft" value="<?php _ea('Remove'); ?>" />
<input type="submit" name="removewidget" class="button alignleft" value="<?php esc_attr_e('Remove'); ?>" />
<?php } ?>
<input type="submit" name="savewidget" class="button-primary alignright" value="<?php _ea('Save Widget'); ?>" />
<input type="hidden" name="widget-id" class="widget-id" value="<?php echo attr($widget_id); ?>" />
<input type="hidden" name="id_base" class="id_base" value="<?php echo attr($id_base); ?>" />
<input type="hidden" name="multi_number" class="multi_number" value="<?php echo attr($multi_number); ?>" />
<input type="submit" name="savewidget" class="button-primary alignright" value="<?php esc_attr_e('Save Widget'); ?>" />
<input type="hidden" name="widget-id" class="widget-id" value="<?php echo esc_attr($widget_id); ?>" />
<input type="hidden" name="id_base" class="id_base" value="<?php echo esc_attr($id_base); ?>" />
<input type="hidden" name="multi_number" class="multi_number" value="<?php echo esc_attr($multi_number); ?>" />
<?php wp_nonce_field("save-delete-widget-$widget_id"); ?>
<br class="clear" />
</div>

12
wp-app.php
View File

@ -352,9 +352,9 @@ class AtomServer {
if( !current_user_can( 'edit_posts' ) )
$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
$entries_url = attr($this->get_entries_url());
$categories_url = attr($this->get_categories_url());
$media_url = attr($this->get_attachments_url());
$entries_url = esc_attr($this->get_entries_url());
$categories_url = esc_attr($this->get_categories_url());
$media_url = esc_attr($this->get_attachments_url());
foreach ($this->media_content_types as $med) {
$accepted_media_types = $accepted_media_types . "<accept>" . $med . "</accept>";
}
@ -392,12 +392,12 @@ EOD;
if( !current_user_can( 'edit_posts' ) )
$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
$home = attr(get_bloginfo_rss('home'));
$home = esc_attr(get_bloginfo_rss('home'));
$categories = "";
$cats = get_categories("hierarchical=0&hide_empty=0");
foreach ((array) $cats as $cat) {
$categories .= " <category term=\"" . attr($cat->name) . "\" />\n";
$categories .= " <category term=\"" . esc_attr($cat->name) . "\" />\n";
}
$output = <<<EOD
<app:categories xmlns:app="$this->ATOMPUB_NS"
@ -1332,7 +1332,7 @@ list($content_type, $content) = prep_atom_text_construct(get_the_content()); ?>
function redirect($url) {
log_app('Status','302: Redirect');
$escaped_url = attr($url);
$escaped_url = esc_attr($url);
$content = <<<EOD
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>

12
wp-content/themes/classic/comments-popup.php
View File

@ -64,20 +64,20 @@ if ( post_password_required($commentstatus) ) { // and it doesn't match the coo
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
<?php if ( is_user_logged_in() ) : ?>
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attr(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p>
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo esc_attr(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p>
<?php else : ?>
<p>
<input type="text" name="author" id="author" class="textarea" value="<?php echo attr($comment_author); ?>" size="28" tabindex="1" />
<input type="text" name="author" id="author" class="textarea" value="<?php echo esc_attr($comment_author); ?>" size="28" tabindex="1" />
<label for="author"><?php _e("Name"); ?></label>
</p>
<p>
<input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="28" tabindex="2" />
<input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="28" tabindex="2" />
<label for="email"><?php _e("E-mail"); ?></label>
</p>
<p>
<input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="28" tabindex="3" />
<input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="28" tabindex="3" />
<label for="url"><?php _e("<abbr title=\"Universal Resource Locator\">URL</abbr>"); ?></label>
</p>
<?php endif; ?>
@ -90,8 +90,8 @@ if ( post_password_required($commentstatus) ) { // and it doesn't match the coo
<p>
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
<input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" />
<input name="submit" type="submit" tabindex="5" value="<?php _ea("Say It!"); ?>" />
<input type="hidden" name="redirect_to" value="<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?>" />
<input name="submit" type="submit" tabindex="5" value="<?php esc_attr_e("Say It!"); ?>" />
</p>
<?php do_action('comment_form', $post->ID); ?>
</form>

8
wp-content/themes/classic/comments.php
View File

@ -53,13 +53,13 @@ if ( post_password_required() ) : ?>
<?php else : ?>
<p><input type="text" name="author" id="author" value="<?php echo attr($comment_author); ?>" size="22" tabindex="1" />
<p><input type="text" name="author" id="author" value="<?php echo esc_attr($comment_author); ?>" size="22" tabindex="1" />
<label for="author"><small><?php _e('Name'); ?> <?php if ($req) _e('(required)'); ?></small></label></p>
<p><input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="22" tabindex="2" />
<p><input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="22" tabindex="2" />
<label for="email"><small><?php _e('Mail (will not be published)');?> <?php if ($req) _e('(required)'); ?></small></label></p>
<p><input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="22" tabindex="3" />
<p><input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="22" tabindex="3" />
<label for="url"><small><?php _e('Website'); ?></small></label></p>
<?php endif; ?>
@ -68,7 +68,7 @@ if ( post_password_required() ) : ?>
<p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p>
<p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php _ea('Submit Comment'); ?>" />
<p><input name="submit" type="submit" id="submit" tabindex="5" value="<?php esc_attr_e('Submit Comment'); ?>" />
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
</p>
<?php do_action('comment_form', $post->ID); ?>

2
wp-content/themes/classic/sidebar.php
View File

@ -18,7 +18,7 @@
<form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
<div>
<input type="text" name="s" id="s" size="15" /><br />
<input type="submit" value="<?php _ea('Search'); ?>" />
<input type="submit" value="<?php esc_attr_e('Search'); ?>" />
</div>
</form>
</li>

8
wp-content/themes/default/comments-popup.php
View File

@ -66,17 +66,17 @@ if ( post_password_required($post) ) { // and it doesn't match the cookie
<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo wp_logout_url(get_permalink()); ?>" title="Log out of this account">Log out &raquo;</a></p>
<?php else : ?>
<p>
<input type="text" name="author" id="author" class="textarea" value="<?php echo attr($comment_author); ?>" size="28" tabindex="1" />
<input type="text" name="author" id="author" class="textarea" value="<?php echo esc_attr($comment_author); ?>" size="28" tabindex="1" />
<label for="author">Name</label>
</p>
<p>
<input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="28" tabindex="2" />
<input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="28" tabindex="2" />
<label for="email">E-mail</label>
</p>
<p>
<input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="28" tabindex="3" />
<input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="28" tabindex="3" />
<label for="url"><abbr title="Universal Resource Locator">URL</abbr></label>
</p>
<?php endif; ?>
@ -89,7 +89,7 @@ if ( post_password_required($post) ) { // and it doesn't match the cookie
<p>
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
<input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" />
<input type="hidden" name="redirect_to" value="<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?>" />
<input name="submit" type="submit" tabindex="5" value="Say It!" />
</p>
<?php do_action('comment_form', $post->ID); ?>

6
wp-content/themes/default/comments.php
View File

@ -68,13 +68,13 @@
<?php else : ?>
<p><input type="text" name="author" id="author" value="<?php echo attr($comment_author); ?>" size="22" tabindex="1" <?php if ($req) echo "aria-required='true'"; ?> />
<p><input type="text" name="author" id="author" value="<?php echo esc_attr($comment_author); ?>" size="22" tabindex="1" <?php if ($req) echo "aria-required='true'"; ?> />
<label for="author"><small>Name <?php if ($req) echo "(required)"; ?></small></label></p>
<p><input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="22" tabindex="2" <?php if ($req) echo "aria-required='true'"; ?> />
<p><input type="text" name="email" id="email" value="<?php echo esc_attr($comment_author_email); ?>" size="22" tabindex="2" <?php if ($req) echo "aria-required='true'"; ?> />
<label for="email"><small>Mail (will not be published) <?php if ($req) echo "(required)"; ?></small></label></p>
<p><input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="22" tabindex="3" />
<p><input type="text" name="url" id="url" value="<?php echo esc_attr($comment_author_url); ?>" size="22" tabindex="3" />
<label for="url"><small>Website</small></label></p>
<?php endif; ?>

52
wp-content/themes/default/functions.php
View File

@ -166,7 +166,7 @@ function kubrick_theme_page_head() {
kUpdate(ColorPicker_targetInput.id);
}
function PopupWindow_populate(contents) {
contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php _ea('Close Color Picker'); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" class="button-secondary" value="<?php esc_attr_e('Close Color Picker'); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
this.contents = contents;
this.populated = false;
}
@ -380,43 +380,43 @@ function kubrick_theme_page() {
<div id="nonJsForm">
<form method="post" action="">
<?php wp_nonce_field('kubrick-header'); ?>
<div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php _ea('Save'); ?>" /></div>
<label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attr(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
<label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attr(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
<label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attr(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
<input type="hidden" name="hi" id="hi" value="<?php echo attr(kubrick_header_image()); ?>" />
<input type="submit" name="toggledisplay" id="toggledisplay" value="<?php _ea('Toggle Text'); ?>" />
<input type="submit" name="defaults" value="<?php _ea('Use Defaults'); ?>" />
<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;<?php _ea('Save'); ?>&nbsp;&nbsp;" />
<div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php esc_attr_e('Save'); ?>" /></div>
<label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo esc_attr(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
<label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo esc_attr(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
<label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo esc_attr(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
<input type="hidden" name="hi" id="hi" value="<?php echo esc_attr(kubrick_header_image()); ?>" />
<input type="submit" name="toggledisplay" id="toggledisplay" value="<?php esc_attr_e('Toggle Text'); ?>" />
<input type="submit" name="defaults" value="<?php esc_attr_e('Use Defaults'); ?>" />
<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;<?php esc_attr_e('Save'); ?>&nbsp;&nbsp;" />
<input type="hidden" name="action" value="save" />
<input type="hidden" name="njform" value="true" />
</form>
</div>
<div id="jsForm">
<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attr($_SERVER['REQUEST_URI']); ?>">
<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo esc_attr($_SERVER['REQUEST_URI']); ?>">
<?php wp_nonce_field('kubrick-header'); ?>
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php _ea('Font Color'); ?>"></input>
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php _ea('Upper Color'); ?>"></input>
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php _ea('Lower Color'); ?>"></input>
<input type="button" class="button-secondary" name="revert" value="<?php _ea('Revert'); ?>" onclick="kRevert()" />
<input type="button" class="button-secondary" value="<?php _ea('Advanced'); ?>" onclick="toggleAdvanced()" />
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php esc_attr_e('Font Color'); ?>"></input>
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php esc_attr_e('Upper Color'); ?>"></input>
<input type="button" class="button-secondary" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php esc_attr_e('Lower Color'); ?>"></input>
<input type="button" class="button-secondary" name="revert" value="<?php esc_attr_e('Revert'); ?>" onclick="kRevert()" />
<input type="button" class="button-secondary" value="<?php esc_attr_e('Advanced'); ?>" onclick="toggleAdvanced()" />
<input type="hidden" name="action" value="save" />
<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attr(kubrick_header_display()); ?>" />
<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attr(kubrick_header_color()); ?>" />
<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attr(kubrick_upper_color()); ?>" />
<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attr(kubrick_lower_color()); ?>" />
<input type="hidden" name="headerimage" id="headerimage" value="<?php echo attr(kubrick_header_image()); ?>" />
<p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php _ea('Update Header'); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo esc_attr(kubrick_header_display()); ?>" />
<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo esc_attr(kubrick_header_color()); ?>" />
<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo esc_attr(kubrick_upper_color()); ?>" />
<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo esc_attr(kubrick_lower_color()); ?>" />
<input type="hidden" name="headerimage" id="headerimage" value="<?php echo esc_attr(kubrick_header_image()); ?>" />
<p class="submit"><input type="submit" name="submitform" class="button-primary" value="<?php esc_attr_e('Update Header'); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
</form>
<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
<div id="advanced">
<form id="jsAdvanced" style="display:none;" action="">
<?php wp_nonce_field('kubrick-header'); ?>
<label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attr(kubrick_header_color()); ?>" /><br />
<label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attr(kubrick_upper_color()); ?>" /><br />
<label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attr(kubrick_lower_color()); ?>" /><br />
<input type="button" class="button-secondary" name="default" value="<?php _ea('Select Default Colors'); ?>" onclick="kDefaults()" /><br />
<input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php _ea('Toggle Text Display'); ?>"></input><br />
<label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo esc_attr(kubrick_header_color()); ?>" /><br />
<label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo esc_attr(kubrick_upper_color()); ?>" /><br />
<label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo esc_attr(kubrick_lower_color()); ?>" /><br />
<input type="button" class="button-secondary" name="default" value="<?php esc_attr_e('Select Default Colors'); ?>" onclick="kDefaults()" /><br />
<input type="button" class="button-secondary" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php esc_attr_e('Toggle Text Display'); ?>"></input><br />
</form>
</div>
</div>

4
wp-includes/author-template.php
View File

@ -181,7 +181,7 @@ function the_author_posts_link($deprecated = '') {
printf(
'<a href="%1$s" title="%2$s">%3$s</a>',
get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
sprintf( __( 'Posts by %s' ), attr( get_the_author() ) ),
sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ),
get_the_author()
);
}
@ -292,7 +292,7 @@ function wp_list_authors($args = '') {
if ( ! $hide_empty )
$link = $name;
} else {
$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attr($author->display_name)) . '">' . $name . '</a>';
$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) {
$link .= ' ';

4
wp-includes/bookmark-template.php
View File

@ -72,8 +72,8 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
if ( !empty($bookmark->link_url) )
$the_link = clean_url($bookmark->link_url);
$desc = attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
$name = attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
$desc = esc_attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
$name = esc_attr(sanitize_bookmark_field('link_name', $bookmark->link_name, $bookmark->link_id, 'display'));
$title = $desc;
if ( $show_updated )

4
wp-includes/bookmark.php
View File

@ -345,7 +345,7 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) {
if ( in_array($field, $format_to_edit) ) {
$value = format_to_edit($value);
} else {
$value = attr($value);
$value = esc_attr($value);
}
} else if ( 'db' == $context ) {
$value = apply_filters("pre_$field", $value);
@ -355,7 +355,7 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) {
}
if ( 'attribute' == $context )
$value = attr($value);
$value = esc_attr($value);
else if ( 'js' == $context )
$value = js_escape($value);

2
wp-includes/category-template.php
View File

@ -662,7 +662,7 @@ function wp_generate_tag_cloud( $tags, $args = '' ) {
$tag_link = '#' != $tag->link ? clean_url( $tag->link ) : '#';
$tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key;
$tag_name = $tags[ $key ]->name;
$a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
$a[] = "<a href='$tag_link' class='tag-link-$tag_id' title='" . esc_attr( $topic_count_text_callback( $count ) ) . "'$rel style='font-size: " .
( $smallest + ( ( $count - $min_count ) * $font_step ) )
. "$unit;'>$tag_name</a>";
}

4
wp-includes/class.wp-styles.php
View File

@ -48,13 +48,13 @@ class WP_Styles extends WP_Dependencies {
}
if ( isset($this->registered[$handle]->args) )
$media = attr( $this->registered[$handle]->args );
$media = esc_attr( $this->registered[$handle]->args );
else
$media = 'all';
$href = $this->_css_href( $this->registered[$handle]->src, $ver, $handle );
$rel = isset($this->registered[$handle]->extra['alt']) && $this->registered[$handle]->extra['alt'] ? 'alternate stylesheet' : 'stylesheet';
$title = isset($this->registered[$handle]->extra['title']) ? "title='" . attr( $this->registered[$handle]->extra['title'] ) . "'" : '';
$title = isset($this->registered[$handle]->extra['title']) ? "title='" . esc_attr( $this->registered[$handle]->extra['title'] ) . "'" : '';
$end_cond = $tag = '';
if ( isset($this->registered[$handle]->extra['conditional']) && $this->registered[$handle]->extra['conditional'] ) {

6
wp-includes/classes.php
View File

@ -1187,7 +1187,7 @@ class Walker_Page extends Walker {
$css_class = implode(' ', apply_filters('page_css_class', $css_class, $page));
$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>';
$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . esc_attr(apply_filters('the_title', $page->post_title)) . '">' . $link_before . apply_filters('the_title', $page->post_title) . $link_after . '</a>';
if ( !empty($show_date) ) {
if ( 'modified' == $show_date )
@ -1325,13 +1325,13 @@ class Walker_Category extends Walker {
function start_el(&$output, $category, $depth, $args) {
extract($args);
$cat_name = attr( $category->name);
$cat_name = esc_attr( $category->name);
$cat_name = apply_filters( 'list_cats', $cat_name, $category );
$link = '<a href="' . get_category_link( $category->term_id ) . '" ';
if ( $use_desc_for_title == 0 || empty($category->description) )
$link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"';
else
$link .= 'title="' . attr( apply_filters( 'category_description', $category->description, $category )) . '"';
$link .= 'title="' . esc_attr( apply_filters( 'category_description', $category->description, $category )) . '"';
$link .= '>';
$link .= $cat_name . '</a>';

2
wp-includes/comment-template.php
View File

@ -945,7 +945,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c
if ( !empty( $css_class ) ) {
echo ' class="'.$css_class.'" ';
}
$title = attr( get_the_title() );
$title = esc_attr( get_the_title() );
echo apply_filters( 'comments_popup_link_attributes', '' );

4
wp-includes/comment.php
View File

@ -371,14 +371,14 @@ function sanitize_comment_cookies() {
if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
$comment_author = stripslashes($comment_author);
$comment_author = attr($comment_author);
$comment_author = esc_attr($comment_author);
$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
}
if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
$comment_author_email = stripslashes($comment_author_email);
$comment_author_email = attr($comment_author_email);
$comment_author_email = esc_attr($comment_author_email);
$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
}

40
wp-includes/default-widgets.php
View File

@ -61,8 +61,8 @@ class WP_Widget_Pages extends WP_Widget {
function form( $instance ) {
//Defaults
$instance = wp_parse_args( (array) $instance, array( 'sortby' => 'post_title', 'title' => '', 'exclude' => '') );
$title = attr( $instance['title'] );
$exclude = attr( $instance['exclude'] );
$title = esc_attr( $instance['title'] );
$exclude = esc_attr( $instance['exclude'] );
?>
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" /></label></p>
<p>
@ -212,7 +212,7 @@ class WP_Widget_Archives extends WP_Widget {
if ( $d ) {
?>
<select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>
<select name="archive-dropdown" onchange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo esc_attr(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>
<?php
} else {
?>
@ -241,7 +241,7 @@ class WP_Widget_Archives extends WP_Widget {
$count = $instance['count'] ? 'checked="checked"' : '';
$dropdown = $instance['dropdown'] ? 'checked="checked"' : '';
?>
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p>
<p>
<label for="<?php echo $this->get_field_id('count'); ?>"><input class="checkbox" type="checkbox" <?php echo $count; ?> id="<?php echo $this->get_field_id('count'); ?>" name="<?php echo $this->get_field_name('count'); ?>" /> <?php _e('Show post counts'); ?></label>
<br />
@ -276,9 +276,9 @@ class WP_Widget_Meta extends WP_Widget {
<ul>
<?php wp_register(); ?>
<li><?php wp_loginout(); ?></li>
<li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
<li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
<li><a href="http://wordpress.org/" title="<?php echo attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>
<li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo esc_attr(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
<li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo esc_attr(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
<li><a href="http://wordpress.org/" title="<?php echo esc_attr(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>
<?php wp_meta(); ?>
</ul>
<?php
@ -296,7 +296,7 @@ class WP_Widget_Meta extends WP_Widget {
$instance = wp_parse_args( (array) $instance, array( 'title' => '' ) );
$title = strip_tags($instance['title']);
?>
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" /></label></p>
<p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?> <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" /></label></p>
<?php
}
}
@ -338,7 +338,7 @@ class WP_Widget_Calendar extends WP_Widget {
?>
<p><label for="<?php echo $this->get_field_id('title'); ?>">
<?php _e('Title:'); ?>
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" />
</label></p>
<?php
}
@ -386,7 +386,7 @@ class WP_Widget_Text extends WP_Widget {
?>
<p><label for="<?php echo $this->get_field_id('title'); ?>">
<?php _e('Title:'); ?>
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo attr($title); ?>" />
<input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" />
</label></p>
<textarea class="widefat" rows="16" cols="20" id="<?php echo $this->get_field_id('text'); ?>" name="<?php echo $this->get_field_name('text'); ?>"><?php echo $text; ?></textarea>
@ -469,7 +469,7 @@ class WP_Widget_Categories extends WP_Widget {
function form( $instance ) {
//Defaults
$instance = wp_parse_args( (array) $instance, array( 'title' => '') );
$title = attr( $instance['title'] );
$title = esc_attr( $instance['title'] );
$count = (bool) $instance['count'];
$hierarchical = (bool) $instance['hierarchical'];
$dropdown = (bool) $instance['dropdown'];
@ -572,7 +572,7 @@ class WP_Widget_Recent_Posts extends WP_Widget {
}
function form( $instance ) {
$title = attr($instance['title']);
$title = esc_attr($instance['title']);
if ( !$number = (int) $instance['number'] )
$number = 5;
?>
@ -659,7 +659,7 @@ class WP_Widget_Recent_Comments extends WP_Widget {
}
function form( $instance ) {
$title = attr($instance['title']);
$title = esc_attr($instance['title']);
if ( !$number = (int) $instance['number'] )
$number = 5;
?>
@ -708,7 +708,7 @@ class WP_Widget_RSS extends WP_Widget {
$link = '';
if ( ! is_wp_error($rss) ) {
$desc = attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
$desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
if ( empty($title) )
$title = htmlentities(strip_tags($rss->get_title()));
$link = clean_url(strip_tags($rss->get_permalink()));
@ -723,7 +723,7 @@ class WP_Widget_RSS extends WP_Widget {
$url = clean_url(strip_tags($url));
$icon = includes_url('images/rss.png');
if ( $title )
$title = "<a class='rsswidget' href='$url' title='" . attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
$title = "<a class='rsswidget' href='$url' title='" . esc_attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
echo $before_widget;
if ( $title )
@ -795,11 +795,11 @@ function wp_widget_rss_output( $rss, $args = array() ) {
while ( stristr($link, 'http') != $link )
$link = substr($link, 1);
$link = clean_url(strip_tags($link));
$title = attr(strip_tags($item->get_title()));
$title = esc_attr(strip_tags($item->get_title()));
if ( empty($title) )
$title = __('Untitled');
$desc = str_replace(array("\n", "\r"), ' ', attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
$desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
$desc = wp_html_excerpt( $desc, 360 ) . ' [&hellip;]';
$desc = wp_specialchars( $desc );
@ -858,8 +858,8 @@ function wp_widget_rss_form( $args, $inputs = null ) {
extract( $args );
extract( $inputs, EXTR_SKIP);
$number = attr( $number );
$title = attr( $title );
$number = esc_attr( $number );
$title = esc_attr( $title );
$url = clean_url( $url );
$items = (int) $items;
if ( $items < 1 || 20 < $items )
@ -995,7 +995,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
?>
<p><label for="<?php echo $this->get_field_id('title'); ?>">
<?php _e('Title:') ?>
<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo attr( $instance['title'] ); ?>" />
<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $instance['title'] ); ?>" />
</label></p>
<?php
}

4
wp-includes/deprecated.php
View File

@ -1006,8 +1006,8 @@ function get_links($category = -1, $before = '', $after = '<br />', $between = '
if ( '' != $rel )
$rel = ' rel="' . $rel . '"';
$desc = attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display'));
$name = attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display'));
$desc = esc_attr(sanitize_bookmark_field('link_description', $row->link_description, $row->link_id, 'display'));
$name = esc_attr(sanitize_bookmark_field('link_name', $row->link_name, $row->link_id, 'display'));
$title = $desc;
if ( $show_updated )

4
wp-includes/feed-atom-comments.php
View File

@ -18,7 +18,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
if ( is_singular() )
printf(ent2ncr(__('Comments on: %s')), get_the_title_rss());
elseif ( is_search() )
printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), attr(get_search_query()));
printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), esc_attr(get_search_query()));
else
printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
?></title>
@ -32,7 +32,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
<link rel="self" type="application/atom+xml" href="<?php echo get_post_comments_feed_link('', 'atom'); ?>" />
<id><?php echo get_post_comments_feed_link('', 'atom'); ?></id>
<?php } elseif(is_search()) { ?>
<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . attr(get_search_query()); ?>" />
<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php echo get_option('home') . '?s=' . esc_attr(get_search_query()); ?>" />
<link rel="self" type="application/atom+xml" href="<?php echo get_search_comments_feed_link('', 'atom'); ?>" />
<id><?php echo get_search_comments_feed_link('', 'atom'); ?></id>
<?php } else { ?>

2
wp-includes/feed-rss2-comments.php
View File

@ -20,7 +20,7 @@ echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>';
if ( is_singular() )
printf(ent2ncr(__('Comments on: %s')), get_the_title_rss());
elseif ( is_search() )
printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), attr($wp_query->query_vars['s']));
printf(ent2ncr(__('Comments for %s searching on %s')), get_bloginfo_rss( 'name' ), esc_attr($wp_query->query_vars['s']));
else
printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
?></title>

2
wp-includes/feed.php
View File

@ -338,7 +338,7 @@ function get_the_category_rss($type = 'rss') {
if ( 'rdf' == $type )
$the_list .= "\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n";
elseif ( 'atom' == $type )
$the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attr( $cat_name ) );
$the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', esc_attr( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), esc_attr( $cat_name ) );
else
$the_list .= "\t\t<category><![CDATA[" . @html_entity_decode( $cat_name, ENT_COMPAT, get_option('blog_charset') ) . "]]></category>\n";
}

8
wp-includes/formatting.php
View File

@ -1270,7 +1270,7 @@ function translate_smiley($smiley) {
$smiley = trim(reset($smiley));
$img = $wpsmiliestrans[$smiley];
$smiley_masked = attr($smiley);
$smiley_masked = esc_attr($smiley);
return " <img src='$siteurl/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> ";
}
@ -2078,7 +2078,7 @@ function js_escape($text) {
* @param string $text
* @return string
*/
function attr( $text ) {
function esc_attr( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
$safe_text = wp_specialchars( $safe_text, ENT_QUOTES );
return apply_filters( 'attribute_escape', $safe_text, $text );
@ -2090,13 +2090,13 @@ function attr( $text ) {
* @since 2.0.6
*
* @deprecated 2.8.0
* @see attr()
* @see esc_attr()
*
* @param string $text
* @return string
*/
function attribute_escape( $text ) {
return attr( $text );
return esc_attr( $text );
}
/**

8
wp-includes/functions.php
View File

@ -393,7 +393,7 @@ function wp_protect_special_option( $option ) {
* @param string $option Option name.
*/
function form_option( $option ) {
echo attr (get_option( $option ) );
echo esc_attr(get_option( $option ) );
}
/**
@ -1743,7 +1743,7 @@ function wp_nonce_url( $actionurl, $action = -1 ) {
* @return string Nonce field.
*/
function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) {
$name = attr( $name );
$name = esc_attr( $name );
$nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';
if ( $echo )
echo $nonce_field;
@ -1768,7 +1768,7 @@ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $ec
* @return string Referer field.
*/
function wp_referer_field( $echo = true) {
$ref = attr( $_SERVER['REQUEST_URI'] );
$ref = esc_attr( $_SERVER['REQUEST_URI'] );
$referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
if ( $echo )
@ -1794,7 +1794,7 @@ function wp_referer_field( $echo = true) {
function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
$jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
$ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attr( stripslashes( $ref ) ) . '" />';
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />';
if ( $echo )
echo $orig_referer_field;
return $orig_referer_field;

24
wp-includes/general-template.php
View File

@ -120,8 +120,8 @@ function get_search_form() {
$form = '<form role="search" method="get" id="searchform" action="' . get_option('home') . '/" >
<div><label class="invisible" for="s">' . __('Search for:') . '</label>
<input type="text" value="' . attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
<input type="submit" id="searchsubmit" value="'. _a('Search') .'" />
<input type="text" value="' . esc_attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
<input type="submit" id="searchsubmit" value="'. esc_attr__('Search') .'" />
</div>
</form>';
@ -688,7 +688,7 @@ function single_month_title($prefix = '', $display = true ) {
*/
function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
$text = wptexturize($text);
$title_text = attr($text);
$title_text = esc_attr($text);
$url = clean_url($url);
if ('link' == $format)
@ -1434,8 +1434,8 @@ function feed_links( $args ) {
$args = wp_parse_args( $args, $defaults );
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attr(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . esc_attr(sprintf( $args['feedtitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . esc_attr(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
}
/**
@ -1467,27 +1467,27 @@ function feed_links_extra( $args ) {
$post = &get_post( $id = 0 );
if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
$title = attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
$title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
$href = get_post_comments_feed_link( $post->ID );
}
} elseif ( is_category() ) {
$cat_id = intval( get_query_var('cat') );
$title = attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) ));
$title = esc_attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], get_cat_name( $cat_id ) ));
$href = get_category_feed_link( $cat_id );
} elseif ( is_tag() ) {
$tag_id = intval( get_query_var('tag_id') );
$tag = get_tag( $tag_id );
$title = attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name ));
$title = esc_attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $tag->name ));
$href = get_tag_feed_link( $tag_id );
} elseif ( is_author() ) {
$author_id = intval( get_query_var('author') );
$title = attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) ));
$title = esc_attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_author_name( $author_id ) ));
$href = get_author_feed_link( $author_id );
} elseif ( is_search() ) {
$title = attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
$title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
$href = get_search_feed_link();
}
@ -1681,14 +1681,14 @@ function get_search_query() {
/**
* Display the contents of the search query variable.
*
* The search query string is passed through {@link attr()}
* The search query string is passed through {@link esc_attr()}
* to ensure that it is safe for placing in an html attribute.
*
* @uses attr
* @since 2.1.0
*/
function the_search_query() {
echo attr( apply_filters( 'the_search_query', get_search_query() ) );
echo esc_attr( apply_filters( 'the_search_query', get_search_query() ) );
}
/**

6
wp-includes/kses.php
View File

@ -415,7 +415,7 @@ function wp_kses_split($string, $allowed_html, $allowed_protocols) {
*
* @access private
* @since 1.0.0
* @uses wp_kses_attr()
* @uses wp_kses_esc_attr()
*
* @param string $string Content to filter
* @param array $allowed_html Allowed HTML elements
@ -459,7 +459,7 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
return "<$slash$elem>";
# No attributes are allowed for closing elements
return wp_kses_attr("$slash$elem", $attrlist, $allowed_html, $allowed_protocols);
return wp_kses_esc_attr("$slash$elem", $attrlist, $allowed_html, $allowed_protocols);
}
/**
@ -479,7 +479,7 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
* @param array $allowed_protocols Allowed protocols to keep
* @return string Sanitized HTML element
*/
function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
function wp_kses_esc_attr($element, $attr, $allowed_html, $allowed_protocols) {
# Is there a closing XHTML slash at the end of the attributes?
$xhtml_slash = '';

16
wp-includes/l10n.php
View File

@ -108,15 +108,15 @@ function __( $text, $domain = 'default' ) {
* If there is no translation, or the domain isn't loaded the original text is returned.
*
* @see translate() An alias of translate()
* @see attr()
* @see esc_attr()
* @since 2.8.0
*
* @param string $text Text to translate
* @param string $domain Optional. Domain to retrieve the translated text
* @return string Translated text
*/
function _a( $text, $domain = 'default' ) {
return attr( translate( $text, $domain ) );
function esc_attr__( $text, $domain = 'default' ) {
return esc_attr( translate( $text, $domain ) );
}
/**
@ -136,14 +136,14 @@ function _e( $text, $domain = 'default' ) {
* Displays translated text that has been escaped for safe use in an attribute.
*
* @see translate() Echos returned translate() string
* @see attr()
* @see esc_attr()
* @since 2.8.0
*
* @param string $text Text to translate
* @param string $domain Optional. Domain to retrieve the translated text
*/
function _ea( $text, $domain = 'default' ) {
echo attr( translate( $text, $domain ) );
function esc_attr_e( $text, $domain = 'default' ) {
echo esc_attr( translate( $text, $domain ) );
}
/**
@ -173,8 +173,8 @@ function _x( $single, $context, $domain = 'default' ) {
return translate_with_gettext_context( $single, $context, $domain );
}
function _xa( $single, $context, $domain = 'default' ) {
return attr( translate_with_gettext_context( $single, $context, $domain ) );
function esc_attr_x( $single, $context, $domain = 'default' ) {
return esc_attr( translate_with_gettext_context( $single, $context, $domain ) );
}
function __ngettext() {

18
wp-includes/link-template.php
View File

@ -619,9 +619,9 @@ function edit_tag_link( $link = '', $before = '', $after = '', $tag = null ) {
*/
function get_search_feed_link($search_query = '', $feed = '') {
if ( empty($search_query) )
$search = attr(get_search_query());
$search = esc_attr(get_search_query());
else
$search = attr(stripslashes($search_query));
$search = esc_attr(stripslashes($search_query));
if ( empty($feed) )
$feed = get_default_feed();
@ -644,9 +644,9 @@ function get_search_feed_link($search_query = '', $feed = '') {
*/
function get_search_comments_feed_link($search_query = '', $feed = '') {
if ( empty($search_query) )
$search = attr(get_search_query());
$search = esc_attr(get_search_query());
else
$search = attr(stripslashes($search_query));
$search = esc_attr(stripslashes($search_query));
if ( empty($feed) )
$feed = get_default_feed();
@ -730,7 +730,7 @@ function edit_post_link( $link = 'Edit This', $before = '', $after = '' ) {
return;
}
$link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attr( __( 'Edit post' ) ) . '">' . $link . '</a>';
$link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . esc_attr( __( 'Edit post' ) ) . '">' . $link . '</a>';
echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after;
}
@ -940,7 +940,7 @@ function get_adjacent_post_rel_link($title = '%title', $in_same_cat = false, $ex
$title = apply_filters('the_title', $title, $post);
$link = $previous ? "<link rel='prev' title='" : "<link rel='next' title='";
$link .= attr( $title );
$link .= esc_attr( $title );
$link .= "' href='" . get_permalink($post) . "' />\n";
$adjacent = $previous ? 'previous' : 'next';
@ -1064,7 +1064,7 @@ function get_boundary_post_rel_link($title = '%title', $in_same_cat = false, $ex
$title = apply_filters('the_title', $title, $post);
$link = $start ? "<link rel='start' title='" : "<link rel='end' title='";
$link .= attr($title);
$link .= esc_attr($title);
$link .= "' href='" . get_permalink($post) . "' />\n";
$boundary = $start ? 'start' : 'end';
@ -1092,7 +1092,7 @@ function start_post_rel_link($title = '%title', $in_same_cat = false, $excluded_
* @return string
*/
function get_index_rel_link() {
$link = "<link rel='index' title='" . attr(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n";
$link = "<link rel='index' title='" . esc_attr(get_bloginfo('name')) . "' href='" . get_bloginfo('siteurl') . "' />\n";
return apply_filters( "index_rel_link", $link );
}
@ -1127,7 +1127,7 @@ function get_parent_post_rel_link($title = '%title') {
$title = apply_filters('the_title', $title, $post);
$link = "<link rel='up' title='";
$link .= attr( $title );
$link .= esc_attr( $title );
$link .= "' href='" . get_permalink($post) . "' />\n";
return apply_filters( "parent_post_rel_link", $link );

6
wp-includes/media.php
View File

@ -200,10 +200,10 @@ function get_image_tag($id, $alt, $title, $align, $size='medium') {
list( $img_src, $width, $height ) = image_downsize($id, $size);
$hwstring = image_hwstring($width, $height);
$class = 'align'.attr($align).' size-'.attr($size).' wp-image-'.$id;
$class = 'align' . esc_attr($align) .' size-' . esc_attr($size) . ' wp-image-' . $id;
$class = apply_filters('get_image_tag_class', $class, $id, $align, $size);
$html = '<img src="'.attr($img_src).'" alt="'.attr($alt).'" title="'.attr($title).'" '.$hwstring.'class="'.$class.'" />';
$html = '<img src="' . esc_attr($img_src) . '" alt="' . esc_attr($alt) . '" title="' . esc_attr($title).'" '.$hwstring.'class="'.$class.'" />';
$html = apply_filters( 'get_image_tag', $html, $id, $alt, $title, $align, $size );
@ -542,7 +542,7 @@ function wp_get_attachment_image($attachment_id, $size = 'thumbnail', $icon = fa
'title' => trim(strip_tags( $attachment->post_title )),
);
$attr = apply_filters( 'wp_get_attachment_image_attributes', $attr, $attachment );
$attr = array_map( 'attr', $attr );
$attr = array_map( 'esc_attr', $attr );
$html = rtrim("<img $hwstring");
foreach ( $attr as $name => $value ) {
$html .= " $name=" . '"' . $value . '"';

Some files were not shown because too many files have changed in this diff Show More