Remove Direct SQL, Use new esc_html() function, Correct the case of the ID keys. See #9015

git-svn-id: http://svn.automattic.com/wordpress/trunk@13105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32 2010-02-13 09:59:16 +00:00
parent 07d5fab8d6
commit b4c55aa60b
3 changed files with 14 additions and 10 deletions

View File

@ -5,7 +5,7 @@
<?php the_post(); ?>
<p class="page-title"><a href="<?php echo get_permalink($post->post_parent) ?>" title="<?php printf( esc_attr__( 'Return to %s', 'twentyten' ), wp_specialchars( get_the_title($post->post_parent), 1 ) ) ?>" rel="gallery">&larr; <?php echo get_the_title($post->post_parent) ?></a></p>
<p class="page-title"><a href="<?php echo get_permalink($post->post_parent) ?>" title="<?php printf( esc_attr__( 'Return to %s', 'twentyten' ), esc_html( get_the_title($post->post_parent), 1 ) ) ?>" rel="gallery">&larr; <?php echo get_the_title($post->post_parent) ?></a></p>
<div id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
<h2 class="entry-title"><?php the_title(); ?></h2>
@ -21,8 +21,8 @@
<div class="entry-content">
<div class="entry-attachment">
<?php if ( wp_attachment_is_image( $post->id ) ) : $att_image = wp_get_attachment_image_src( $post->id, array(640,640)); ?>
<p class="attachment"><a href="<?php echo wp_get_attachment_url($post->id); ?>" title="<?php echo esc_attr( get_the_title() ); ?>" rel="attachment"><img src="<?php echo $att_image[0];?>" width="<?php echo $att_image[1];?>" height="<?php echo $att_image[2];?>" class="attachment-medium" alt="<?php $post->post_excerpt; ?>" /></a>
<?php if ( wp_attachment_is_image( $post->ID ) ) : $att_image = wp_get_attachment_image_src( $post->ID, array(640, 640)); ?>
<p class="attachment"><a href="<?php echo wp_get_attachment_url($post->ID); ?>" title="<?php echo esc_attr( get_the_title() ); ?>" rel="attachment"><img src="<?php echo $att_image[0];?>" width="<?php echo $att_image[1];?>" height="<?php echo $att_image[2];?>" class="attachment-medium" alt="<?php $post->post_excerpt; ?>" /></a>
</p>
@ -47,7 +47,7 @@
get_the_tag_list( __( ' and tagged ', 'twentyten' ), ', ', '' ),
get_permalink(),
the_title_attribute('echo=0'),
comments_rss() ) ?>
get_post_comments_feed_link() ) ?>
<?php if ( comments_open() && pings_open() ) : // Comments and trackbacks open ?>
<?php printf( __( '<a class="comment-link" href="#respond" title="Post a comment">Post a comment</a> or leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'twentyten' ), get_trackback_url() ) ?>

View File

@ -5,7 +5,7 @@
if ( is_single() ) { single_post_title(); print ' | '; bloginfo('name'); }
elseif ( is_home() || is_front_page() ) { bloginfo('name'); print ' | '; bloginfo('description'); get_page_number(); }
elseif ( is_page() ) { single_post_title(''); print ' | '; bloginfo('name'); }
elseif ( is_search() ) { print 'Search results for ' . wp_specialchars($s); get_page_number(); print ' | '; bloginfo('name'); }
elseif ( is_search() ) { print 'Search results for ' . esc_html($s); get_page_number(); print ' | '; bloginfo('name'); }
elseif ( is_404() ) { print 'Not Found | '; bloginfo('name'); }
else { bloginfo('name'); wp_title('|'); get_page_number(); }
?></title>
@ -20,8 +20,8 @@
<?php wp_head(); ?>
<link rel="alternate" type="application/rss+xml" href="<?php bloginfo('rss2_url'); ?>" title="<?php printf( esc_attr__( '%s latest posts', 'twentyten' ), wp_specialchars( get_bloginfo('name'), 1 ) ); ?>" />
<link rel="alternate" type="application/rss+xml" href="<?php bloginfo('comments_rss2_url') ?>" title="<?php printf( esc_attr__( '%s latest comments', 'twentyten' ), wp_specialchars( get_bloginfo('name'), 1 ) ); ?>" />
<link rel="alternate" type="application/rss+xml" href="<?php bloginfo('rss2_url'); ?>" title="<?php printf( esc_attr__( '%s latest posts', 'twentyten' ), esc_html( get_bloginfo('name') ) ); ?>" />
<link rel="alternate" type="application/rss+xml" href="<?php bloginfo('comments_rss2_url') ?>" title="<?php printf( esc_attr__( '%s latest comments', 'twentyten' ), esc_html( get_bloginfo('name') ) ); ?>" />
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
</head>

View File

@ -24,9 +24,13 @@ the_permalink(); ?>" title="<?php the_time('Y-m-d\TH:i:sO') ?>" rel="bookmark"><
</div><!-- .entry-meta -->
<div class="entry-content">
<div class="gallery-thumb"><a class="size-thumbnail" href="<?php permalink_link() ?>"><?php $hilite = $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE post_parent = '$post->ID' AND post_type = 'attachment' LIMIT 1" ); echo wp_get_attachment_image( $hilite, 'thumbnail' );?></a></div>
<p><em><?php printf( __('This gallery contains <a %1$s>%2$s photos</a>.', 'twentyten'), 'href="' . get_permalink() . '" title="' . sprintf( esc_attr__('Permalink to %s', 'twentyten'), the_title_attribute('echo=0') ) . '" rel="bookmark"', $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->posts WHERE post_parent = '$post->ID' AND post_type = 'attachment'" )); ?></em></p>
<div class="gallery-thumb"><a class="size-thumbnail" href="<?php permalink_link() ?>"><?php
$images =& get_children( array('post_parent' => $post->ID, 'post_type' => 'attachment', 'post_mime_type' => 'image', 'orderby' => 'menu_order', 'order' => 'ASC', 'numberposts' => 999) );
$total_images = count($images);
$image = array_shift($images);
echo wp_get_attachment_image( $image->ID, 'thumbnail' );
?></a></div>
<p><em><?php printf( __('This gallery contains <a %1$s>%2$s photos</a>.', 'twentyten'), 'href="' . get_permalink() . '" title="' . sprintf( esc_attr__('Permalink to %s', 'twentyten'), the_title_attribute('echo=0') ) . '" rel="bookmark"', $total_images ); ?></em></p>
<?php the_excerpt(''); ?>
</div><!-- .entry-content -->