mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-22 08:11:52 +01:00
Escape taxonomy name when used in attributes in post_categories_meta_box().
props pbearne. fixes #28836. Built from https://develop.svn.wordpress.org/trunk@29099 git-svn-id: http://core.svn.wordpress.org/trunk@28885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov
parent
56a70f3b64
commit
cca7157c0d
@ -404,9 +404,8 @@ function post_tags_meta_box( $post, $box ) {
|
||||
$args = $box['args'];
|
||||
}
|
||||
$r = wp_parse_args( $args, $defaults );
|
||||
$tax = $r['taxonomy'];
|
||||
$tax_name = esc_attr( $tax );
|
||||
$taxonomy = get_taxonomy( $tax );
|
||||
$tax_name = esc_attr( $r['taxonomy'] );
|
||||
$taxonomy = get_taxonomy( $r['taxonomy'] );
|
||||
$user_can_assign_terms = current_user_can( $taxonomy->cap->assign_terms );
|
||||
$comma = _x( ',', 'tag delimiter' );
|
||||
?>
|
||||
@ -462,50 +461,50 @@ function post_categories_meta_box( $post, $box ) {
|
||||
$args = $box['args'];
|
||||
}
|
||||
$r = wp_parse_args( $args, $defaults );
|
||||
$taxonomy = $r['taxonomy'];
|
||||
$tax = get_taxonomy( $taxonomy );
|
||||
$tax_name = esc_attr( $r['taxonomy'] );
|
||||
$taxonomy = get_taxonomy( $r['taxonomy'] );
|
||||
?>
|
||||
<div id="taxonomy-<?php echo $taxonomy; ?>" class="categorydiv">
|
||||
<ul id="<?php echo $taxonomy; ?>-tabs" class="category-tabs">
|
||||
<li class="tabs"><a href="#<?php echo $taxonomy; ?>-all"><?php echo $tax->labels->all_items; ?></a></li>
|
||||
<li class="hide-if-no-js"><a href="#<?php echo $taxonomy; ?>-pop"><?php _e( 'Most Used' ); ?></a></li>
|
||||
<div id="taxonomy-<?php echo $tax_name; ?>" class="categorydiv">
|
||||
<ul id="<?php echo $tax_name; ?>-tabs" class="category-tabs">
|
||||
<li class="tabs"><a href="#<?php echo $tax_name; ?>-all"><?php echo $taxonomy->labels->all_items; ?></a></li>
|
||||
<li class="hide-if-no-js"><a href="#<?php echo $tax_name; ?>-pop"><?php _e( 'Most Used' ); ?></a></li>
|
||||
</ul>
|
||||
|
||||
<div id="<?php echo $taxonomy; ?>-pop" class="tabs-panel" style="display: none;">
|
||||
<ul id="<?php echo $taxonomy; ?>checklist-pop" class="categorychecklist form-no-clear" >
|
||||
<?php $popular_ids = wp_popular_terms_checklist($taxonomy); ?>
|
||||
<div id="<?php echo $tax_name; ?>-pop" class="tabs-panel" style="display: none;">
|
||||
<ul id="<?php echo $tax_name; ?>checklist-pop" class="categorychecklist form-no-clear" >
|
||||
<?php $popular_ids = wp_popular_terms_checklist( $tax_name ); ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div id="<?php echo $taxonomy; ?>-all" class="tabs-panel">
|
||||
<div id="<?php echo $tax_name; ?>-all" class="tabs-panel">
|
||||
<?php
|
||||
$name = ( $taxonomy == 'category' ) ? 'post_category' : 'tax_input[' . $taxonomy . ']';
|
||||
$name = ( $tax_name == 'category' ) ? 'post_category' : 'tax_input[' . $tax_name . ']';
|
||||
echo "<input type='hidden' name='{$name}[]' value='0' />"; // Allows for an empty term set to be sent. 0 is an invalid Term ID and will be ignored by empty() checks.
|
||||
?>
|
||||
<ul id="<?php echo $taxonomy; ?>checklist" data-wp-lists="list:<?php echo $taxonomy?>" class="categorychecklist form-no-clear">
|
||||
<?php wp_terms_checklist($post->ID, array( 'taxonomy' => $taxonomy, 'popular_cats' => $popular_ids ) ) ?>
|
||||
<ul id="<?php echo $tax_name; ?>checklist" data-wp-lists="list:<?php echo $tax_name; ?>" class="categorychecklist form-no-clear">
|
||||
<?php wp_terms_checklist( $post->ID, array( 'taxonomy' => $tax_name, 'popular_cats' => $popular_ids ) ); ?>
|
||||
</ul>
|
||||
</div>
|
||||
<?php if ( current_user_can($tax->cap->edit_terms) ) : ?>
|
||||
<div id="<?php echo $taxonomy; ?>-adder" class="wp-hidden-children">
|
||||
<?php if ( current_user_can( $taxonomy->cap->edit_terms ) ) : ?>
|
||||
<div id="<?php echo $tax_name; ?>-adder" class="wp-hidden-children">
|
||||
<h4>
|
||||
<a id="<?php echo $taxonomy; ?>-add-toggle" href="#<?php echo $taxonomy; ?>-add" class="hide-if-no-js">
|
||||
<a id="<?php echo $tax_name; ?>-add-toggle" href="#<?php echo $tax_name; ?>-add" class="hide-if-no-js">
|
||||
<?php
|
||||
/* translators: %s: add new taxonomy label */
|
||||
printf( __( '+ %s' ), $tax->labels->add_new_item );
|
||||
printf( __( '+ %s' ), $taxonomy->labels->add_new_item );
|
||||
?>
|
||||
</a>
|
||||
</h4>
|
||||
<p id="<?php echo $taxonomy; ?>-add" class="category-add wp-hidden-child">
|
||||
<label class="screen-reader-text" for="new<?php echo $taxonomy; ?>"><?php echo $tax->labels->add_new_item; ?></label>
|
||||
<input type="text" name="new<?php echo $taxonomy; ?>" id="new<?php echo $taxonomy; ?>" class="form-required form-input-tip" value="<?php echo esc_attr( $tax->labels->new_item_name ); ?>" aria-required="true"/>
|
||||
<label class="screen-reader-text" for="new<?php echo $taxonomy; ?>_parent">
|
||||
<?php echo $tax->labels->parent_item_colon; ?>
|
||||
<p id="<?php echo $tax_name; ?>-add" class="category-add wp-hidden-child">
|
||||
<label class="screen-reader-text" for="new<?php echo $tax_name; ?>"><?php echo $taxonomy->labels->add_new_item; ?></label>
|
||||
<input type="text" name="new<?php echo $tax_name; ?>" id="new<?php echo $tax_name; ?>" class="form-required form-input-tip" value="<?php echo esc_attr( $taxonomy->labels->new_item_name ); ?>" aria-required="true"/>
|
||||
<label class="screen-reader-text" for="new<?php echo $tax_name; ?>_parent">
|
||||
<?php echo $taxonomy->labels->parent_item_colon; ?>
|
||||
</label>
|
||||
<?php wp_dropdown_categories( array( 'taxonomy' => $taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —' ) ); ?>
|
||||
<input type="button" id="<?php echo $taxonomy; ?>-add-submit" data-wp-lists="add:<?php echo $taxonomy ?>checklist:<?php echo $taxonomy ?>-add" class="button category-add-submit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" />
|
||||
<?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce-add-'.$taxonomy, false ); ?>
|
||||
<span id="<?php echo $taxonomy; ?>-ajax-response"></span>
|
||||
<?php wp_dropdown_categories( array( 'taxonomy' => $tax_name, 'hide_empty' => 0, 'name' => 'new' . $tax_name . '_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $taxonomy->labels->parent_item . ' —' ) ); ?>
|
||||
<input type="button" id="<?php echo $tax_name; ?>-add-submit" data-wp-lists="add:<?php echo $tax_name; ?>checklist:<?php echo $tax_name; ?>-add" class="button category-add-submit" value="<?php echo esc_attr( $taxonomy->labels->add_new_item ); ?>" />
|
||||
<?php wp_nonce_field( 'add-' . $tax_name, '_ajax_nonce-add-' . $tax_name, false ); ?>
|
||||
<span id="<?php echo $tax_name; ?>-ajax-response"></span>
|
||||
</p>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user