esc_js(). Shorter, follows new escaping naming convention.

git-svn-id: http://svn.automattic.com/wordpress/trunk@11245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2009-05-09 07:27:22 +00:00
parent e8025581b3
commit d7b015645d
19 changed files with 52 additions and 35 deletions

View File

@ -82,7 +82,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
if ( current_user_can('edit_post', $post->ID) )
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
if ( current_user_can('delete_post', $post->ID) )
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$action_count = count($actions);
$i = 0;

View File

@ -229,7 +229,7 @@ if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
<div id="delete-action">
<?php
if ( ( 'edit' == $action ) && current_user_can('delete_post', $post->ID) ) { ?>
<a class="submitdelete deletion" href="<?php echo wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
<a class="submitdelete deletion" href="<?php echo wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
<?php } ?>
</div>

View File

@ -69,7 +69,7 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
<div id="major-publishing-actions">
<div id="delete-action">
<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n 'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . esc_js(__("You are about to delete this comment. \n 'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
</div>
<div id="publishing-action">
<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />

View File

@ -85,7 +85,7 @@ function link_submit_meta_box($link) {
<div id="delete-action">
<?php
if ( !empty($_GET['action']) && 'edit' == $_GET['action'] && current_user_can('manage_links') ) { ?>
<a class="submitdelete deletion" href="<?php echo wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf(__("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
<a class="submitdelete deletion" href="<?php echo wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf(__("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
<?php } ?>
</div>

View File

@ -216,7 +216,7 @@ endif; ?>
<div id="delete-action">
<?php
if ( ( 'edit' == $action ) && current_user_can('delete_page', $post->ID) ) { ?>
<a class="submitdelete deletion" href="<?php echo wp_nonce_url("page.php?action=delete&amp;post=$post->ID", 'delete-page_' . $post->ID); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
<a class="submitdelete deletion" href="<?php echo wp_nonce_url("page.php?action=delete&amp;post=$post->ID", 'delete-page_' . $post->ID); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
<?php } ?>
</div>

View File

@ -190,13 +190,13 @@ class Blogger_Import {
}
}
//echo '<pre>'.print_r($this,1).'</pre>';
$start = js_escape( __('Import') );
$continue = js_escape( __('Continue') );
$stop = js_escape( __('Importing...') );
$authors = js_escape( __('Set Authors') );
$loadauth = js_escape( __('Preparing author mapping form...') );
$authhead = js_escape( __('Final Step: Author Mapping') );
$nothing = js_escape( __('Nothing was imported. Had you already imported this blog?') );
$start = esc_js( __('Import') );
$continue = esc_js( __('Continue') );
$stop = esc_js( __('Importing...') );
$authors = esc_js( __('Set Authors') );
$loadauth = esc_js( __('Preparing author mapping form...') );
$authhead = esc_js( __('Final Step: Author Mapping') );
$nothing = esc_js( __('Nothing was imported. Had you already imported this blog?') );
$title = __('Blogger Blogs');
$name = __('Blog Name');
$url = __('Blog URL');
@ -215,7 +215,7 @@ class Blogger_Import {
else
$value = $authors;
$value = esc_attr($value);
$blogtitle = js_escape( $blog['title'] );
$blogtitle = esc_js( $blog['title'] );
$pdone = isset($blog['posts_done']) ? (int) $blog['posts_done'] : 0;
$cdone = isset($blog['comments_done']) ? (int) $blog['comments_done'] : 0;
$init .= "blogs[$i]=new blog($i,'$blogtitle','{$blog['mode']}'," . $this->get_js_status($i) . ');';
@ -658,7 +658,7 @@ class Blogger_Import {
$blogtitle = "{$blog['title']} ({$blog['host']})";
$mapthis = __('Blogger username');
$tothis = __('WordPress login');
$submit = js_escape( __('Save Changes') );
$submit = esc_js( __('Save Changes') );
foreach ( $blog['authors'] as $i => $author )
$rows .= "<tr><td><label for='authors[$i]'>{$author[0]}</label></td><td><select name='authors[$i]' id='authors[$i]'>" . $this->get_user_options($author[1]) . "</select></td></tr>";

View File

@ -1446,7 +1446,7 @@ function _post_row($a_post, $pending_comments, $mode) {
if ( current_user_can('edit_post', $post->ID) ) {
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_post', $post->ID) )
@ -1659,7 +1659,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
if ( current_user_can('edit_page', $page->ID) ) {
$actions['edit'] = '<a href="' . $edit_link . '" title="' . esc_attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
$actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_page', $page->ID) )

View File

@ -197,7 +197,7 @@ if ( $links ) {
echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $link->link_name)) . "'>$link->link_name</a></strong><br />";
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id) . "' onclick=\"if ( confirm('" . js_escape(sprintf( __("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id) . "' onclick=\"if ( confirm('" . esc_js(sprintf( __("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$action_count = count($actions);
$i = 0;
echo '<div class="row-actions">';

View File

@ -402,7 +402,7 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
return false;
break;
case 'photo' :
jQuery('#extra_fields').before('<p id="waiting"><img src="images/wpspin_light.gif" alt="" /> <?php echo js_escape( __( 'Loading...' ) ); ?></p>');
jQuery('#extra_fields').before('<p id="waiting"><img src="images/wpspin_light.gif" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></p>');
jQuery.ajax({
type: "GET",
cache : false,

View File

@ -197,7 +197,7 @@ foreach ( $cols as $col => $theme_name ) {
$actions[] = '<a href="' . $activate_link . '" class="activatelink" title="' . $activate_text . '">' . __('Activate') . '</a>';
$actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $theme_name)) . '">' . __('Preview') . '</a>';
if ( current_user_can('update_themes') )
$actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . js_escape(sprintf( __("You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>';
$actions[] = '<a class="submitdelete deletion" href="' . wp_nonce_url("themes.php?action=delete&amp;template=$stylesheet", 'delete-theme_' . $stylesheet) . '" onclick="' . "if ( confirm('" . esc_js(sprintf( __("You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete."), $theme_name )) . "') ) {return true;}return false;" . '">' . __('Delete') . '</a>';
$actions = apply_filters('theme_action_links', $actions, $themes[$theme_name]);
$actions = implode ( ' | ', $actions );

View File

@ -58,8 +58,8 @@ function dismissed_updates() {
$dismissed = get_core_updates( array( 'dismissed' => true, 'available' => false ) );
if ( $dismissed ) {
$show_text = js_escape(__('Show hidden updates'));
$hide_text = js_escape(__('Hide hidden updates'));
$show_text = esc_js(__('Show hidden updates'));
$hide_text = esc_js(__('Hide hidden updates'));
?>
<script type="text/javascript">

View File

@ -341,7 +341,7 @@ foreach ($arc_result as $arc_row) {
if ( current_user_can('edit_post', $post->ID) )
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
if ( current_user_can('delete_post', $post->ID) )
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
if ( current_user_can('edit_post', $post->ID) )
$actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>';

View File

@ -251,13 +251,13 @@ function kubrick_theme_page_head() {
document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
}
function kRevert() {
document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>';
document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>';
document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>';
document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat';
document.getElementById('headerimage').value = '<?php echo esc_js(kubrick_header_image()); ?>';
document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo esc_js(kubrick_upper_color()); ?>';
document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo esc_js(kubrick_lower_color()); ?>';
document.getElementById('header').style.background = 'url("<?php echo esc_js(kubrick_header_image_url()); ?>") center no-repeat';
document.getElementById('header').style.color = '';
document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>';
document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>';
document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo esc_js(kubrick_header_color_string()); ?>';
document.getElementById('fontdisplay').value = '<?php echo esc_js(kubrick_header_display_string()); ?>';
document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
}
function kInit() {

View File

@ -357,7 +357,7 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) {
if ( 'attribute' == $context )
$value = esc_attr($value);
else if ( 'js' == $context )
$value = js_escape($value);
$value = esc_js($value);
return $value;
}

View File

@ -60,7 +60,7 @@ class WP_Scripts extends WP_Dependencies {
$after = $val;
continue;
}
$data .= "$eol\t$var: \"" . js_escape( $val ) . '"';
$data .= "$eol\t$var: \"" . esc_js( $val ) . '"';
$eol = ",\n";
}
$data .= "\n};\n";

View File

@ -2054,12 +2054,12 @@ function htmlentities2($myHTML) {
*
* The filter 'js_escape' is also applied here.
*
* @since 2.0.4
* @since 2.8.0
*
* @param string $text The text to be escaped.
* @return string Escaped text.
*/
function js_escape($text) {
function esc_js( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
$safe_text = wp_specialchars( $safe_text, ENT_COMPAT );
$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
@ -2067,6 +2067,23 @@ function js_escape($text) {
return apply_filters( 'js_escape', $safe_text, $text );
}
/**
* Escape single quotes, specialchar double quotes, and fix line endings.
*
* The filter 'js_escape' is also applied by esc_js()
*
* @since 2.0.4
*
* @deprecated 2.8.0
* @see esc_js()
*
* @param string $text The text to be escaped.
* @return string Escaped text.
*/
function js_escape( $text ) {
return esc_js( $text );
}
/**
* Escaping for HTML attributes.
*

View File

@ -18,7 +18,7 @@ function mce_escape($text) {
global $language;
if ( 'en' == $language ) return $text;
else return js_escape($text);
else return esc_js($text);
}
$lang = 'tinyMCE.addI18n({' . $language . ':{

View File

@ -905,7 +905,7 @@ function sanitize_post_field($field, $value, $post_id, $context) {
if ( 'attribute' == $context )
$value = esc_attr($value);
else if ( 'js' == $context )
$value = js_escape($value);
$value = esc_js($value);
return $value;
}

View File

@ -1013,7 +1013,7 @@ function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) {
if ( 'attribute' == $context )
$value = esc_attr($value);
else if ( 'js' == $context )
$value = js_escape($value);
$value = esc_js($value);
return $value;
}