From dcf53d5bbba23f30accff8e119af4974e8828172 Mon Sep 17 00:00:00 2001
From: Lance Willett <nanobar@gmail.com>
Date: Thu, 22 Jan 2015 00:42:23 +0000
Subject: [PATCH] Twenty Eleven: fix escaping and minor code style issues. See
 #29127. Built from https://develop.svn.wordpress.org/trunk@31265

git-svn-id: http://core.svn.wordpress.org/trunk@31246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-content/themes/twentyeleven/404.php        |  2 +-
 wp-content/themes/twentyeleven/author.php     |  2 +-
 .../themes/twentyeleven/content-image.php     |  2 +-
 wp-content/themes/twentyeleven/functions.php  | 34 +++++++-------
 wp-content/themes/twentyeleven/header.php     |  4 +-
 wp-content/themes/twentyeleven/image.php      |  2 +-
 .../themes/twentyeleven/inc/theme-options.php |  8 ++--
 .../themes/twentyeleven/inc/widgets.php       | 46 +++++++++----------
 wp-content/themes/twentyeleven/showcase.php   | 16 +++----
 wp-includes/version.php                       |  2 +-
 10 files changed, 59 insertions(+), 59 deletions(-)

diff --git a/wp-content/themes/twentyeleven/404.php b/wp-content/themes/twentyeleven/404.php
index ae0ad04800..63437b9ae1 100644
--- a/wp-content/themes/twentyeleven/404.php
+++ b/wp-content/themes/twentyeleven/404.php
@@ -34,7 +34,7 @@ get_header(); ?>
 					<?php
 					/* translators: %1$s: smilie */
 					$archive_content = '<p>' . sprintf( __( 'Try looking in the monthly archives. %1$s', 'twentyeleven' ), convert_smilies( ':)' ) ) . '</p>';
-					the_widget( 'WP_Widget_Archives', array('count' => 0 , 'dropdown' => 1 ), array( 'after_title' => '</h2>'.$archive_content ) );
+					the_widget( 'WP_Widget_Archives', array( 'count' => 0, 'dropdown' => 1 ), array( 'after_title' => '</h2>' . $archive_content ) );
 					?>
 
 					<?php the_widget( 'WP_Widget_Tag_Cloud' ); ?>
diff --git a/wp-content/themes/twentyeleven/author.php b/wp-content/themes/twentyeleven/author.php
index 28775d94b9..274d5b87a4 100644
--- a/wp-content/themes/twentyeleven/author.php
+++ b/wp-content/themes/twentyeleven/author.php
@@ -26,7 +26,7 @@ get_header(); ?>
 				?>
 
 				<header class="page-header">
-					<h1 class="page-title author"><?php printf( __( 'Author Archives: %s', 'twentyeleven' ), '<span class="vcard"><a class="url fn n" href="' . esc_url( get_author_posts_url( get_the_author_meta( "ID" ) ) ) . '" title="' . esc_attr( get_the_author() ) . '" rel="me">' . get_the_author() . '</a></span>' ); ?></h1>
+					<h1 class="page-title author"><?php printf( __( 'Author Archives: %s', 'twentyeleven' ), '<span class="vcard"><a class="url fn n" href="' . esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ) . '" title="' . esc_attr( get_the_author() ) . '" rel="me">' . get_the_author() . '</a></span>' ); ?></h1>
 				</header>
 
 				<?php
diff --git a/wp-content/themes/twentyeleven/content-image.php b/wp-content/themes/twentyeleven/content-image.php
index 3ed8ecdc09..4afaf4adeb 100644
--- a/wp-content/themes/twentyeleven/content-image.php
+++ b/wp-content/themes/twentyeleven/content-image.php
@@ -20,7 +20,7 @@
 
 			<?php if ( comments_open() && ! post_password_required() ) : ?>
 			<div class="comments-link">
-				<?php comments_popup_link( '<span class="leave-reply">' . __( "Reply", 'twentyeleven' ) . '</span>', _x( '1', 'comments number', 'twentyeleven' ), _x( '%', 'comments number', 'twentyeleven' ) ); ?>
+				<?php comments_popup_link( '<span class="leave-reply">' . __( 'Reply', 'twentyeleven' ) . '</span>', _x( '1', 'comments number', 'twentyeleven' ), _x( '%', 'comments number', 'twentyeleven' ) ); ?>
 			</div>
 			<?php endif; ?>
 		</header><!-- .entry-header -->
diff --git a/wp-content/themes/twentyeleven/functions.php b/wp-content/themes/twentyeleven/functions.php
index 483b88df50..74e0b20c88 100644
--- a/wp-content/themes/twentyeleven/functions.php
+++ b/wp-content/themes/twentyeleven/functions.php
@@ -330,16 +330,16 @@ if ( ! function_exists( 'twentyeleven_admin_header_image' ) ) :
 function twentyeleven_admin_header_image() { ?>
 	<div id="headimg">
 		<?php
-		$color = get_header_textcolor();
-		$image = get_header_image();
-		if ( $color && $color != 'blank' )
-			$style = ' style="color:#' . $color . '"';
-		else
-			$style = ' style="display:none"';
-		?>
-		<h1 class="displaying-header-text"><a id="name"<?php echo $style; ?> onclick="return false;" href="<?php echo esc_url( home_url( '/' ) ); ?>" tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1>
-		<div id="desc" class="displaying-header-text"<?php echo $style; ?>><?php bloginfo( 'description' ); ?></div>
-		<?php if ( $image ) : ?>
+  		$color = get_header_textcolor();
+  		$image = get_header_image();
+		$style = 'display: none;';
+  		if ( $color && $color != 'blank' ) {
+			$style = 'color: #' . $color . ';';
+  		}
+  		?>
+		<h1 class="displaying-header-text"><a id="name" style="<?php echo esc_attr( $style ); ?>" onclick="return false;" href="<?php echo esc_url( home_url( '/' ) ); ?>" tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1>
+		<div id="desc" class="displaying-header-text" style="<?php echo esc_attr( $style ); ?>"><?php bloginfo( 'description' ); ?></div>
+  		<?php if ( $image ) : ?>
 			<img src="<?php echo esc_url( $image ); ?>" alt="" />
 		<?php endif; ?>
 	</div>
@@ -446,7 +446,7 @@ function twentyeleven_widgets_init() {
 		'name' => __( 'Main Sidebar', 'twentyeleven' ),
 		'id' => 'sidebar-1',
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -456,7 +456,7 @@ function twentyeleven_widgets_init() {
 		'id' => 'sidebar-2',
 		'description' => __( 'The sidebar for the optional Showcase Template', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -466,7 +466,7 @@ function twentyeleven_widgets_init() {
 		'id' => 'sidebar-3',
 		'description' => __( 'An optional widget area for your site footer', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -476,7 +476,7 @@ function twentyeleven_widgets_init() {
 		'id' => 'sidebar-4',
 		'description' => __( 'An optional widget area for your site footer', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -486,7 +486,7 @@ function twentyeleven_widgets_init() {
 		'id' => 'sidebar-5',
 		'description' => __( 'An optional widget area for your site footer', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -581,7 +581,7 @@ function twentyeleven_footer_sidebar_class() {
 	}
 
 	if ( $class )
-		echo 'class="' . $class . '"';
+		echo 'class="' . esc_attr( $class ) . '"';
 }
 
 if ( ! function_exists( 'twentyeleven_comment' ) ) :
@@ -717,7 +717,7 @@ function twentyeleven_get_gallery_images() {
 	if ( function_exists( 'get_post_galleries' ) ) {
 		$galleries = get_post_galleries( get_the_ID(), false );
 		if ( isset( $galleries[0]['ids'] ) )
-		 	$images = explode( ',', $galleries[0]['ids'] );
+			$images = explode( ',', $galleries[0]['ids'] );
 	} else {
 		$pattern = get_shortcode_regex();
 		preg_match( "/$pattern/s", get_the_content(), $match );
diff --git a/wp-content/themes/twentyeleven/header.php b/wp-content/themes/twentyeleven/header.php
index f48e4cf74f..f9be4f52e0 100644
--- a/wp-content/themes/twentyeleven/header.php
+++ b/wp-content/themes/twentyeleven/header.php
@@ -40,7 +40,7 @@
 
 	// Add a page number if necessary:
 	if ( ( $paged >= 2 || $page >= 2 ) && ! is_404() )
-		echo ' | ' . sprintf( __( 'Page %s', 'twentyeleven' ), max( $paged, $page ) );
+		echo esc_html( ' | ' . sprintf( __( 'Page %s', 'twentyeleven' ), max( $paged, $page ) ) );
 
 	?></title>
 <link rel="profile" href="http://gmpg.org/xfn/11" />
@@ -111,7 +111,7 @@
 							$header_image_height = HEADER_IMAGE_HEIGHT;
 						}
 						?>
-					<img src="<?php header_image(); ?>" width="<?php echo $header_image_width; ?>" height="<?php echo $header_image_height; ?>" alt="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>" />
+					<img src="<?php header_image(); ?>" width="<?php echo esc_attr( $header_image_width ); ?>" height="<?php echo esc_attr( $header_image_height ); ?>" alt="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>" />
 				<?php endif; // end check for featured image or standard header ?>
 			</a>
 			<?php endif; // end check for removed header image ?>
diff --git a/wp-content/themes/twentyeleven/image.php b/wp-content/themes/twentyeleven/image.php
index 7516b034c8..5c855904f6 100644
--- a/wp-content/themes/twentyeleven/image.php
+++ b/wp-content/themes/twentyeleven/image.php
@@ -66,7 +66,7 @@ get_header(); ?>
 			$next_attachment_url = get_attachment_link( $attachments[ $k ]->ID );
 		else
 			// or get the URL of the first image attachment
-			$next_attachment_url = get_attachment_link( $attachments[ 0 ]->ID );
+			$next_attachment_url = get_attachment_link( $attachments[0]->ID );
 	} else {
 		// or, if there's only 1 image, get the URL of the image
 		$next_attachment_url = wp_get_attachment_url();
diff --git a/wp-content/themes/twentyeleven/inc/theme-options.php b/wp-content/themes/twentyeleven/inc/theme-options.php
index b63d058cc7..59f5140ee6 100644
--- a/wp-content/themes/twentyeleven/inc/theme-options.php
+++ b/wp-content/themes/twentyeleven/inc/theme-options.php
@@ -218,7 +218,7 @@ function twentyeleven_get_default_theme_options() {
 	);
 
 	if ( is_rtl() )
- 		$default_theme_options['theme_layout'] = 'sidebar-content';
+		$default_theme_options['theme_layout'] = 'sidebar-content';
 
 	/**
 	 * Filter the Twenty Eleven default options.
@@ -277,7 +277,7 @@ function twentyeleven_settings_field_color_scheme() {
 		<input type="hidden" id="default-color-<?php echo esc_attr( $scheme['value'] ); ?>" value="<?php echo esc_attr( $scheme['default_link_color'] ); ?>" />
 		<span>
 			<img src="<?php echo esc_url( $scheme['thumbnail'] ); ?>" width="136" height="122" alt="" />
-			<?php echo $scheme['label']; ?>
+			<?php echo esc_html( $scheme['label'] ); ?>
 		</span>
 	</label>
 	</div>
@@ -316,7 +316,7 @@ function twentyeleven_settings_field_layout() {
 			<input type="radio" name="twentyeleven_theme_options[theme_layout]" value="<?php echo esc_attr( $layout['value'] ); ?>" <?php checked( $options['theme_layout'], $layout['value'] ); ?> />
 			<span>
 				<img src="<?php echo esc_url( $layout['thumbnail'] ); ?>" width="136" height="122" alt="" />
-				<?php echo $layout['label']; ?>
+				<?php echo esc_html( $layout['label'] ); ?>
 			</span>
 		</label>
 		</div>
@@ -562,7 +562,7 @@ function twentyeleven_customize_register( $wp_customize ) {
 	$layouts = twentyeleven_layouts();
 	$choices = array();
 	foreach ( $layouts as $layout ) {
-		$choices[$layout['value']] = $layout['label'];
+		$choices[ $layout['value'] ] = $layout['label'];
 	}
 
 	$wp_customize->add_control( 'twentyeleven_theme_options[theme_layout]', array(
diff --git a/wp-content/themes/twentyeleven/inc/widgets.php b/wp-content/themes/twentyeleven/inc/widgets.php
index 12bc745ace..94326a1f62 100644
--- a/wp-content/themes/twentyeleven/inc/widgets.php
+++ b/wp-content/themes/twentyeleven/inc/widgets.php
@@ -22,9 +22,9 @@ class Twenty_Eleven_Ephemera_Widget extends WP_Widget {
 		$this->WP_Widget( 'widget_twentyeleven_ephemera', __( 'Twenty Eleven Ephemera', 'twentyeleven' ), $widget_ops );
 		$this->alt_option_name = 'widget_twentyeleven_ephemera';
 
-		add_action( 'save_post', array(&$this, 'flush_widget_cache' ) );
-		add_action( 'deleted_post', array(&$this, 'flush_widget_cache' ) );
-		add_action( 'switch_theme', array(&$this, 'flush_widget_cache' ) );
+		add_action( 'save_post', array( &$this, 'flush_widget_cache' ) );
+		add_action( 'deleted_post', array( &$this, 'flush_widget_cache' ) );
+		add_action( 'switch_theme', array( &$this, 'flush_widget_cache' ) );
 	}
 
 	/**
@@ -38,14 +38,14 @@ class Twenty_Eleven_Ephemera_Widget extends WP_Widget {
 	function widget( $args, $instance ) {
 		$cache = wp_cache_get( 'widget_twentyeleven_ephemera', 'widget' );
 
-		if ( !is_array( $cache ) )
+		if ( ! is_array( $cache ) )
 			$cache = array();
 
 		if ( ! isset( $args['widget_id'] ) )
 			$args['widget_id'] = null;
 
-		if ( isset( $cache[$args['widget_id']] ) ) {
-			echo $cache[$args['widget_id']];
+		if ( isset( $cache[ $args['widget_id'] ] ) ) {
+			echo $cache[ $args['widget_id'] ];
 			return;
 		}
 
@@ -53,25 +53,25 @@ class Twenty_Eleven_Ephemera_Widget extends WP_Widget {
 		extract( $args, EXTR_SKIP );
 
 		/** This filter is documented in wp-includes/default-widgets.php */
-		$title = apply_filters( 'widget_title', empty( $instance['title'] ) ? __( 'Ephemera', 'twentyeleven' ) : $instance['title'], $instance, $this->id_base);
+		$args['title'] = apply_filters( 'widget_title', empty( $instance['title'] ) ? __( 'Ephemera', 'twentyeleven' ) : $instance['title'], $instance, $this->id_base );
 
 		if ( ! isset( $instance['number'] ) )
 			$instance['number'] = '10';
 
-		if ( ! $number = absint( $instance['number'] ) )
- 			$number = 10;
+		if ( ! $args['number'] = absint( $instance['number'] ) )
+			$args['number'] = 10;
 
 		$ephemera_args = array(
-			'order' => 'DESC',
-			'posts_per_page' => $number,
-			'no_found_rows' => true,
-			'post_status' => 'publish',
-			'post__not_in' => get_option( 'sticky_posts' ),
-			'tax_query' => array(
+			'order'          => 'DESC',
+			'posts_per_page' => $args['number'],
+			'no_found_rows'  => true,
+			'post_status'    => 'publish',
+			'post__not_in'   => get_option( 'sticky_posts' ),
+			'tax_query'      => array(
 				array(
 					'taxonomy' => 'post_format',
-					'terms' => array( 'post-format-aside', 'post-format-link', 'post-format-status', 'post-format-quote' ),
-					'field' => 'slug',
+					'terms'    => array( 'post-format-aside', 'post-format-link', 'post-format-status', 'post-format-quote' ),
+					'field'    => 'slug',
 					'operator' => 'IN',
 				),
 			),
@@ -79,10 +79,10 @@ class Twenty_Eleven_Ephemera_Widget extends WP_Widget {
 		$ephemera = new WP_Query( $ephemera_args );
 
 		if ( $ephemera->have_posts() ) :
-			echo $before_widget;
-			echo $before_title;
-			echo $title; // Can set this with a widget option, or omit altogether
-			echo $after_title;
+			echo $args['before_widget'];
+			echo $args['before_title'];
+			echo $args['title'];
+			echo $args['after_title'];
 			?>
 			<ol>
 			<?php while ( $ephemera->have_posts() ) : $ephemera->the_post(); ?>
@@ -111,7 +111,7 @@ class Twenty_Eleven_Ephemera_Widget extends WP_Widget {
 			</ol>
 			<?php
 
-			echo $after_widget;
+			echo $args['after_widget'];
 
 			// Reset the post globals as this query will have stomped on it
 			wp_reset_postdata();
@@ -119,7 +119,7 @@ class Twenty_Eleven_Ephemera_Widget extends WP_Widget {
 		// end check for ephemeral posts
 		endif;
 
-		$cache[$args['widget_id']] = ob_get_flush();
+		$cache[ $args['widget_id'] ] = ob_get_flush();
 		wp_cache_set( 'widget_twentyeleven_ephemera', $cache, 'widget' );
 	}
 
diff --git a/wp-content/themes/twentyeleven/showcase.php b/wp-content/themes/twentyeleven/showcase.php
index 8b076b6cf9..bc9e4c9ac9 100644
--- a/wp-content/themes/twentyeleven/showcase.php
+++ b/wp-content/themes/twentyeleven/showcase.php
@@ -105,7 +105,7 @@ get_header(); ?>
 					}
 					?>
 
-					<section class="featured-post <?php echo $feature_class; ?>" id="featured-post-<?php echo $counter_slider; ?>">
+					<section class="featured-post <?php echo esc_attr( $feature_class ); ?>" id="featured-post-<?php echo esc_attr( $counter_slider ); ?>">
 
 						<?php
 							/*
@@ -135,20 +135,20 @@ get_header(); ?>
 					<?php
 
 						// Reset the counter so that we end up with matching elements
-				    	$counter_slider = 0;
+						$counter_slider = 0;
 
 						// Begin from zero
-				    	rewind_posts();
+						rewind_posts();
 
 						// Let's roll again.
-				    	while ( $featured->have_posts() ) : $featured->the_post();
-				    		$counter_slider++;
+						while ( $featured->have_posts() ) : $featured->the_post();
+							$counter_slider++;
 							if ( 1 == $counter_slider )
-								$class = 'class="active"';
+								$class = ' class="active"';
 							else
 								$class = '';
-				    	?>
-						<li><a href="#featured-post-<?php echo $counter_slider; ?>" title="<?php echo esc_attr( sprintf( __( 'Featuring: %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ) ); ?>" <?php echo $class; ?>></a></li>
+						?>
+						<li><a href="#featured-post-<?php echo esc_attr( $counter_slider ); ?>" title="<?php echo esc_attr( sprintf( __( 'Featuring: %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ) ); ?>"<?php echo $class; ?>></a></li>
 					<?php endwhile;	?>
 					</ul>
 				</nav>
diff --git a/wp-includes/version.php b/wp-includes/version.php
index f82ee8f925..4b9e898c72 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.2-alpha-31264';
+$wp_version = '4.2-alpha-31265';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.