From e232ef9a326805f4b9aad1d6fbd2ad1f4a224c9d Mon Sep 17 00:00:00 2001 From: ryan Date: Sat, 24 Jun 2006 01:28:08 +0000 Subject: [PATCH] js_escape() in onclicks. fixes #2851 git-svn-id: http://svn.automattic.com/wordpress/trunk@3907 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-functions.php | 4 ++-- wp-admin/edit-form-advanced.php | 2 +- wp-admin/edit-page-form.php | 2 +- wp-admin/link-manager.php | 2 +- wp-includes/formatting.php | 4 +++- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index f5172e8b3e..f7ae3c03d2 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -656,7 +656,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) { $default_link_cat_id = get_option('default_link_category'); if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) ) - $edit .= "cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete').""; + $edit .= "cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete').""; else $edit .= "".__("Default"); } @@ -710,7 +710,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0, $hierarchy = true) { post_modified); ?> " . __('Edit') . ""; } ?> - " . __('Delete') . ""; } ?> + " . __('Delete') . ""; } ?> -post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> /> +post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> /> diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index 530f979957..4cefe1fac4 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -185,7 +185,7 @@ list_meta($metadata); ID) ) ?> - escape($post->post_title) ) . "')\""; ?> /> + post_title) ) . "')\""; ?> /> diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 6ded7f9d5b..1c9a16aa86 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -176,7 +176,7 @@ if ($links) '.__('Edit').''; - echo 'link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').''; + echo 'link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );" class="delete">'.__('Delete').''; echo ''; echo "\n \n"; } diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 61cd1b2806..7d52ed9e6b 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1044,6 +1044,8 @@ function htmlentities2($myHTML) { // Escape single quotes, specialchar double quotes, and fix line endings. function js_escape($text) { $text = wp_specialchars($text, 'double'); - return preg_replace("/\r?\n/", "\\n", addslashes($text)); + $text = str_replace(''', "'", $text); + return preg_replace("/\r?\n/", "\\n", addslashes($text)); } + ?>