diff options
49 files changed, 250 insertions, 287 deletions
diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 67fe5a9..fdfe5c7 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -13,9 +13,9 @@ function get_out_now() { exit; } add_action( 'shutdown', 'get_out_now', -1 ); function wp_ajax_meta_row( $pid, $mid, $key, $value ) { - $value = wp_specialchars($value, true); + $value = attribute_escape($value); $key_js = addslashes(wp_specialchars($key, 'double')); - $key = wp_specialchars($key, true); + $key = attribute_escape($key); $r .= "<tr id='meta-$mid'><td valign='top'>"; $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater('meta','meta-$mid');\",event);' type='text' size='20' value='$key' />"; $r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>"; @@ -141,7 +141,7 @@ case 'add-cat' : // From Manage->Categories $cat_full_name = $_cat->cat_name . ' — ' . $cat_full_name; $level++; } - $cat_full_name = wp_specialchars( $cat_full_name, 1 ); + $cat_full_name = attribute_escape($cat_full_name); $x = new WP_Ajax_Response( array( 'what' => 'cat', diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index b3fbc8b..438aa47 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -40,10 +40,10 @@ function wp_write_post() { if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_others_pages' ) ) - return new WP_Error( 'edit_others_pages', __( 'You cannot create pages as this user.' ) ); + return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); } else { if ( !current_user_can( 'edit_others_posts' ) ) - return new WP_Error( 'edit_others_posts', __( 'You cannot post as this user.' ) ); + return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) ); } } @@ -184,10 +184,10 @@ function edit_post() { if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_others_pages' ) ) - wp_die( __('You cannot edit pages as this user.' )); + wp_die( __('You are not allowed to edit pages as this user.' )); } else { if ( !current_user_can( 'edit_others_posts' ) ) - wp_die( __('You cannot edit posts as this user.' )); + wp_die( __('You are not allowed to edit posts as this user.' )); } } @@ -323,7 +323,7 @@ function get_default_post_to_edit() { else if ( !empty( $post_title ) ) { $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); $text = funky_javascript_fix( $text); - $popupurl = wp_specialchars( $_REQUEST['popupurl'] ); + $popupurl = attribute_escape($_REQUEST['popupurl']); $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; } @@ -380,17 +380,17 @@ function wp_dropdown_roles( $default = false ) { function get_user_to_edit( $user_id ) { $user = new WP_User( $user_id ); - $user->user_login = wp_specialchars( $user->user_login, 1 ); - $user->user_email = wp_specialchars( $user->user_email, 1 ); - $user->user_url = wp_specialchars( $user->user_url, 1 ); - $user->first_name = wp_specialchars( $user->first_name, 1 ); - $user->last_name = wp_specialchars( $user->last_name, 1 ); - $user->display_name = wp_specialchars( $user->display_name, 1 ); - $user->nickname = wp_specialchars( $user->nickname, 1 ); - $user->aim = wp_specialchars( $user->aim, 1 ); - $user->yim = wp_specialchars( $user->yim, 1 ); - $user->jabber = wp_specialchars( $user->jabber, 1 ); - $user->description = wp_specialchars( $user->description ); + $user->user_login = attribute_escape($user->user_login); + $user->user_email = attribute_escape($user->user_email); + $user->user_url = attribute_escape($user->user_url); + $user->first_name = attribute_escape($user->first_name); + $user->last_name = attribute_escape($user->last_name); + $user->display_name = attribute_escape($user->display_name); + $user->nickname = attribute_escape($user->nickname); + $user->aim = attribute_escape($user->aim); + $user->yim = attribute_escape($user->yim); + $user->jabber = attribute_escape($user->jabber); + $user->description = wp_specialchars($user->description); return $user; } @@ -462,6 +462,12 @@ function edit_user( $user_id = 0 ) { $user->aim = wp_specialchars( trim( $_POST['aim'] )); if ( isset( $_POST['yim'] )) $user->yim = wp_specialchars( trim( $_POST['yim'] )); + if ( !$update ) + $user->rich_editing = 'true'; // Default to true for new users. + else if ( isset( $_POST['rich_editing'] ) ) + $user->rich_editing = $_POST['rich_editing']; + else + $user->rich_editing = 'false'; $errors = new WP_Error(); @@ -521,26 +527,26 @@ function edit_user( $user_id = 0 ) { function get_link_to_edit( $link_id ) { $link = get_link( $link_id ); - $link->link_url = wp_specialchars( $link->link_url, 1 ); - $link->link_name = wp_specialchars( $link->link_name, 1 ); - $link->link_image = wp_specialchars( $link->link_image, 1 ); - $link->link_description = wp_specialchars( $link->link_description, 1 ); - $link->link_notes = wp_specialchars( $link->link_notes ); - $link->link_rss = wp_specialchars( $link->link_rss, 1 ); - $link->link_rel = wp_specialchars( $link->link_rel, 1 ); - $link->post_category = $link->link_category; + $link->link_url = attribute_escape($link->link_url); + $link->link_name = attribute_escape($link->link_name); + $link->link_image = attribute_escape($link->link_image); + $link->link_description = attribute_escape($link->link_description); + $link->link_rss = attribute_escape($link->link_rss); + $link->link_rel = attribute_escape($link->link_rel); + $link->link_notes = wp_specialchars($link->link_notes); + $link->post_category = $link->link_category; return $link; } function get_default_link_to_edit() { if ( isset( $_GET['linkurl'] ) ) - $link->link_url = wp_specialchars( $_GET['linkurl'], 1 ); + $link->link_url = attribute_escape( $_GET['linkurl']); else $link->link_url = ''; if ( isset( $_GET['name'] ) ) - $link->link_name = wp_specialchars( $_GET['name'], 1 ); + $link->link_name = attribute_escape( $_GET['name']); else $link->link_name = ''; @@ -555,7 +561,7 @@ function add_link() { function edit_link( $link_id = '' ) { if (!current_user_can( 'manage_links' )) - wp_die( __("Cheatin' uh ?" )); + wp_die( __( 'Cheatin&8217; uh?' )); $_POST['link_url'] = wp_specialchars( $_POST['link_url'] ); $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; @@ -764,11 +770,12 @@ function _cat_row( $category, $level, $name_override = false ) { $category->category_count = number_format( $category->category_count ); $category->link_count = number_format( $category->link_count ); + $posts_count = ( $category->category_count > 0 ) ? "<a href='edit.php?cat=$category->cat_ID'>$category->category_count</a>" : $category->category_count; return "<tr id='cat-$category->cat_ID'$class> <th scope='row' style='text-align: center'>$category->cat_ID</th> <td>" . ( $name_override ? $name_override : $pad . ' ' . $category->cat_name ) . "</td> <td>$category->category_description</td> - <td align='center'><a href='edit.php?cat=$category->cat_ID'>$category->category_count</a></td> + <td align='center'>$posts_count</td> <td align='center'>$category->link_count</td> <td>$edit</td>\n\t</tr>\n"; } @@ -832,12 +839,12 @@ function user_row( $user_object, $style = '' ) { $r .= "\n\t\t<td align='center'>"; if ( $numposts > 0 ) { $r .= "<a href='edit.php?author=$user_object->ID' title='" . __( 'View posts by this author' ) . "' class='edit'>"; - $r .= sprintf( __('View %1$s %2$s' ), $numposts, __ngettext( 'post', 'posts', $numposts )); + $r .= sprintf(__ngettext( 'View %s post', 'View %s posts', $numposts ), $numposts); $r .= '</a>'; } $r .= "</td>\n\t\t<td>"; if ( ( is_site_admin() || $current_user->ID == $user_object->ID ) && current_user_can( 'edit_user', $user_object->ID ) ) { - $edit_link = wp_specialchars( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) ); + $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" )); $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>"; } $r .= "</td>\n\t</tr>"; @@ -917,8 +924,8 @@ function list_meta( $meta ) { } $key_js = js_escape( $entry['meta_key'] ); - $entry['meta_key'] = wp_specialchars( $entry['meta_key'], true ); - $entry['meta_value'] = wp_specialchars( $entry['meta_value'], true ); + $entry['meta_key'] = attribute_escape($entry['meta_key']); + $entry['meta_value'] = attribute_escape($entry['meta_value']); $r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>"; $r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>"; $r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>"; @@ -971,7 +978,7 @@ function meta_form() { <?php foreach ( $keys as $key ) { - $key = wp_specialchars( $key, 1 ); + $key = attribute_escape( $key); echo "\n\t<option value='$key'>$key</option>"; } ?> @@ -1075,9 +1082,7 @@ function touch_time( $edit = 1, $for_post = 1 ) { <input type="hidden" id="ss" name="ss" value="<?php echo $ss ?>" size="2" maxlength="2" onchange="edit_date.checked=true" /> <?php if ( $edit ) { - _e( 'Existing timestamp' ); - //echo ': ' . $wp_locale->get_month( $mm ) . "$jj, $aa @ $hh:$mn"; - echo sprintf( __(': %1$s %2$s, %3$s @ %4$s:%5$s' ), $wp_locale->get_month( $mm ), $jj, $aa, $hh, $mn ); + printf( __('Existing timestamp: %1$s %2$s, %3$s @ %4$s:%5$s' ), $wp_locale->get_month( $mm ), $jj, $aa, $hh, $mn ); } ?> </fieldset> @@ -1999,7 +2004,7 @@ function wp_reset_vars( $vars ) { function wp_remember_old_slug() { global $post; - $name = wp_specialchars($post->post_name); // just in case + $name = attribute_escape($post->post_name); // just in case if ( strlen($name) ) echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />'; } diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php index def516e..cd2b542 100644 --- a/wp-admin/bookmarklet.php +++ b/wp-admin/bookmarklet.php @@ -37,7 +37,7 @@ else $content = wp_specialchars($_REQUEST['content']); -$popupurl = wp_specialchars($_REQUEST['popupurl']); +$popupurl = attribute_escape($_REQUEST['popupurl']); if ( !empty($content) ) { $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); } else { diff --git a/wp-admin/categories.php b/wp-admin/categories.php index 0bdd68f..a101727 100644 --- a/wp-admin/categories.php +++ b/wp-admin/categories.php @@ -34,10 +34,10 @@ case 'delete': // Don't delete the default cats. if ( $cat_ID == get_option('default_category') ) - wp_die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one"), $cat_name)); + wp_die(sprintf(__("Can&8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name)); if ( $cat_ID == get_option('default_link_category') ) - wp_die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one for links"), $cat_name)); + wp_die(sprintf(__("Can&8217;t delete the <strong>%s</strong> category: this is the default one for links"), $cat_name)); wp_delete_category($cat_ID); diff --git a/wp-admin/edit-category-form.php b/wp-admin/edit-category-form.php index 44328fa..2c0e036 100644 --- a/wp-admin/edit-category-form.php +++ b/wp-admin/edit-category-form.php @@ -26,8 +26,8 @@ if ( ! empty($cat_ID) ) { <?php autocomplete_css(); ?> <table class="editform" width="100%" cellspacing="2" cellpadding="5"> <tr> - <th width="33%" scope="row" valign="top"><label for="cat_name"><?php _e('Category name:') ?></label></th> - <td width="67%"><input type="text" id="cat_name" name="cat_name" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /><div id="searchresults" class="autocomplete"></div></td> + <th width="33%" scope="row" valign="top"><label for="cat_name"><?php _e('Category name:') ?></label></th> + <td width="67%"><input name="cat_name" id="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /><div id="searchresults" class="autocomplete"></div></td> </tr> <tr> <th scope="row" valign="top"><label for="category_parent"><?php _e('Category parent:') ?></label></th> @@ -37,7 +37,7 @@ if ( ! empty($cat_ID) ) { </tr> <tr> <th scope="row" valign="top"><label for="category_description"><?php _e('Description: (optional)') ?></label></th> - <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td> + <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td> </tr> </table> <?php autocomplete_textbox( "wpmu-edit.php?action=searchcategories&search=", "cat_name", "searchresults" ); ?> diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 0799839..dfa1a23 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -7,7 +7,7 @@ wp_enqueue_script( 'admin-comments' ); require_once('admin-header.php'); if (empty($_GET['mode'])) $mode = 'view'; -else $mode = wp_specialchars($_GET['mode'], 1); +else $mode = attribute_escape($_GET['mode']); ?> <script type="text/javascript"> @@ -42,7 +42,7 @@ function getNumChecked(form) <form name="searchform" action="" method="get" id="editcomments"> <fieldset> <legend><?php _e('Show Comments That Contain...') ?></legend> - <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> + <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> <input type="submit" name="submit" value="<?php _e('Search') ?>" /> <input type="hidden" name="mode" value="<?php echo $mode; ?>" /> <?php _e('(Searches within comment text, e-mail, URL, and IP address.)') ?> @@ -67,10 +67,11 @@ if ( !empty( $_POST['delete_comments'] ) ) : } endforeach; echo '<div style="background-color: rgb(207, 235, 247);" id="message" class="updated fade"><p>'; - if ( !empty( $_POST['spam_button'] ) ) - printf(__('%s comments marked as spam.'), $i); - else - printf(__('%s comments deleted.'), $i); + if ( !empty( $_POST['spam_button'] ) ) { + printf(__ngettext('%s comment marked as spam', '%s comments marked as spam.', $i), $i); + } else { + printf(__ngettext('%s comment deleted.', '%s comments deleted.', $i), $i); + } echo '</p></div>'; endif; @@ -156,12 +157,12 @@ $start = " start='$offset'"; <?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>'; - echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; + echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by "%s".\n"Cancel" to stop, "OK" to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>'; echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>'; } - echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=" . $comment->comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> "; + echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=" . $comment->comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by "%s".\n"Cancel" to stop, "OK" to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> "; } $post = get_post($comment->comment_post_ID); $post_title = wp_specialchars( $post->post_title, 'double' ); diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 1a16b17..c519d73 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -173,11 +173,11 @@ if ('publish' != $post->post_status || 0 == $post_ID) { ?> <input name="referredby" type="hidden" id="referredby" value="<?php if ( !empty($_REQUEST['popupurl']) ) - echo wp_specialchars($_REQUEST['popupurl']); + echo attribute_escape(stripslashes($_REQUEST['popupurl'])); else if ( url_to_postid(wp_get_referer()) == $post_ID ) echo 'redo'; else - echo wp_specialchars(wp_get_referer()); + echo attribute_escape(stripslashes(wp_get_referer())); ?>" /></p> <?php do_action('edit_form_advanced'); ?> @@ -211,7 +211,7 @@ if (current_user_can('upload_files')) { <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3> </div> <div class="dbx-c-ontent-wrapper"> -<div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>) +<div class="dbx-content"><?php _e('Send trackbacks to:'); ?> <?php echo $form_trackback; ?> (<?php _e('Separate multiple URLs with spaces'); ?>) <?php if ( ! empty($pings) ) echo $pings; diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php index 0cc2a37..92897b2 100644 --- a/wp-admin/edit-form-comment.php +++ b/wp-admin/edit-form-comment.php @@ -67,7 +67,7 @@ addLoadEvent(focusit); <tr> <th scope="row" valign="top"><?php _e('Delete'); $delete_nonce = wp_create_nonce( 'delete-comment_' . $comment->comment_ID ); ?>:</th> - <td><input name="deletecomment" class="button delete" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . __("You are about to delete this comment \\n \'Cancel\' to stop, \'OK\' to delete.") . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> /> + <td><input name="deletecomment" class="button delete" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n 'Cancel' to stop, 'OK' to delete.")) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> /> <input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" /> <input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" /> <input type="hidden" name="noredir" value="1" /> diff --git a/wp-admin/edit-form.php b/wp-admin/edit-form.php index d907a62..8ed3d54 100644 --- a/wp-admin/edit-form.php +++ b/wp-admin/edit-form.php @@ -51,7 +51,7 @@ edCanvas = document.getElementById('content'); <input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" /> -<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)<br />'), 'http://wordpress.org/docs/reference/post/#trackback') ?> +<p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?> <input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p> <p class="submit"><input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" value="<?php _e('Save as Draft') ?>" /> diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php index 4c0a714..c81ff05 100644 --- a/wp-admin/edit-link-form.php +++ b/wp-admin/edit-link-form.php @@ -252,7 +252,7 @@ function xfn_check($class, $value = '', $type = 'check') { <?php if ( $link_id ) : ?>
<input type="hidden" name="action" value="save" />
<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
<?php else: ?>
<input type="hidden" name="action" value="add" />
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index 42135ce..5247f17 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -13,12 +13,10 @@ if (0 == $post_ID) { $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; } -$sendto = wp_get_referer(); +$sendto = attribute_escape(stripslashes(wp_get_referer())); if ( 0 != $post_ID && $sendto == get_permalink($post_ID) ) $sendto = 'redo'; -$sendto = wp_specialchars( $sendto ); - ?> <form name="post" action="page.php" method="post" id="post"> @@ -54,13 +52,13 @@ addLoadEvent(focusit); <input name="advanced_view" type="hidden" value="1" /> <label for="comment_status" class="selectit"> <input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($post->comment_status, 'open'); ?> /> -<?php _e('Allow Comments') ?></label> +<?php _e('Allow Comments') ?></label> <label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label> </div> </fieldset> <fieldset class="dbx-box"> -<h3 class="dbx-handle"><?php _e('Page Status') ?></h3> +<h3 class="dbx-handle"><?php _e('Page Status') ?></h3> <div class="dbx-content"><?php if ( current_user_can('publish_pages') ) : ?> <label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); checked($post->post_status, 'future'); ?> /> <?php _e('Published') ?></label> <?php endif; ?> @@ -69,12 +67,12 @@ addLoadEvent(focusit); </fieldset> <fieldset id="passworddiv" class="dbx-box"> -<h3 class="dbx-handle"><?php _e('Page Password') ?></h3> +<h3 class="dbx-handle"><?php _e('Page Password') ?></h3> <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div> </fieldset> <fieldset id="pageparent" class="dbx-box"> -<h3 class="dbx-handle"><?php _e('Page Parent') ?></h3> +<h3 class="dbx-handle"><?php _e('Page Parent') ?></h3> <div class="dbx-content"><p><select name="parent_id"> <option value='0'><?php _e('Main Page (no parent)'); ?></option> <?php parent_dropdown($post->post_parent); ?> @@ -84,7 +82,7 @@ addLoadEvent(focusit); <?php if ( 0 != count( get_page_templates() ) ) { ?> <fieldset id="pagetemplate" class="dbx-box"> -<h3 class="dbx-handle"><?php _e('Page Template:') ?></h3> +<h3 class="dbx-handle"><?php _e('Page Template') ?></h3> <div class="dbx-content"><p><select name="page_template"> <option value='default'><?php _e('Default Template'); ?></option> <?php page_template_dropdown($post->page_template); ?> @@ -94,7 +92,7 @@ addLoadEvent(focusit); <?php } ?> <fieldset id="slugdiv" class="dbx-box"> -<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3> +<h3 class="dbx-handle"><?php _e('Page Slug') ?></h3> <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div> </fieldset> @@ -127,7 +125,7 @@ endforeach; </div> <fieldset id="titlediv"> - <legend><?php _e('Page Title') ?></legend> + <legend><?php _e('Page Title') ?></legend> <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div> </fieldset> @@ -140,12 +138,12 @@ endforeach; <p class="submit"> <span id="autosave"></span> <input name="save" type="submit" id="save" tabindex="3" value="<?php _e('Save and Continue Editing'); ?>" /> -<input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" /> -<?php +<input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" /> +<?php if ('publish' != $post->post_status || 0 == $post_ID): ?> <?php if ( current_user_can('publish_pages') ) : ?> - <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" /> + <input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" /> <?php endif; endif;?> <input name="referredby" type="hidden" id="referredby" value="<?php echo $sendto; ?>" /> </p> @@ -188,7 +186,7 @@ list_meta($metadata); <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); if ( current_user_can('delete_page', $post->ID) ) ?> - <input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> /> + <input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> /> <?php endif; ?> </div> diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php index ca496ab..7076a73 100644 --- a/wp-admin/edit-pages.php +++ b/wp-admin/edit-pages.php @@ -13,7 +13,7 @@ require_once('admin-header.php'); <form name="searchform" action="" method="get"> <fieldset> <legend><?php _e('Search Pages…') ?></legend> - <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> + <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> <input type="submit" name="submit" value="<?php _e('Search') ?>" /> </fieldset> </form> diff --git a/wp-admin/edit.php b/wp-admin/edit.php index c044879..205f528 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -76,7 +76,7 @@ if ( is_month() ) { <form name="searchform" id="searchform" action="" method="get"> <fieldset> <legend><?php _e('Search Posts…') ?></legend> - <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> + <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> <input type="submit" name="submit" value="<?php _e('Search') ?>" class="button" /> </fieldset> </form> @@ -195,9 +195,9 @@ foreach($posts_columns as $column_name=>$column_display_name) { case 'comments': ?> - <td style="text-align: center"><a href="edit.php?p=<?php echo $id ?>&c=1"> - <?php comments_number(__('0'), __('1'), __('%')) ?> - </a></td> + <td style="text-align: center"> + <?php comments_number(__('0'), "<a href='edit.php?p=$id&c=1'>" . __('1') . '</a>', "<a href='edit.php?p=$id&c=1'>" . __('%') . '</a>') ?> + </td> <?php break; @@ -221,7 +221,7 @@ foreach($posts_columns as $column_name=>$column_display_name) { case 'control_delete': ?> - <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> + <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . js_escape(sprintf(__("You are about to delete this post '%s'.\n'OK' to delete, 'Cancel' to stop."), get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td> <?php break; @@ -283,12 +283,12 @@ foreach ($comments as $comment) { <?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>'; - echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; + echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>'; echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>'; } - echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=".$comment->comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ]"; + echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=".$comment->comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ]"; } // end if any comments to show ?> </p> diff --git a/wp-admin/export.php b/wp-admin/export.php index 32de2bb..e4bfbac 100644 --- a/wp-admin/export.php +++ b/wp-admin/export.php @@ -14,7 +14,7 @@ require_once ('admin-header.php'); <div class="narrow">
<p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>
<p><?php _e('This format, which we call WordPress eXtended RSS or WXR, will contain your posts, comments, custom fields, and categories.'); ?></p>
-<p><?php _e('Once you\'ve saved the download file, you can use the Import function on another WordPress blog to import this blog.'); ?></p>
+<p><?php _e('Once you&8217;ve saved the download file, you can use the Import function on another WordPress blog to import this blog.'); ?></p>
<form action="" method="get">
<h3><?php _e('Optional options'); ?></h3>
diff --git a/wp-admin/index.php b/wp-admin/index.php index 96ab1d5..92702e3 100644 --- a/wp-admin/index.php +++ b/wp-admin/index.php @@ -1,36 +1,36 @@ <?php require_once('admin.php'); + +function index_js() { +?> +<script type="text/javascript"> +Event.observe( window, 'load', dashboard_init, false ); +function dashboard_init() { + var update1 = new Ajax.Updater( 'incominglinks', 'index-extra.php?jax=incominglinks' ); + var update2 = new Ajax.Updater( 'devnews', 'index-extra.php?jax=devnews' ); + var update3 = new Ajax.Updater( 'planetnews', 'index-extra.php?jax=planetnews' ); +} +</script> +<?php +} +add_action( 'admin_head', 'index_js' ); +wp_enqueue_script('prototype'); + $title = __('Dashboard'); $parent_file = 'index.php'; require_once('admin-header.php'); -require_once (ABSPATH . WPINC . '/rss.php'); $today = current_time('mysql', 1); ?> <div class="wrap"> -<h2><?php _e('Dashboard'); ?></h2> +<h2><?php _e('Welcome to WordPress'); ?></h2> <div id="zeitgeist"> <h2><?php _e('Latest Activity'); ?></h2> -<?php -$rss = @fetch_rss('http://feeds.technorati.com/cosmos/rss/?url='. trailingslashit(get_option('siteurl')) .'&partner=wordpress'); -if ( isset($rss->items) && 0 != count($rss->items) ) { -?> -<div id="incominglinks"> -<h3><?php _e('Incoming Links'); ?> <cite><a href="http://www.technorati.com/search/<?php echo trailingslashit(get_option('siteurl')); ?>?partner=wordpress"><?php _e('More'); ?> »</a></cite></h3> -<ul> -<?php -$rss->items = array_slice($rss->items, 0, 10); -foreach ($rss->items as $item ) { -?> - <li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li> -<?php } ?> -</ul> -</div> -<?php } ?> +<div id="incominglinks"></div> <?php $comments = $wpdb->get_results("SELECT comment_author, comment_author_url, comment_ID, comment_post_ID FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 5"); @@ -46,11 +46,11 @@ if ( $comments || $numcomments ) : <?php endif; ?> <ul> -<?php +<?php if ( $comments ) { foreach ($comments as $comment) { echo '<li>' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_permalink($comment->comment_post_ID) . '#comment-' . $comment->comment_ID . '">' . get_the_title($comment->comment_post_ID) . '</a>'); - edit_comment_link(__("Edit"), ' <small>(', ')</small>'); + edit_comment_link(__("Edit"), ' <small>(', ')</small>'); echo '</li>'; } } @@ -80,7 +80,7 @@ foreach ($recentposts as $post) { <?php if ( $scheduled = $wpdb->get_results("SELECT ID, post_title, post_date_gmt FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'future' ORDER BY post_date ASC") ) : -?> +?> <div> <h3><?php _e('Scheduled Entries:') ?></h3> <ul> @@ -90,7 +90,7 @@ foreach ($scheduled as $post) { $post->post_title = sprintf(__('Post #%s'), $post->ID); echo "<li>" . sprintf(__('%1$s in %2$s'), "<a href='post.php?action=edit&post=$post->ID' title='" . __('Edit this post') . "'>$post->post_title</a>", human_time_diff( current_time('timestamp', 1), strtotime($post->post_date_gmt. ' GMT') )) . "</li>"; } -?> +?> </ul> </div> <?php endif; ?> @@ -99,7 +99,7 @@ foreach ($scheduled as $post) { <h3><?php _e('Blog Stats'); ?></h3> <?php $numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish'"); -if (0 < $numposts) $numposts = number_format($numposts); +if (0 < $numposts) $numposts = number_format($numposts); $numcomms = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '1'"); if (0 < $numcomms) $numcomms = number_format($numcomms); @@ -107,14 +107,17 @@ if (0 < $numcomms) $numcomms = number_format($numcomms); $numcats = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->categories"); if (0 < $numcats) $numcats = number_format($numcats); ?> -<p><?php printf(__('There are currently %1$s <a href="%2$s" title="Posts">posts</a> and %3$s <a href="%4$s" title="Comments">comments</a>, contained within %5$s <a href="%6$s" title="categories">categories</a>.'), $numposts, 'edit.php', $numcomms, 'edit-comments.php', $numcats, 'categories.php'); ?></p> +<p><?php +$post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), $numposts, 'edit.php'); +$comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), $numcomms, 'edit-comments.php'); +$cat_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), $numcats, 'categories.php'); + +printf(__('There are currently %1$s and %2$s, contained within %3$s.'), $post_str, $comm_str, $cat_str); ?></p> </div> <?php do_action('activity_box_end'); ?> </div> -<h3><?php _e('Welcome to WordPress MU'); ?></h3> - <p><?php _e('Use these links to get started:'); ?></p> <ul> @@ -130,48 +133,11 @@ if (0 < $numcats) $numcats = number_format($numcats); <?php endif; ?> </ul> <p><?php _e("Need help with WordPress? Please see our <a href='http://codex.wordpress.org/'>documentation</a> or visit the <a href='http://wordpress.org/support/'>support forums</a>."); ?></p> -<?php -$rss = @fetch_rss('http://wordpress.org/development/feed/'); -if ( isset($rss->items) && 0 != count($rss->items) ) { -?> -<div id="devnews"> -<h3><?php _e('WordPress Development Blog'); ?></h3> -<?php -$rss->items = array_slice($rss->items, 0, 3); -foreach ($rss->items as $item ) { -?> -<h4><a href='<?php echo wp_filter_kses($item['link']); ?>'><?php echo wp_specialchars($item['title']); ?></a> — <?php printf(__('%s ago'), human_time_diff(strtotime($item['pubdate'], time() ) ) ); ?></h4> -<p><?php echo $item['description']; ?></p> -<?php - } -} -?> -</div> -<?php -$rss = @fetch_rss('http://planet.wordpress.org/feed/'); -if ( isset($rss->items) && 0 != count($rss->items) ) { -?> -<div id="planetnews"> -<h3><?php _e('Other WordPress News'); ?></h3> -<ul> -<?php -$rss->items = array_slice($rss->items, 0, 20); -foreach ($rss->items as $item ) { -$title = wp_specialchars($item['title']); -$author = preg_replace( '|(.+?):.+|s', '$1', $item['title'] ); -$post = preg_replace( '|.+?:(.+)|s', '$1', $item['title'] ); -?> -<li><a href='<?php echo wp_filter_kses($item['link']); ?>'><span class="post"><?php echo $post; ?></span><span class="hidden"> - </span><cite><?php echo $author; ?></cite></a></li> -<?php - } -?> -</ul> -<p class="readmore"><a href="http://planet.wordpress.org/"><?php _e('Read more'); ?> »</a></p> -</div> -<?php -} -?> +<div id="devnews"></div> + +<div id="planetnews"></div> + <div style="clear: both"> <br clear="all" /> </div> diff --git a/wp-admin/link-add.php b/wp-admin/link-add.php index c871e53..2f7ed78 100644 --- a/wp-admin/link-add.php +++ b/wp-admin/link-add.php @@ -28,7 +28,7 @@ require('admin-header.php'); <div id="wp-link-bookmarklet" class="wrap"> <h3><?php _e('Add Link Bookmarklet'); ?></h3> -<p><?php _e('Right click on the following link and choose "Bookmark This Link..." to create an add link shortcut. Right now this only works on Mozilla or Netscape, but we’re working on it.'); ?></p> +<p><?php _e('Right click on the following link and choose "Bookmark This Link..." to create an add link shortcut. Right now this only works on Mozilla or Netscape, but we&8217;re working on it.'); ?></p> <?php printf('<p><a href="%s" title="'.__('Link add bookmarklet').'">'.__('Link This').'</a></p>', "javascript:void(linkmanpopup=window.open('" . get_option('siteurl') . "/wp-admin/link-add.php?action=popup&linkurl='+escape(location.href)+'&name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?> </div> diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 562e2e5..05b1841 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -65,7 +65,7 @@ function checkAll(form) if ( isset($_GET['deleted']) ) { echo '<div style="background-color: rgb(207, 235, 247);" id="message" class="updated fade"><p>'; $deleted = (int) $_GET['deleted']; - printf(__('%s links deleted.'), $deleted); + printf(__ngettext('%s link deleted.', '%s links deleted', $deleted), $deleted); echo '</p></div>'; } ?> @@ -116,7 +116,7 @@ if ( $links ) { <?php wp_nonce_field('bulk-bookmarks') ?> <input type="hidden" name="link_id" value="" /> <input type="hidden" name="action" value="" /> -<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" /> +<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" /> <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> <table class="widefat"> <thead> @@ -130,9 +130,9 @@ if ( $links ) { <tbody id="the-list"> <?php foreach ($links as $link) { - $link->link_name = wp_specialchars($link->link_name); + $link->link_name = attribute_escape($link->link_name); $link->link_description = wp_specialchars($link->link_description); - $link->link_url = wp_specialchars($link->link_url); + $link->link_url = attribute_escape($link->link_url); $link->link_category = wp_get_link_cats($link->link_id); $short_url = str_replace('http://', '', $link->link_url); $short_url = str_replace('www.', '', $short_url); @@ -188,7 +188,6 @@ if ( $links ) { echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>'; echo "\n </tr>\n"; } -} ?> </tbody> </table> @@ -198,6 +197,7 @@ if ( $links ) { <p class="submit"><input type="submit" class="button" name="deletebookmarks" id="deletebookmarks" value="<?php _e('Delete Checked Links') ?> »" onclick="return confirm('<?php echo js_escape(__("You are about to delete these links permanently.\n'Cancel' to stop, 'OK' to delete.")); ?>')" /></p> </form> +<?php } ?> <?php if( wp_cache_get( "checked_bookmarks_table", "options" ) == false ) { $results = $wpdb->get_results( "SELECT link_id, category_id, count( * ) AS c FROM {$wpdb->link2cat} GROUP BY link_id, category_id" ); diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index 8999741..22bcf26 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -72,32 +72,20 @@ if ( isset($_GET['deleted']) || isset($_GET['approved']) || isset($_GET['ignored $ignored = (int) $_GET['ignored']; $spam = (int) $_GET['spam']; if ($approved) { - if ('1' == $approved) { - echo __("1 comment approved") . " <br/>\n"; - } else { - echo sprintf(__("%s comments approved <br />"), $approved) . "\n"; - } + printf(__ngettext('%s comment approved', '%s comments approved', $approved), $approved); + echo "<br/>\n"; } if ($deleted) { - if ('1' == $deleted) { - echo __("1 comment deleted") . " <br/>\n"; - } else { - echo sprintf(__("%s comments deleted"), $deleted) . " <br/>\n"; - } + printf(__ngettext('%s comment deleted', '%s comments deleted', $deleted), $deleted); + echo "<br/>\n"; } if ($spam) { - if ('1' == $spam) { - echo __("1 comment marked as spam") . " <br/>\n"; - } else { - echo sprintf(__("%s comments marked as spam"), $spam) . " <br/>\n"; - } + printf(__ngettext('%s comment marked as spam', '%s comments marked as spam', $spam), $spam); + echo "<br/>\n"; } if ($ignored) { - if ('1' == $ignored) { - echo __("1 comment unchanged") . " <br/>\n"; - } else { - echo sprintf(__("%s comments unchanged"), $ignored) . " <br/>\n"; - } + printf(__ngettext('%s comment unchanged', '%s comments unchanged', $ignored), $ignored); + echo "<br/>\n"; } echo "</p></div>\n"; } @@ -135,7 +123,7 @@ $i = 0; <?php comment_text() ?> <p><?php comment_date('M j, g:i A'); ?> — [ <?php echo '<a href="comment.php?action=editcomment&c='.$comment->comment_ID.'">' . __('Edit') . '</a> | '; -echo " <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete ') . "</a> | "; ?> +echo " <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by "%s".\n"Cancel" to stop, "OK" to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete ') . "</a> | "; ?> <?php $post = get_post($comment->comment_post_ID); $post_title = wp_specialchars( $post->post_title, 'double' ); diff --git a/wp-admin/options-discussion.php b/wp-admin/options-discussion.php index 74503ed..51b3122 100644 --- a/wp-admin/options-discussion.php +++ b/wp-admin/options-discussion.php @@ -13,7 +13,7 @@ include('admin-header.php'); <?php wp_nonce_field('update-options') ?> <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options »') ?>" /></p> <fieldset class="options"> -<legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend> +<legend><?php echo __('Usual settings for an article:').'<br /><small><em>('.__('These settings may be overridden for individual articles.').')</em></small>'; ?></legend> <ul> <li> <label for="default_pingback_flag"> diff --git a/wp-admin/options-misc.php b/wp-admin/options-misc.php index cb68832..4b6a875 100644 --- a/wp-admin/options-misc.php +++ b/wp-admin/options-misc.php @@ -19,7 +19,7 @@ include('admin-header.php'); <table class="editform optiontable"> <tr valign="top"> <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th> -<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_option('upload_path')), 1); ?>" size="40" /> +<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" size="40" /> <br /> <?php _e('Default is <code>wp-content/uploads</code>'); ?> </td> diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php index eb7ac66..fe3f87a 100644 --- a/wp-admin/options-permalink.php +++ b/wp-admin/options-permalink.php @@ -149,7 +149,7 @@ checked="checked" </label> <br /> </p> -<p id="customstructure"><?php _e('Custom structure'); ?>: <?php if( $current_site->domain.$current_site->path == $current_blog->domain.$current_blog->path ) { echo "/blog"; $permalink_structure = str_replace( "/blog", "", $permalink_structure ); }?><input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p> +<p id="customstructure"><?php _e('Custom structure'); ?>: <?php if( $current_site->domain.$current_site->path == $current_blog->domain.$current_blog->path ) { echo "/blog"; $permalink_structure = str_replace( "/blog", "", $permalink_structure ); }?><input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape( $permalink_structure ); ?>" size="50" /></p> <h3><?php _e('Optional'); ?></h3> <?php if ($is_apache) : ?> @@ -158,7 +158,7 @@ checked="checked" <p><?php _e('If you like, you may enter a custom prefix for your category <abbr title="Universal Resource Locator">URL</abbr>s here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p> <?php endif; ?> <p> - <?php _e('Category base'); ?>: <?php if( $current_site->domain.$current_site->path == $current_blog->domain.$current_blog->path ) { echo "/blog"; $category_base = str_replace( "/blog", "", $category_base ); }?><input name="category_base" type="text" class="code" value="<?php echo $category_base; ?>" size="30" /> + <?php _e('Category base'); ?>: <?php if( $current_site->domain.$current_site->path == $current_blog->domain.$current_blog->path ) { echo "/blog"; $category_base = str_replace( "/blog", "", $category_base ); }?><input name="category_base" type="text" class="code" value="<?php echo attribute_escape( $category_base ); ?>" size="30" /> </p> <p class="submit"> <input type="submit" name="submit" value="<?php _e('Update Permalink Structure »') ?>" /> diff --git a/wp-admin/options.php b/wp-admin/options.php index ceb4830..63486d5 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -173,7 +173,7 @@ endforeach; ?> </table> <?php $options_to_update = implode(',', $options_to_update); ?> -<p class="submit"><input type="hidden" name="page_options" value="<?php echo wp_specialchars($options_to_update, true); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> +<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> </form> </div> diff --git a/wp-admin/page.php b/wp-admin/page.php index 0e523e2..acffa30 100644 --- a/wp-admin/page.php +++ b/wp-admin/page.php @@ -62,7 +62,7 @@ case 'edit': ?> <div id='preview' class='wrap'> <h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2> - <iframe src="<?php echo wp_specialchars(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> + <iframe src="<?php echo attribute_escape(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> </div> <?php break; diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 304eb64..dc8fa28 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -86,7 +86,7 @@ $plugins = get_plugins(); if (empty($plugins)) { echo '<p>'; - _e("Couldn't open plugins directory or there are no plugins available."); // TODO: make more helpful + _e("Couldn&8217;t open plugins directory or there are no plugins available."); // TODO: make more helpful echo '</p>'; } else { ?> diff --git a/wp-admin/post.php b/wp-admin/post.php index b35ff33..dd756fb 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -63,7 +63,7 @@ case 'edit': ?> <div id='preview' class='wrap'> <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2> - <iframe src="<?php echo wp_specialchars(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> + <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> </div> <?php break; diff --git a/wp-admin/profile-update.php b/wp-admin/profile-update.php index d4fd657..6310186 100644 --- a/wp-admin/profile-update.php +++ b/wp-admin/profile-update.php @@ -17,12 +17,6 @@ if ( is_wp_error( $errors ) ) { exit; } -if ( rich_edit_exists() ) { - if ( !isset( $_POST['rich_editing'] ) ) - $_POST['rich_editing'] = 'false'; - update_user_option( $current_user->id, 'rich_editing', $_POST['rich_editing'], true ); -} - if ( isset( $_POST['primary_blog'] ) ) { $primary_blog = (int) $_POST['primary_blog']; update_user_option( $current_user->id, 'primary_blog', $primary_blog, true ); diff --git a/wp-admin/templates.php b/wp-admin/templates.php index b38465b..b032494 100644 --- a/wp-admin/templates.php +++ b/wp-admin/templates.php @@ -99,7 +99,7 @@ if ( $recents ) : <?php echo '<ol>'; foreach ($recents as $recent) : - echo "<li><a href='templates.php?file=" . wp_specialchars($recent, true) . "'>" . get_file_description(basename($recent)) . "</a></li>"; + echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . get_file_description(basename($recent)) . "</a></li>"; endforeach; echo '</ol>'; endif; diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index 6dc6ec3..cc044ed 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -89,7 +89,7 @@ default: $theme_name = $a_theme['Name']; if ($theme_name == $theme) $selected = " selected='selected'"; else $selected = ''; - $theme_name = wp_specialchars($theme_name, true); + $theme_name = attribute_escape($theme_name); echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>"; } ?> diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php index e44f07a..3e1b740 100644 --- a/wp-admin/upgrade.php +++ b/wp-admin/upgrade.php @@ -28,7 +28,7 @@ else <?php switch($step) { case 0: - $goback = wp_specialchars(wp_get_referer()); + $goback = attribute_escape(stripslashes(wp_get_referer())); ?> <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> <h2 class="step"><a href="upgrade.php?step=1&backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress »'); ?></a></h2> @@ -40,7 +40,7 @@ switch($step) { if ( empty( $_GET['backto'] ) ) $backto = __get_option('home'); else - $backto = wp_specialchars( $_GET['backto'] , 1 ); + $backto = attribute_escape(stripslashes($_GET['backto'])); if( $wpdb->get_row( "SELECT blog_id FROM wp_blog_versions WHERE blog_id = '{$wpdb->blogid}'" ) ) { $wpdb->query( "UPDATE wp_blog_versions SET db_version = '{$wp_db_version}' WHERE blog_id = '{$wpdb->blogid}'" ); } else { diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php index 3b093d1..5e6c8c8 100644 --- a/wp-admin/upload-functions.php +++ b/wp-admin/upload-functions.php @@ -7,7 +7,7 @@ function wp_upload_display( $dims = false, $href = '' ) { list($width,$height) = wp_shrink_dimensions($attachment_data['width'], $attachment_data['height'], 171, 128); ob_start(); the_title(); - $post_title = wp_specialchars( ob_get_contents(), 1 ); + $post_title = attribute_escape(ob_get_contents()); ob_end_clean(); $post_content = apply_filters( 'content_edit_pre', $post->post_content ); @@ -71,9 +71,9 @@ function wp_upload_view() { echo '[ '; echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'edit' ), 1 ) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; + echo '<a href="' . attribute_escape(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( remove_query_arg( array('action', 'ID') ), 1 ) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; + echo '<a href="' . attribute_escape(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; echo ' ]'; ?></span> </div> @@ -111,9 +111,9 @@ function wp_upload_form() { echo '[ '; echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'view' ), 1 ) . '">' . __('links') . '</a>'; + echo '<a href="' . attribute_escape(add_query_arg('action', 'view')) . '">' . __('links') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( remove_query_arg( array('action','ID') ), 1 ) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; + echo '<a href="' . attribute_escape(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; echo ' ]'; ?></span> </div> diff --git a/wp-admin/upload-js.php b/wp-admin/upload-js.php index c0a7a1b..e5a65f2 100644 --- a/wp-admin/upload-js.php +++ b/wp-admin/upload-js.php @@ -72,22 +72,22 @@ addLoadEvent( function() { var params = $H(this.params); params.ID = ''; params.action = ''; - h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1); ?></a>"; + h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')); ?></a>"; } else { - h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1) ?></a>"; + h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')) ?></a>"; } h += "<div id='file-title'>" if ( !this.currentImage.isImage ) - h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>" + this.currentImage.title + "</a></h2>"; + h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>"; else h += "<h2>" + this.currentImage.title + "</h2>"; h += " — <span>"; - h += "<a href='#' onclick='return theFileList.editView(" + id + ");'><?php echo wp_specialchars(__('Edit'), 1); ?></a>" + h += "<a href='#' onclick='return theFileList.editView(" + id + ");'><?php echo attribute_escape(__('Edit')); ?></a>" h += "</span>"; h += '</div>' h += "<div id='upload-file-view' class='alignleft'>"; if ( this.currentImage.isImage ) { - h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>"; + h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>"; h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />"; h += "</a>"; } else @@ -97,20 +97,20 @@ addLoadEvent( function() { h += "<form name='uploadoptions' id='uploadoptions' class='alignleft'>"; h += "<table>"; if ( this.currentImage.thumb ) { - h += "<tr><th style='padding-bottom:.5em'><?php echo wp_specialchars(__('Show:'), 1); ?></th><td style='padding-bottom:.5em'>"; - h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo wp_specialchars(__('Thumbnail'), 1); ?></label><br />"; - h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo wp_specialchars(__('Full size'), 1); ?></label>"; + h += "<tr><th style='padding-bottom:.5em'><?php echo attribute_escape(__('Show:')); ?></th><td style='padding-bottom:.5em'>"; + h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo attribute_escape(__('Thumbnail')); ?></label><br />"; + h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo attribute_escape(__('Full size')); ?></label>"; h += "</td></tr>"; } - h += "<tr><th><?php echo wp_specialchars(__('Link to:'), 1); ?></th><td>"; - h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo wp_specialchars(__('File'), 1); ?></label><br />"; - h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo wp_specialchars(__('Page'), 1); ?></label><br />"; - h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo wp_specialchars(__('None'), 1); ?></label>"; + h += "<tr><th><?php echo attribute_escape(__('Link to:')); ?></th><td>"; + h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo attribute_escape(__('File')); ?></label><br />"; + h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo attribute_escape(__('Page')); ?></label><br />"; + h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo attribute_escape(__('None')); ?></label>"; h += "</td></tr>"; h += "<tr><td colspan='2'><p class='submit'>"; - h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo wp_specialchars(__('Send to editor »'), 1); ?>' />"; + h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo attribute_escape(__('Send to editor »')); ?>' />"; h += "</p></td></tr></table>"; h += "</form>"; @@ -134,17 +134,17 @@ addLoadEvent( function() { var params = $H(this.params); params.ID = ''; params.action = ''; - h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1); ?></a>"; + h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')); ?></a>"; } else { - h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('« Back'), 1); ?></a>"; + h += "<a href='#' onclick='return theFileList.cancelView();' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('« Back')); ?></a>"; } h += "<div id='file-title'>" if ( !this.currentImage.isImage ) - h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>" + this.currentImage.title + "</a></h2>"; + h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>"; else h += "<h2>" + this.currentImage.title + "</h2>"; h += " — <span>"; - h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php wp_specialchars(__('Insert'), 1); ?></a>" + h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php attribute_escape(__('Insert')); ?></a>" h += "</span>"; h += '</div>' h += "<div id='upload-file-view' class='alignleft'>"; @@ -158,20 +158,20 @@ addLoadEvent( function() { h += "<table><col /><col class='widefat' /><tr>" - h += "<th scope='row'><label for='url'><?php echo wp_specialchars(__('URL'), 1); ?></label></th>"; + h += "<th scope='row'><label for='url'><?php echo attribute_escape(__('URL')); ?></label></th>"; h += "<td><input type='text' id='url' class='readonly' value='" + this.currentImage.srcBase + this.currentImage.src + "' readonly='readonly' /></td>"; h += "</tr><tr>"; - h += "<th scope='row'><label for='post_title'><?php echo wp_specialchars(__('Title'), 1); ?></label></th>"; + h += "<th scope='row'><label for='post_title'><?php echo attribute_escape(__('Title')); ?></label></th>"; h += "<td><input type='text' id='post_title' name='post_title' value='" + this.currentImage.title + "' /></td>"; h += "</tr><tr>"; - h += "<th scope='row'><label for='post_content'><?php echo wp_specialchars(__('Description'), 1); ?></label></th>"; + h += "<th scope='row'><label for='post_content'><?php echo attribute_escape(__('Description')); ?></label></th>"; h += "<td><textarea name='post_content' id='post_content'>" + this.currentImage.description + "</textarea></td>"; - h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo wp_specialchars(__('Delete File'), 1); ?>' onclick='theFileList.deleteFile(" + id + ");' />"; + h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo attribute_escape(__('Delete File')); ?>' onclick='theFileList.deleteFile(" + id + ");' />"; h += "<input type='hidden' name='from_tab' value='" + this.tab + "' />"; h += "<input type='hidden' name='action' id='action-value' value='save' />"; h += "<input type='hidden' name='ID' value='" + id + "' />"; h += "<input type='hidden' name='_wpnonce' value='" + this.nonce + "' />"; - h += "<div class='submit'><input type='submit' value='<?php echo wp_specialchars(__('Save »'), 1); ?>' /></div>"; + h += "<div class='submit'><input type='submit' value='<?php echo attribute_escape(__('Save »')); ?>' /></div>"; h += "</td></tr></table></form>"; new Insertion.Top('upload-content', h); diff --git a/wp-admin/upload.php b/wp-admin/upload.php index b2977c7..4daf643 100644 --- a/wp-admin/upload.php +++ b/wp-admin/upload.php @@ -87,7 +87,7 @@ foreach ( $wp_upload_tabs as $t => $tab_array ) { // We've already done the curr $href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') ); if ( isset($tab_array[4]) && is_array($tab_array[4]) ) add_query_arg( $tab_array[4], $href ); - $_href = wp_specialchars( $href, 1 ); + $_href = attribute_escape( $href); $page_links = ''; $class = 'upload-tab alignleft'; if ( $tab == $t ) { diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index cc5d758..46c72d9 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -61,7 +61,7 @@ include ('admin-header.php'); <div id="message" class="updated fade"> <p><strong><?php _e('User updated.') ?></strong></p> <?php if ( $wp_http_referer ) : ?> - <p><a href="<?php echo wp_specialchars($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p> + <p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p> <?php endif; ?> </div> <?php endif; ?> diff --git a/wp-admin/users.php b/wp-admin/users.php index ca49c24..0b0ca9b 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -12,10 +12,10 @@ $action = $_REQUEST['action']; $update = ''; if ( empty($_POST) ) { - $referer = '<input type="hidden" name="wp_http_referer" value="'. wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; + $referer = '<input type="hidden" name="wp_http_referer" value="'. attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; } elseif ( isset($_POST['wp_http_referer']) ) { - $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), urlencode(stripslashes($_POST['wp_http_referer']))); - $referer = '<input type="hidden" name="wp_http_referer" value="' . wp_specialchars($redirect) . '" />'; + $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_POST['wp_http_referer'])); + $referer = '<input type="hidden" name="wp_http_referer" value="' . attribute_escape($redirect) . '" />'; } else { $redirect = 'users.php'; } @@ -388,7 +388,7 @@ default: case 'del_many': ?> <?php $delete_count = (int) $_GET['delete_count']; ?> - <div id="message" class="updated fade"><p><?php printf(__('%1$s %2$s deleted.'), $delete_count, __ngettext('user', 'users', $delete_count) ); ?></p></div> + <div id="message" class="updated fade"><p><?php printf(__ngettext('%s user deleted', '%s users deleted', $delete_count), $delete_count); ?></p></div> <?php break; case 'remove': @@ -468,7 +468,7 @@ default: <?php endif; ?> <form action="" method="get" name="search" id="search"> - <p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term, 1); ?>" /> <input type="submit" value="<?php _e('Search users »'); ?>" class="button" /></p> + <p><input type="text" name="usersearch" id="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search users »'); ?>" class="button" /></p> </form> <?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?> @@ -541,7 +541,7 @@ foreach ( (array) $roleclass as $user_object ) { <h3><?php _e('Update Selected'); ?></h3> <ul style="list-style:none;"> - <li><input type="radio" name="action" id="action0" value="removeuser" /> <label for="action0"><?php _e('Remove checked users.'); ?></label></li> + <li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li> <li> <input type="radio" name="action" id="action1" value="promote" /> <label for="action1"><?php _e('Set the Role of checked users to:'); ?></label> <select name="new_role" onchange="getElementById('action1').checked = 'true'"><?php wp_dropdown_roles(); ?></select> @@ -559,7 +559,7 @@ foreach ( (array) $roleclass as $user_object ) { if ( is_wp_error($add_user_errors) ) { foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { $var = 'new_' . $var; - $$var = wp_specialchars(stripslashes($_POST[$formpost])); + $$var = attribute_escape(stripslashes($_POST[$formpost])); } unset($name); } diff --git a/wp-content/themes/classic/comments-popup.php b/wp-content/themes/classic/comments-popup.php index 5d9101b..269e8a8 100644 --- a/wp-content/themes/classic/comments-popup.php +++ b/wp-content/themes/classic/comments-popup.php @@ -60,7 +60,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" /> <label for="author"><?php _e("Name"); ?></label> <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> - <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" /> + <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" /> </p> <p> diff --git a/wp-content/themes/default/comments-popup.php b/wp-content/themes/default/comments-popup.php index 46662b2..c812293 100644 --- a/wp-content/themes/default/comments-popup.php +++ b/wp-content/themes/default/comments-popup.php @@ -60,7 +60,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" /> <label for="author">Name</label> <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /> - <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" /> + <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" /> </p> <p> diff --git a/wp-includes/author-template.php b/wp-includes/author-template.php index c76d44f..28fa28d 100644 --- a/wp-includes/author-template.php +++ b/wp-includes/author-template.php @@ -139,7 +139,7 @@ function the_author_posts() { function the_author_posts_link($deprecated = '') { global $authordata; - echo '<a href="' . get_author_posts_url($authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(get_the_author())) . '">' . get_the_author() . '</a>'; + echo '<a href="' . get_author_posts_url($authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape(get_the_author())) . '">' . get_the_author() . '</a>'; } function get_author_posts_url($author_id, $author_nicename = '') { @@ -202,7 +202,7 @@ function wp_list_authors($args = '') { if ( !$hide_empty ) $link = $name; } else { - $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->display_name)) . '">' . $name . '</a>'; + $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>'; if ( (! empty($feed_image)) || (! empty($feed)) ) { $link .= ' '; diff --git a/wp-includes/bookmark-template.php b/wp-includes/bookmark-template.php index e27e8bc..e71b9d6 100644 --- a/wp-includes/bookmark-template.php +++ b/wp-includes/bookmark-template.php @@ -101,8 +101,8 @@ function get_links($category = -1, if ( '' != $rel ) $rel = ' rel="' . $rel . '"'; - $desc = wp_specialchars($row->link_description, ENT_QUOTES); - $name = wp_specialchars($row->link_name, ENT_QUOTES); + $desc = attribute_escape($row->link_description); + $name = attribute_escape($row->link_name); $title = $desc; if ( $show_updated ) @@ -266,8 +266,8 @@ function _walk_bookmarks($bookmarks, $args = '' ) { if ( '' != $rel ) $rel = ' rel="' . $rel . '"'; - $desc = wp_specialchars($bookmark->link_description, ENT_QUOTES); - $name = wp_specialchars($bookmark->link_name, ENT_QUOTES); + $desc = attribute_escape($bookmark->link_description); + $name = attribute_escape($bookmark->link_name); $title = $desc; if ( $show_updated ) diff --git a/wp-includes/classes.php b/wp-includes/classes.php index fb3110a..62cee05 100644 --- a/wp-includes/classes.php +++ b/wp-includes/classes.php @@ -509,7 +509,7 @@ class Walker_Page extends Walker { elseif ( $_current_page && $page->ID == $_current_page->post_parent ) $css_class .= ' current_page_parent'; - $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($page->post_title, 1) . '">' . $page->post_title . '</a>'; + $output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attribute_escape($page->post_title) . '">' . $page->post_title . '</a>'; if ( !empty($show_date) ) { if ( 'modified' == $show_date ) @@ -575,12 +575,12 @@ class Walker_Category extends Walker { function start_el($output, $category, $depth, $args) { extract($args); - $cat_name = wp_specialchars( $category->cat_name, 1 ); + $cat_name = attribute_escape( $category->cat_name); $link = '<a href="' . get_category_link( $category->cat_ID ) . '" '; if ( $use_desc_for_title == 0 || empty($category->category_description) ) $link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"'; else - $link .= 'title="' . wp_specialchars( apply_filters( 'category_description', $category->category_description, $category ), 1 ) . '"'; + $link .= 'title="' . attribute_escape( apply_filters( 'category_description', $category->category_description, $category )) . '"'; $link .= '>'; $link .= apply_filters( 'list_cats', $category->cat_name, $category ).'</a>'; diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 6f53558..38587da 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -353,7 +353,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com if (!empty($CSSclass)) { echo ' class="'.$CSSclass.'"'; } - $title = wp_specialchars(apply_filters('the_title', get_the_title()), true); + $title = attribute_escape(apply_filters('the_title', get_the_title())); echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">'; comments_number($zero, $one, $more, $number); echo '</a>'; diff --git a/wp-includes/comment.php b/wp-includes/comment.php index a7bf344..c9e47cb 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -155,21 +155,21 @@ function sanitize_comment_cookies() { if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); $comment_author = stripslashes($comment_author); - $comment_author = wp_specialchars($comment_author, true); + $comment_author = attribute_escape($comment_author); $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; } if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); $comment_author_email = stripslashes($comment_author_email); - $comment_author_email = wp_specialchars($comment_author_email, true); + $comment_author_email = attribute_escape($comment_author_email); $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; } if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); $comment_author_url = stripslashes($comment_author_url); - $comment_author_url = wp_specialchars($comment_author_url, true); + $comment_author_url = attribute_escape($comment_author_url); $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; } } @@ -204,13 +204,11 @@ function wp_allow_comment($commentdata) { $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); } - // The author and the admins get respect. if ( $userdata && is_site_admin( $userdata->user_login ) == false && ( $user_id == $post_author || $user->has_cap('level_9' ) ) ) { + // The author and the admins get respect. $approved = 1; - } - - // Everyone else's comments will be checked. - else { + } else { + // Everyone else's comments will be checked. if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) ) $approved = 1; else diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index cef58dd..badd080 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -749,22 +749,22 @@ function human_time_diff( $from, $to = '' ) { $diff = (int) abs($to - $from); if ($diff <= 3600) { $mins = round($diff / 60); - if ($mins <= 1) - $since = __('1 min'); - else - $since = sprintf( __('%s mins'), $mins); + if ($mins <= 1) { + $mins = 1; + } + $since = sprintf(__ngettext('%s min', '%s mins', $mins), $mins); } else if (($diff <= 86400) && ($diff > 3600)) { $hours = round($diff / 3600); - if ($hours <= 1) - $since = __('1 hour'); - else - $since = sprintf( __('%s hours'), $hours ); + if ($hours <= 1) { + $hour = 1; + } + $since = sprintf(__ngettext('%s hour', '%s hours', $hours), $hours); } elseif ($diff >= 86400) { $days = round($diff / 86400); - if ($days <= 1) - $since = __('1 day'); - else - $since = sprintf( __('%s days'), $days ); + if ($days <= 1) { + $days = 1; + } + $since = sprintf(__('%s day', '%s days', $days), $days); } return $since; } @@ -1087,9 +1087,16 @@ function htmlentities2($myHTML) { // Escape single quotes, specialchar double quotes, and fix line endings. function js_escape($text) { - $text = wp_specialchars($text, 'double'); - $text = str_replace(''', "'", $text); - return preg_replace("/\r?\n/", "\\n", addslashes($text)); + $safe_text = wp_specialchars($text, 'double'); + $safe_text = str_replace(''', "'", $safe_text); + $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text)); + return apply_filters('js_escape', $safe_text, $text); +} + +// Escaping for HTML attributes +function attribute_escape($text) { + $safe_text = wp_specialchars($text, true); + return apply_filters('attribute_escape', $safe_text, $text); } function wp_make_link_relative( $link ) { diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 61b553b..102f12d 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -248,7 +248,7 @@ function get_option($setting) { } function form_option($option) { - echo wp_specialchars( get_option($option), 1 ); + echo attribute_escape(get_option($option)); } function get_alloptions() { @@ -933,16 +933,16 @@ function wp_nonce_field($action = -1) { } function wp_referer_field() { - $ref = wp_specialchars($_SERVER['REQUEST_URI']); + $ref = attribute_escape($_SERVER['REQUEST_URI']); echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />'; if ( wp_get_original_referer() ) { - $original_ref = wp_specialchars(stripslashes(wp_get_original_referer())); + $original_ref = attribute_escape(stripslashes(wp_get_original_referer())); echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />'; } } function wp_original_referer_field() { - echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; + echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; } function wp_get_referer() { @@ -1209,7 +1209,7 @@ function wp_nonce_ays($action) { foreach ( (array) $q as $a ) { $v = substr(strstr($a, '='), 1); $k = substr($a, 0, -(strlen($v)+1)); - $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; + $html .= "\t\t<input type='hidden' name='" . attribute_escape(urldecode($k)) . "' value='" . attribute_escape(urldecode($v)) . "' />\n"; } $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index 5045b6f..9032c79 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -279,7 +279,7 @@ function single_month_title($prefix = '', $display = true ) { /* link navigation hack by Orien http://icecode.com/ */ function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { $text = wptexturize($text); - $title_text = wp_specialchars($text, 1); + $title_text = attribute_escape($text); if ('link' == $format) return "\t<link rel='archives' title='$title_text' href='$url' />\n"; @@ -906,7 +906,7 @@ function the_editor($content, $id = 'content', $prev_id = 'title') { function the_search_query() { global $s; - echo wp_specialchars( stripslashes($s), 1 ); + echo attribute_escape(stripslashes($s)); } function language_attributes() { @@ -961,7 +961,7 @@ function paginate_links( $arg = '' ) { $link = str_replace('%#%', $current - 1, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = "<a class='prev page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$prev_text</a>"; + $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape($link) . "'>$prev_text</a>"; endif; for ( $n = 1; $n <= $total; $n++ ) : if ( $n == $current ) : @@ -973,7 +973,7 @@ function paginate_links( $arg = '' ) { $link = str_replace('%#%', $n, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = "<a class='page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$n</a>"; + $page_links[] = "<a class='page-numbers' href='" . attribute_escape($link) . "'>$n</a>"; $dots = true; elseif ( $dots && !$show_all ) : $page_links[] = "<span class='page-numbers dots'>...</span>"; @@ -986,7 +986,7 @@ function paginate_links( $arg = '' ) { $link = str_replace('%#%', $current + 1, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = "<a class='next page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$next_text</a>"; + $page_links[] = "<a class='next page-numbers' href='" . attribute_escape($link) . "'>$next_text</a>"; endif; switch ( $type ) : case 'array' : diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 7f536a5..f0a5771 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -822,6 +822,7 @@ function kses_init_filters() { // Post filtering add_filter('content_save_pre', 'wp_filter_post_kses'); + add_filter('excerpt_save_pre', 'wp_filter_post_kses'); add_filter('content_filtered_save_pre', 'wp_filter_post_kses'); add_filter('pre_comment_author', 'wp_filter_kses'); add_action('admin_notices', 'wp_kses_show_message'); @@ -834,6 +835,7 @@ function kses_remove_filters() { // Post filtering remove_filter('content_save_pre', 'wp_filter_post_kses'); + remove_filter('excerpt_save_pre', 'wp_filter_post_kses'); remove_filter('content_filtered_save_pre', 'wp_filter_post_kses'); } diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php index e1d83c5..101c9b6 100644 --- a/wp-includes/post-template.php +++ b/wp-includes/post-template.php @@ -334,7 +334,7 @@ function get_the_attachment_link($id = 0, $fullsize = false, $max_dims = false) if ( ('attachment' != $_post->post_type) || ('' == $_post->guid) ) return __('Missing Attachment'); - $post_title = wp_specialchars( $_post->post_title, 1 ); + $post_title = attribute_escape($_post->post_title); if (! empty($_post->guid) ) { $innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims); @@ -420,7 +420,7 @@ function get_attachment_icon($id = 0, $fullsize = false, $max_dims = false) { } } - $post_title = wp_specialchars( $post->post_title, 1 ); + $post_title = attribute_escape($post->post_title); $icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>"; @@ -435,7 +435,7 @@ function get_attachment_innerHTML($id = 0, $fullsize = false, $max_dims = false) $post = & get_post($id); - $innerHTML = wp_specialchars( $post->post_title, 1 ); + $innerHTML = attribute_escape($post->post_title); return apply_filters('attachment_innerHTML', $innerHTML, $post->ID); } diff --git a/wp-includes/registration.php b/wp-includes/registration.php index 8f99a01..1e7a38c 100644 --- a/wp-includes/registration.php +++ b/wp-includes/registration.php @@ -79,6 +79,9 @@ function wp_insert_user($userdata) { $description = ''; $description = apply_filters('pre_user_description', $description); + if ( empty($rich_editing) ) + $rich_editing = 'true'; + if ( empty($user_registered) ) $user_registered = gmdate('Y-m-d H:i:s'); @@ -104,6 +107,7 @@ function wp_insert_user($userdata) { update_usermeta( $user_id, 'jabber', $jabber ); update_usermeta( $user_id, 'aim', $aim ); update_usermeta( $user_id, 'yim', $yim ); + update_usermeta( $user_id, 'rich_editing', $rich_editing); if ( $update && isset($role) ) { $user = new WP_User($user_id); diff --git a/wp-links-opml.php b/wp-links-opml.php index 9f15af4..82146fc 100644 --- a/wp-links-opml.php +++ b/wp-links-opml.php @@ -30,13 +30,13 @@ else foreach ((array) $cats as $cat) { ?> -<outline type="category" title="<?php echo wp_specialchars($cat->cat_name); ?>"> +<outline type="category" title="<?php echo attribute_escape($cat->cat_name); ?>"> <?php $bookmarks = get_bookmarks("category={$cat->cat_ID}"); foreach ((array) $bookmarks as $bookmark) { ?> - <outline text="<?php echo wp_specialchars($bookmark->link_name); ?>" type="link" xmlUrl="<?php echo wp_specialchars($bookmark->link_rss); ?>" htmlUrl="<?php echo wp_specialchars($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" /> + <outline text="<?php echo attribute_escape($bookmark->link_name); ?>" type="link" xmlUrl="<?php echo attribute_escape($bookmark->link_rss); ?>" htmlUrl="<?php echo attribute_escape($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" /> <?php } diff --git a/wp-login.php b/wp-login.php index abb85e1..00dceee 100644 --- a/wp-login.php +++ b/wp-login.php @@ -35,7 +35,7 @@ function login_header($title = 'Login', $message = '') { <?php if ( ('rtl' == $wp_locale->text_direction) ) : ?> <link rel="stylesheet" href="<?php bloginfo('wpurl'); ?>/wp-admin/rtl.css?version=<?php bloginfo('version'); ?>" type="text/css" /> <?php endif; ?> - <!--[if IE]><style type="text/css">#login h1 a { margin-top: 35px; } #login ul { padding-bottom: 65px; }</style><![endif]--><!-- Curse you, IE! --> + <!--[if IE]><style type="text/css">#login h1 a { margin-top: 35px; } #login #login_error { margin-bottom: 10px; }</style><![endif]--><!-- Curse you, IE! --> <script type="text/javascript"> function focusit() { document.getElementById('user_login').focus(); @@ -44,7 +44,7 @@ function login_header($title = 'Login', $message = '') { </script> <?php do_action('login_head'); ?> </head> -<body> +<body class="login"> <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://' . $current_site->domain . $current_site->path ); ?>" title="<?php echo apply_filters('login_headertitle', $current_site->site_name ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1> <?php @@ -139,11 +139,11 @@ case 'retrievepassword' : <form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post"> <p> <label><?php _e('Username:') ?><br /> - <input type="text" name="user_login" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($_POST['user_login']), 1); ?>" size="20" tabindex="10" /></label> + <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label> </p> <p> <label><?php _e('E-mail:') ?><br /> - <input type="text" name="user_email" id="user_email" class="input" value="<?php echo wp_specialchars(stripslashes($_POST['user_email']), 1); ?>" size="25" tabindex="20" /></label> + <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_email'])); ?>" size="25" tabindex="20" /></label> </p> <?php do_action('lostpassword_form'); ?> <p class="submit"><input type="submit" name="submit" id="submit" value="<?php _e('Get New Password »'); ?>" tabindex="100" /></p> @@ -266,7 +266,7 @@ default: <form name="loginform" id="loginform" action="http://<?php echo $current_blog->domain . $current_blog->path ?>wp-login.php" method="post"> <p> <label><?php _e('Username:') ?><br /> - <input type="text" name="log" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="10" /></label> + <input type="text" name="log" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label> </p> <p> <label><?php _e('Password:') ?><br /> @@ -276,7 +276,7 @@ default: <p><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> <?php _e('Remember me'); ?></label></p> <p class="submit"> <input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> »" tabindex="100" /> - <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" /> + <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" /> </p> </form> <ul> |