diff options
Diffstat (limited to 'wp-admin/edit.php')
| -rw-r--r-- | wp-admin/edit.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/wp-admin/edit.php b/wp-admin/edit.php index c044879..205f528 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -76,7 +76,7 @@ if ( is_month() ) { <form name="searchform" id="searchform" action="" method="get"> <fieldset> <legend><?php _e('Search Posts…') ?></legend> - <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> + <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> <input type="submit" name="submit" value="<?php _e('Search') ?>" class="button" /> </fieldset> </form> @@ -195,9 +195,9 @@ foreach($posts_columns as $column_name=>$column_display_name) { case 'comments': ?> - <td style="text-align: center"><a href="edit.php?p=<?php echo $id ?>&c=1"> - <?php comments_number(__('0'), __('1'), __('%')) ?> - </a></td> + <td style="text-align: center"> + <?php comments_number(__('0'), "<a href='edit.php?p=$id&c=1'>" . __('1') . '</a>', "<a href='edit.php?p=$id&c=1'>" . __('%') . '</a>') ?> + </td> <?php break; @@ -221,7 +221,7 @@ foreach($posts_columns as $column_name=>$column_display_name) { case 'control_delete': ?> - <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> + <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . js_escape(sprintf(__("You are about to delete this post '%s'.\n'OK' to delete, 'Cancel' to stop."), get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td> <?php break; @@ -283,12 +283,12 @@ foreach ($comments as $comment) { <?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>'; - echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; + echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>'; echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>'; } - echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=".$comment->comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ]"; + echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=".$comment->comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ]"; } // end if any comments to show ?> </p> |