Ticket #3986: 2.1_inclusive.diff

wp-includes/link-template.php

@@ -459 +459 @@
-}
-
-function next_posts($max_page = 0) {
-attribute_escape
+clean_url
-}
-
-function next_posts_link($label='Next Page »', $max_page=0) {
@@ -489 +489 @@
-}
-
-function previous_posts() {
-attribute_escape
+clean_url
-}
-
-function previous_posts_link($label='« Previous Page') {

wp-includes/general-template.php

@@ -289 +289 @@
-function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
-        $text = wptexturize($text);
-        $title_text = attribute_escape($text);
+        $url = clean_url($url);
-
-        if ('link' == $format)
-                return "\t<link rel='archives' title='$title_text' href='$url' />\n";
@@ -971 +972 @@
-                $link = str_replace('%#%', $current - 1, $link);
-                if ( $add_args )
-                        $link = add_query_arg( $add_args, $link );
-attribute_escape
+clean_url
-        endif;
-        for ( $n = 1; $n <= $total; $n++ ) :
-                if ( $n == $current ) :
@@ -983 +984 @@
-                                $link = str_replace('%#%', $n, $link);
-                                if ( $add_args )
-                                        $link = add_query_arg( $add_args, $link );
-attribute_escape
+clean_url
-                                $dots = true;
-                        elseif ( $dots && !$show_all ) :
-                                $page_links[] = "<span class='page-numbers dots'>...</span>";
@@ -996 +997 @@
-                $link = str_replace('%#%', $current + 1, $link);
-                if ( $add_args )
-                        $link = add_query_arg( $add_args, $link );
-attribute_escape
+clean_url
-        endif;
-        switch ( $type ) :
-                case 'array' :

wp-includes/comment.php

@@ -169 +169 @@
-        if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
-                $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
-                $comment_author_url = stripslashes($comment_author_url);
-attribute_escape
+clean_url
-                $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
-        }
-}

wp-includes/functions.php

@@ -1192 +1192 @@
-
-        $adminurl = get_option('siteurl') . '/wp-admin';
-        if ( wp_get_referer() )
-attribute_escape
+clean_url
-
-        $title = __('WordPress Confirmation');
-        // Remove extra layer of slashes.
@@ -1209 +1209 @@
-                $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
-                $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
-        } else {
-attribute_escape
+clean_url
-        }
-        $html .= "</body>\n</html>";
-        wp_die($html, $title);

wp-includes/script-loader.php

@@ -78 +78 @@
-                                        if ( isset($this->args[$handle]) )
-                                                $ver .= '&' . $this->args[$handle];
-                                        $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
-attribute_escape
+clean_url
-                                        echo "<script type='text/javascript' src='$src'></script>\n";
-                                }
-                                $this->printed[] = $handle;

wp-includes/bookmark-template.php

@@ -96 +96 @@
-                        $output .= get_option('links_recently_updated_prepend');
-                $the_link = '#';
-                if ( !empty($row->link_url) )
-wp_specialchars
+clean_url
-                $rel = $row->link_rel;
-                if ( '' != $rel )
-                        $rel = ' rel="' . $rel . '"';
@@ -260 +260 @@
-
-                $the_link = '#';
-                if ( !empty($bookmark->link_url) )
-wp_specialchars
+clean_url
-
-                $rel = $bookmark->link_rel;
-                if ( '' != $rel )

wp-admin/edit-comments.php

@@ -101 +101 @@
-$r = '';
-if ( 1 < $page ) {
-        $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
-attribute_escape
+clean_url
-}
-if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
-        for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -111 +111 @@
-                        $p = false;
-                        if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
-                                $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
-attribute_escape
+clean_url
-                                $in = true;
-                        elseif ( $in == true ) :
-                                $r .= "...\n";
@@ -122 +122 @@
-}
-if ( ( $page ) * 20 < $total || -1 == $total ) {
-        $args['apage'] = $page + 1;
-attribute_escape
+clean_url
-}
-echo "<p class='pagenav'>$r</p>";
-?>
@@ -248 +248 @@
-$r = '';
-if ( 1 < $page ) {
-        $args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
-attribute_escape
+clean_url
-}
-if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
-        for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -258 +258 @@
-                        $p = false;
-                        if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
-                                $args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
-attribute_escape
+clean_url
-                                $in = true;
-                        elseif ( $in == true ) :
-                                $r .= "...\n";
@@ -269 +269 @@
-}
-if ( ( $page ) * 20 < $total || -1 == $total ) {
-        $args['apage'] = $page + 1;
-attribute_escape
+clean_url
-}
-echo "<p class='pagenav'>$r</p>";
-?>

wp-admin/post.php

@@ -69 +69 @@
-        ?>
-        <div id='preview' class='wrap'>
-        <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2>
-attribute_escape
+clean_url
-        </div>
-        <?php
-        break;

wp-admin/admin-functions.php

@@ -358 +358 @@
-        else if ( !empty( $post_title ) ) {
-                $text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
-                $text       = funky_javascript_fix( $text);
-attribute_escape
+clean_url
-        $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
-    }
-
@@ -417 +417 @@
-        $user = new WP_User( $user_id );
-        $user->user_login   = attribute_escape($user->user_login);
-        $user->user_email   = attribute_escape($user->user_email);
-attribute_escape
+clean_url
-        $user->first_name   = attribute_escape($user->first_name);
-        $user->last_name    = attribute_escape($user->last_name);
-        $user->display_name = attribute_escape($user->display_name);
@@ -562 +562 @@
-function get_link_to_edit( $link_id ) {
-        $link = get_link( $link_id );
-
-attribute_escape
+clean_url
-        $link->link_name        = attribute_escape($link->link_name);
-        $link->link_image       = attribute_escape($link->link_image);
-        $link->link_description = attribute_escape($link->link_description);
-attribute_escape
+clean_url
-        $link->link_rel         = attribute_escape($link->link_rel);
-        $link->link_notes       =  wp_specialchars($link->link_notes);
-        $link->post_category    = $link->link_category;
@@ -576 +576 @@
-
-function get_default_link_to_edit() {
-        if ( isset( $_GET['linkurl'] ) )
-attribute_escape
+clean_url
-        else
-                $link->link_url = '';
-
@@ -867 +867 @@
-        }
-        $r .= "</td>\n\t\t<td>";
-        if ( current_user_can( 'edit_user', $user_object->ID ) ) {
-attribute_escape
+clean_url
-                $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
-        }
-        $r .= "</td>\n\t</tr>";

wp-admin/edit-page-form.php

@@ -13 +13 @@
-        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
-}
-
-attribute_escape
+clean_url
-
-if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
-        $sendto = 'redo';

wp-admin/upload.php

@@ -90 +90 @@
-        $href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') );
-        if ( isset($tab_array[4]) && is_array($tab_array[4]) )
-                add_query_arg( $tab_array[4], $href );
-attribute_escape
+clean_url
-        $page_links = '';
-        $class = 'upload-tab alignleft';
-        if ( $tab == $t ) {

wp-admin/edit-form-advanced.php

@@ -168 +168 @@
-?>
-<input name="referredby" type="hidden" id="referredby" value="<?php 
-if ( !empty($_REQUEST['popupurl']) )
-attribute_escape
+clean_url
-else if ( url_to_postid(wp_get_referer()) == $post_ID )
-        echo 'redo';
-else
-attribute_escape
+clean_url
-?>" /></p>
-
-<?php do_action('edit_form_advanced'); ?>

wp-admin/upload-functions.php

@@ -35 +35 @@
-        $r = '';
-
-        if ( $href )
-attribute_escape
+clean_url
-        if ( $href || $image_src )
-                $r .= "\t\t\t$innerHTML";
-        if ( $href )
@@ -83 +83 @@
-                                echo '[ ';
-                                echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
-                                echo '&nbsp;|&nbsp;';
-attribute_escape
+clean_url
-                                echo '&nbsp;|&nbsp;';
-attribute_escape
+clean_url
-                                echo '&nbsp;]'; ?></span>
-                </div>
-
@@ -123 +123 @@
-                                echo '[&nbsp;';
-                                echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
-                                echo '&nbsp;|&nbsp;';
-attribute_escape
+clean_url
-                                echo '&nbsp;|&nbsp;';
-attribute_escape
+clean_url
-                                echo '&nbsp;]'; ?></span>
-                </div>
-

wp-admin/upgrade.php

@@ -28 +28 @@
-<?php
-switch($step) {
-        case 0:
-attribute_escape
+clean_url
-?> 
-<p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
-<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@@ -40 +40 @@
-                if ( empty( $_GET['backto'] ) )
-                        $backto = __get_option('home');
-                else
-attribute_escape
+clean_url
-?> 
-<h2><?php _e('Step 1'); ?></h2> 
-        <p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>

wp-admin/user-edit.php

@@ -55 +55 @@
-<div id="message" class="updated fade">
-        <p><strong><?php _e('User updated.') ?></strong></p>
-        <?php if ( $wp_http_referer ) : ?>
-attribute_escape
+clean_url
-        <?php endif; ?>
-</div>
-<?php endif; ?>

wp-admin/link-manager.php

@@ -133 +133 @@
-        foreach ($links as $link) {
-                $link->link_name = attribute_escape($link->link_name);
-                $link->link_description = wp_specialchars($link->link_description);
-attribute_escape
+clean_url
-                $link->link_category = wp_get_link_cats($link->link_id);
-                $short_url = str_replace('http://', '', $link->link_url);
-                $short_url = str_replace('www.', '', $short_url);

wp-admin/bookmarklet.php

@@ -37 +37 @@
-
-
-$content  = wp_specialchars($_REQUEST['content']);
-attribute_escape
+clean_url
-if ( !empty($content) ) {
-        $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
-} else {

wp-admin/page.php

@@ -63 +63 @@
-        ?>
-        <div id='preview' class='wrap'>
-        <h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2>
-attribute_escape
+clean_url
-        </div>
-        <?php
-        break;