Ticket #3986: trunk_wp-admin_m-z.diff
| File trunk_wp-admin_m-z.diff, 4.8 kB (added by markjaquith, 1 year ago) |
|---|
-
post.php
old new 69 69 ?> 70 70 <div id='preview' class='wrap'> 71 71 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2> 72 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>72 <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 73 73 </div> 74 74 <?php 75 75 break; -
upload.php
old new 90 90 $href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') ); 91 91 if ( isset($tab_array[4]) && is_array($tab_array[4]) ) 92 92 add_query_arg( $tab_array[4], $href ); 93 $_href = attribute_escape( $href);93 $_href = clean_url( $href); 94 94 $page_links = ''; 95 95 $class = 'upload-tab alignleft'; 96 96 if ( $tab == $t ) { -
upload-functions.php
old new 83 83 echo '[ '; 84 84 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 85 85 echo ' | '; 86 echo '<a href="' . attribute_escape(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';86 echo '<a href="' . clean_url(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; 87 87 echo ' | '; 88 echo '<a href="' . attribute_escape(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';88 echo '<a href="' . clean_url(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 89 89 echo ' ]'; ?></span> 90 90 </div> 91 91 … … 123 123 echo '[ '; 124 124 echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; 125 125 echo ' | '; 126 echo '<a href="' . attribute_escape(add_query_arg('action', 'view')) . '">' . __('links') . '</a>';126 echo '<a href="' . clean_url(add_query_arg('action', 'view')) . '">' . __('links') . '</a>'; 127 127 echo ' | '; 128 echo '<a href="' . attribute_escape(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';128 echo '<a href="' . clean_url(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; 129 129 echo ' ]'; ?></span> 130 130 </div> 131 131 -
upgrade.php
old new 35 35 <?php else : 36 36 switch($step) : 37 37 case 0: 38 $goback = attribute_escape(stripslashes(wp_get_referer()));38 $goback = clean_url(stripslashes(wp_get_referer())); 39 39 ?> 40 40 <h2><?php _e('Database Upgrade Required'); ?></h2> 41 41 <p><?php _e('Your WordPress database is out-of-date, and must be upgraded before you can continue.'); ?></p> … … 49 49 if ( empty( $_GET['backto'] ) ) 50 50 $backto = __get_option('home') . '/'; 51 51 else 52 $backto = attribute_escape(stripslashes($_GET['backto']));52 $backto = clean_url(stripslashes($_GET['backto'])); 53 53 ?> 54 54 <h2><?php _e('Upgrade Complete'); ?></h2> 55 55 <p><?php _e('Your WordPress database has been successfully upgraded!'); ?></p> -
user-edit.php
old new 55 55 <div id="message" class="updated fade"> 56 56 <p><strong><?php _e('User updated.') ?></strong></p> 57 57 <?php if ( $wp_http_referer ) : ?> 58 <p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p>58 <p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('« Back to Authors and Users'); ?></a></p> 59 59 <?php endif; ?> 60 60 </div> 61 61 <?php endif; ?> -
page.php
old new 64 64 ?> 65 65 <div id='preview' class='wrap'> 66 66 <h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2> 67 <iframe src="<?php echo attribute_escape(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>67 <iframe src="<?php echo clean_url(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 68 68 </div> 69 69 <?php 70 70 break;
