Changeset 5058
- Timestamp:
- 03/17/07 09:04:56 (1 year ago)
- Files:
-
- branches/2.0/wp-admin/admin-functions.php (modified) (2 diffs)
- branches/2.0/wp-admin/bookmarklet.php (modified) (1 diff)
- branches/2.0/wp-admin/post.php (modified) (1 diff)
- branches/2.0/wp-admin/upgrade.php (modified) (2 diffs)
- branches/2.0/wp-includes/functions.php (modified) (1 diff)
- branches/2.0/wp-includes/links.php (modified) (1 diff)
- branches/2.0/wp-includes/template-functions-links.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/2.0/wp-admin/admin-functions.php
r5007 r5058 468 468 $link = get_link($link_id); 469 469 470 $link->link_url = attribute_escape($link->link_url);470 $link->link_url = clean_url($link->link_url); 471 471 $link->link_name = attribute_escape($link->link_name); 472 472 $link->link_image = attribute_escape($link->link_image); 473 473 $link->link_description = attribute_escape($link->link_description); 474 $link->link_rss = attribute_escape($link->link_rss);474 $link->link_rss = clean_url($link->link_rss); 475 475 $link->link_rel = attribute_escape($link->link_rel); 476 476 $link->link_notes = wp_specialchars($link->link_notes); … … 482 482 function get_default_link_to_edit() { 483 483 if ( isset($_GET['linkurl']) ) 484 $link->link_url = attribute_escape($_GET['linkurl']);484 $link->link_url = clean_url($_GET['linkurl']); 485 485 else 486 486 $link->link_url = ''; branches/2.0/wp-admin/bookmarklet.php
r4656 r5058 38 38 39 39 $content = wp_specialchars($_REQUEST['content']); 40 $popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));40 $popupurl = clean_url(stripslashes($_REQUEST['popupurl'])); 41 41 if ( !empty($content) ) { 42 42 $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) ); branches/2.0/wp-admin/post.php
r4709 r5058 82 82 <div id='preview' class='wrap'> 83 83 <h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit ↑'); ?></a></small></h2> 84 <iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>84 <iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe> 85 85 </div> 86 86 <?php branches/2.0/wp-admin/upgrade.php
r4656 r5058 68 68 69 69 case 0: 70 $goback = attribute_escape(stripslashes(wp_get_referer()));70 $goback = clean_url(stripslashes(wp_get_referer())); 71 71 ?> 72 72 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> … … 87 87 $backto = __get_option('home'); 88 88 else 89 $backto = attribute_escape(stripslashes($_GET['backto']));89 $backto = clean_url(stripslashes($_GET['backto'])); 90 90 ?> 91 91 <h2><?php _e('Step 1'); ?></h2> branches/2.0/wp-includes/functions.php
r5041 r5058 2492 2492 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 2493 2493 } else { 2494 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";2494 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 2495 2495 } 2496 2496 $html .= "</body>\n</html>"; branches/2.0/wp-includes/links.php
r4656 r5058 213 213 $the_link = '#'; 214 214 if (!empty($row->link_url)) 215 $the_link = attribute_escape($row->link_url);215 $the_link = clean_url($row->link_url); 216 216 217 217 $rel = $row->link_rel; branches/2.0/wp-includes/template-functions-links.php
r5047 r5058 459 459 460 460 function next_posts($max_page = 0) { 461 echo attribute_escape(get_next_posts_page_link($max_page));461 echo clean_url(get_next_posts_page_link($max_page)); 462 462 } 463 463 … … 496 496 497 497 function previous_posts() { 498 echo attribute_escape(get_previous_posts_page_link());498 echo clean_url(get_previous_posts_page_link()); 499 499 } 500 500
