Changeset 7823
- Timestamp:
- 04/25/08 06:26:54 (4 months ago)
- Files:
-
- branches/2.5/wp-admin/includes/media.php (modified) (15 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/2.5/wp-admin/includes/media.php
r7819 r7823 633 633 $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type)); 634 634 $type = array_shift($keys); 635 $type = "<input type='hidden' id='type-of-$attachment_id' value=' $type' />";635 $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />"; 636 636 } 637 637 … … 675 675 $delete_href = wp_nonce_url("post.php?action=delete-post&post=$attachment_id", 'delete-post_' . $attachment_id); 676 676 if ( $send ) 677 $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . __('Insert into Post') . "' />";677 $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />"; 678 678 if ( $delete ) 679 679 $delete = "<a href='$delete_href' id='del[$attachment_id]' disabled='disabled' class='delete'>" . __('Delete') . "</button>"; … … 708 708 $item .= $field[$field['input']]; 709 709 elseif ( $field['input'] == 'textarea' ) { 710 $item .= "<textarea type='text' id='$name' name='$name'>" . wp_specialchars($field['value'], 1) . "</textarea>";710 $item .= "<textarea type='text' id='$name' name='$name'>" . attribute_escape( $field['value'] ) . "</textarea>"; 711 711 } else { 712 $item .= "<input type='text' id='$name' name='$name' value='" . wp_specialchars($field['value'], 1) . "' />";712 $item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "' />"; 713 713 } 714 714 if ( !empty($field['helps']) ) … … 738 738 739 739 foreach ( $hidden_fields as $name => $value ) 740 $item .= "\t<input type='hidden' name='$name' id='$name' value='" . wp_specialchars($value, 1) . "' />\n";740 $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n"; 741 741 742 742 return $item; … … 766 766 767 767 ?> 768 <input type='hidden' name='post_id' value='<?php echo $post_id; ?>' />768 <input type='hidden' name='post_id' value='<?php echo (int) $post_id; ?>' /> 769 769 <div id="media-upload-notice"> 770 770 <?php if (isset($errors['upload_notice']) ) { ?> … … 815 815 816 816 <div id="flash-upload-ui"> 817 <p><input id="flash-browse-button" type="button" value="<?php _e('Choose files to upload'); ?>" class="button" /></p>817 <p><input id="flash-browse-button" type="button" value="<?php echo attribute_escape( __( 'Choose files to upload' ) ); ?>" class="button" /></p> 818 818 <p><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p> 819 819 </div> … … 825 825 <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onClick="return top.tb_remove();"><?php _e('Cancel'); ?></a> 826 826 </p> 827 <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />827 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 828 828 <br class="clear" /> 829 829 <?php if ( is_lighttpd_before_150() ): ?> … … 845 845 846 846 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form"> 847 <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />847 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 848 848 <?php wp_nonce_field('media-form'); ?> 849 849 <h3><?php _e('From Computer'); ?></h3> … … 865 865 <?php echo get_media_items( $id, $errors ); ?> 866 866 </div> 867 <input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />867 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" /> 868 868 869 869 <?php elseif ( is_callable($callback) ) : ?> … … 879 879 </div> 880 880 </div> 881 <input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />881 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" /> 882 882 <?php 883 883 endif; … … 912 912 <?php echo get_media_items($post_id, $errors); ?> 913 913 </div> 914 <input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />915 <input type="submit" class="button insert-gallery" name="insert-gallery" value="<?php _e('Insert gallery into post'); ?>" />916 <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />917 <input type="hidden" name="type" value="<?php echo $GLOBALS['type']; ?>" />918 <input type="hidden" name="tab" value="<?php echo $GLOBALS['tab']; ?>" />914 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" /> 915 <input type="submit" class="button insert-gallery" name="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery into post' ) ); ?>" /> 916 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 917 <input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" /> 918 <input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" /> 919 919 </form> 920 920 <?php … … 944 944 <form id="filter" action="" method="get"> 945 945 <input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" /> 946 <input type="hidden" name="tab" value="<?php echo $tab; ?>" />947 <input type="hidden" name="post_id" value="<?php echo $post_id; ?>" />948 <input type="hidden" name="post_mime_type" value="<?php echo wp_specialchars($_GET['post_mime_type'], true); ?>" />946 <input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" /> 947 <input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" /> 948 <input type="hidden" name="post_mime_type" value="<?php echo attribute_escape( $_GET['post_mime_type'] ); ?>" /> 949 949 950 950 <div id="search-filter"> 951 951 <input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" /> 952 <input type="submit" value="<?php _e( 'Search Media'); ?>" class="button" />952 <input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" /> 953 953 </div> 954 954 … … 1024 1024 $default = ''; 1025 1025 1026 echo "<option$default value=' $arc_row->yyear$arc_row->mmonth'>";1027 echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";1026 echo "<option$default value='" . attribute_escape( $arc_row->yyear$arc_row->mmonth ) . "'>"; 1027 echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" ); 1028 1028 echo "</option>\n"; 1029 1029 } … … 1032 1032 <?php } ?> 1033 1033 1034 <input type="submit" id="post-query-submit" value="<?php _e('Filter »'); ?>" class="button-secondary" />1034 <input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter »' ) ); ?>" class="button-secondary" /> 1035 1035 1036 1036 </div> … … 1060 1060 <?php echo get_media_items(null, $errors); ?> 1061 1061 </div> 1062 <input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />1063 <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />1062 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" /> 1063 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 1064 1064 </form> 1065 1065 <?php
