Changeset 8235

Show
Ignore:
Timestamp:
07/02/08 02:23:12 (3 months ago)
Author:
ryan
Message:

Escaping for Press This. see #7220

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-admin/press-this.php

    r8211 r8235  
    137137    </div> 
    138138         
    139     <p><input type="hidden" name="this_photo" value="<?php echo $image; ?>" id="this_photo" /> 
    140         <a href="#" class="select"><img src="<?php echo $image; ?>" width="475" alt="<?php echo attribute_escape(__('Click to insert.')); ?>" title="<?php echo attribute_escape(__('Click to insert.')); ?>" /></a></p> 
     139    <p><input type="hidden" name="this_photo" value="<?php echo attribute_escape($image); ?>" id="this_photo" /> 
     140        <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" width="475" alt="<?php echo attribute_escape(__('Click to insert.')); ?>" title="<?php echo attribute_escape(__('Click to insert.')); ?>" /></a></p> 
    141141     
    142142    <p id="options"><a href="#" class="select"><?php _e('Insert Image'); ?></a> | <a href="#" class="cancel"><?php _e('Cancel'); ?></a></p> 
     
    172172    <h2 id="embededcode"><label for="embed_code"><?php _e('Embed Code') ?></label></h2> 
    173173    <div class="titlewrap" > 
    174         <textarea name="embed_code" id="embed_code" rows="8" cols="40"><?php echo $selection; ?></textarea> 
     174        <textarea name="embed_code" id="embed_code" rows="8" cols="40"><?php echo format_to_edit($selection); ?></textarea> 
    175175    </div> 
    176176<?php die; 
     
    401401                set_menu('quote'); 
    402402                set_title('<?php _e('Quote') ?>'); 
    403                 set_editor("<blockquote><p><?php echo $selection; ?> </p><p><cite><a href='<?php echo $url; ?>'><?php echo $title; ?> </a> </cite> </p></blockquote>"); 
     403                set_editor("<blockquote><p><?php echo format_to_edit($selection); ?> </p><p><cite><a href='<?php echo $url; ?>'><?php echo $title; ?> </a> </cite> </p></blockquote>"); 
    404404                return false; 
    405405                break; 
     
    421421                    $content = '<object width="400" height="225"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&amp;server=www.vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1" />  <embed src="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&amp;server=www.vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="225"></embed></object>'; 
    422422                     
    423                     if(trim($selection) == '') $selection = '<a href="http://www.vimeo.com/' . $video_id . '?pg=embed&sec=' . $video_id . '">' . $title . '</a> on <a href="http://vimeo.com?pg=embed&sec=' . $video_id . '">Vimeo</a>'; 
    424                     }else { 
     423                    if ( trim($selection) == '' ) 
     424                        $selection = '<a href="http://www.vimeo.com/' . $video_id . '?pg=embed&sec=' . $video_id . '">' . $title . '</a> on <a href="http://vimeo.com?pg=embed&sec=' . $video_id . '">Vimeo</a>'; 
     425                    } else { 
    425426                        $content = $selection; 
    426427                    } ?> 
     
    434435                set_menu('photo'); 
    435436                set_title('<?php _e('Post') ?>'); 
    436                 <?php if($selection) { ?> 
    437                     set_editor("<?php echo $selection; ?>"); 
     437                <?php if ($selection) { ?> 
     438                    set_editor("<?php echo format_to_edit($selection); ?>"); 
    438439                <?php } ?> 
    439440                jQuery('#extra_fields').show(); 
     
    500501            <h2 id="content_type"><label for="content"><?php _e('Post') ?></label></h2> 
    501502            <div class="editor-container"> 
    502                 <textarea name="content" id="content" style="width:100%;" class="mceEditor"><?php if($selection) { ?><a href='<?php echo $url ?>'><?php echo $selection ?></a><?php } else { ?><a href='<?php echo $url ?>'><?php echo $title; ?></a><?php } ?></textarea> 
     503                <textarea name="content" id="content" style="width:100%;" class="mceEditor"><?php if ($selection) { ?><a href='<?php echo $url ?>'><?php echo format_to_edit($selection) ?></a><?php } else { ?><a href='<?php echo $url ?>'><?php echo $title; ?></a><?php } ?></textarea> 
    503504            </div> 
    504505        </div>