From 2624614452fe02f319ef9c22255b3a1e119a68b1 Mon Sep 17 00:00:00 2001
From: saxmatt <saxmatt@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 5 Oct 2004 06:59:13 +0000
Subject: [PATCH] Input cleanup

git-svn-id: http://svn.automattic.com/wordpress/trunk@1743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/admin-header.php  | 14 --------------
 wp-admin/bookmarklet.php   | 15 +++++----------
 wp-admin/categories.php    |  2 +-
 wp-admin/edit-comments.php |  6 ++----
 wp-admin/edit.php          |  2 +-
 5 files changed, 9 insertions(+), 30 deletions(-)

diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php
index 704e5f1f7..3a107315a 100644
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@@ -41,20 +41,6 @@ if ($standalone == 0) :
 <link rel="stylesheet" href="wp-admin.css" type="text/css" />
 <link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
-<?php
-if ($redirect==1) {
-?>
-<script type="text/javascript">
-<!--
-function redirect() {
-  window.location = "<?php echo $redirect_url; ?>";
-}
-setTimeout("redirect();", 600);
-//-->
-</script>
-<?php
-} // redirect
-?>
 
 <?php if (isset($xfn)) : ?>
 <script type="text/javascript">
diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php
index 4ce32d524..e11a8395a 100644
--- a/wp-admin/bookmarklet.php
+++ b/wp-admin/bookmarklet.php
@@ -1,8 +1,4 @@
 <?php
-/* <Bookmarklet> */
-
-// accepts 'post_title' and 'content' as vars passed in. Add-on from Alex King
-
 $mode = 'bookmarklet';
 
 $standalone = 1;
@@ -23,12 +19,11 @@ window.close()
 </script>
 </head>
 <body></body>
-</html><?php
-
+</html>
+<?php
 } else {
-
-    $popuptitle = stripslashes($popuptitle);
-    $text = stripslashes(urldecode($text));
+    $popuptitle = htmlspecialchars(stripslashes($popuptitle));
+    $text = htmlspecialchars(stripslashes(urldecode($text)));
     
     /* big funky fixes for browsers' javascript bugs */
     
@@ -57,7 +52,7 @@ window.close()
 // and that is what is being included below. For this reason, I am just duplicating
 // the var instead of changing the assignment on the lines above. 
 // -- Alex King 2004-01-07
-    $edited_post_title = $post_title;
+    $edited_post_title = htmlspecialchars($post_title);
 
 // $post_pingback needs to be set in any file that includes edit-form.php
     $post_pingback = get_settings('default_pingback_flag');
diff --git a/wp-admin/categories.php b/wp-admin/categories.php
index f9c026f33..a1d582a0b 100644
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -97,7 +97,7 @@ case 'edit':
     <h2><?php _e('Edit Category') ?></h2>
     <form name="editcat" action="categories.php" method="post">
         <input type="hidden" name="action" value="editedcat" />
-        <input type="hidden" name="cat_ID" value="<?php echo $_GET['cat_ID'] ?>" />
+        <input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" />
         <p><?php _e('Category name:') ?><br />
         <input type="text" name="cat_name" value="<?php echo htmlspecialchars($cat_name); ?>" /></p>
         <p><?php _e('Category parent:') ?><br />
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 7f1171928..c0e4a6f3a 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -28,7 +28,7 @@ function checkAll(form)
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo $s; ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo htmlspecialchars($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
@@ -148,6 +148,4 @@ if ('view' == $mode) {
 
 </div>
 
-<?php 
-include('admin-footer.php');
-?>
+<?php include('admin-footer.php'); ?>
\ No newline at end of file
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index 03529859a..23d389b73 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -65,7 +65,7 @@ if ($drafts || $other_drafts) {
 if ( isset( $_GET['m'] ) ) {
 	echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );
 } elseif ( isset( $_GET['s'] ) ) {
-	printf(__('Search for &#8220;%s&#8221;'), $_GET['s']);
+	printf(__('Search for &#8220;%s&#8221;'), htmlspecialchars($_GET['s']) );
 } else {
 	_e('Last 15 Posts');
 }