diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index e39ca492a..f07d46767 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -370,7 +370,7 @@ function get_default_post_to_edit() {
else if ( !empty( $post_title ) ) {
$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
$text = funky_javascript_fix( $text);
- $popupurl = attribute_escape($_REQUEST['popupurl']);
+ $popupurl = clean_url($_REQUEST['popupurl']);
$post_content = ''.$post_title.''."\n$text";
}
@@ -429,7 +429,7 @@ function get_user_to_edit( $user_id ) {
$user = new WP_User( $user_id );
$user->user_login = attribute_escape($user->user_login);
$user->user_email = attribute_escape($user->user_email);
- $user->user_url = attribute_escape($user->user_url);
+ $user->user_url = clean_url($user->user_url);
$user->first_name = attribute_escape($user->first_name);
$user->last_name = attribute_escape($user->last_name);
$user->display_name = attribute_escape($user->display_name);
@@ -574,11 +574,11 @@ function edit_user( $user_id = 0 ) {
function get_link_to_edit( $link_id ) {
$link = get_link( $link_id );
- $link->link_url = attribute_escape($link->link_url);
+ $link->link_url = clean_url($link->link_url);
$link->link_name = attribute_escape($link->link_name);
$link->link_image = attribute_escape($link->link_image);
$link->link_description = attribute_escape($link->link_description);
- $link->link_rss = attribute_escape($link->link_rss);
+ $link->link_rss = clean_url($link->link_rss);
$link->link_rel = attribute_escape($link->link_rel);
$link->link_notes = wp_specialchars($link->link_notes);
$link->post_category = $link->link_category;
@@ -588,7 +588,7 @@ function get_link_to_edit( $link_id ) {
function get_default_link_to_edit() {
if ( isset( $_GET['linkurl'] ) )
- $link->link_url = attribute_escape( $_GET['linkurl']);
+ $link->link_url = clean_url( $_GET['linkurl']);
else
$link->link_url = '';
@@ -879,7 +879,7 @@ function user_row( $user_object, $style = '' ) {
}
$r .= "\n\t\t| ";
if ( current_user_can( 'edit_user', $user_object->ID ) ) {
- $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
+ $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
$r .= "".__( 'Edit' )."";
}
$r .= " | \n\t";
diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php
index cd2b542c7..e84b5d9d0 100644
--- a/wp-admin/bookmarklet.php
+++ b/wp-admin/bookmarklet.php
@@ -37,7 +37,7 @@ else
$content = wp_specialchars($_REQUEST['content']);
-$popupurl = attribute_escape($_REQUEST['popupurl']);
+$popupurl = clean_url($_REQUEST['popupurl']);
if ( !empty($content) ) {
$post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
} else {
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index d3de2c52e..9307b9034 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -101,7 +101,7 @@ $total_pages = ceil( $total / 20 );
$r = '';
if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
- $r .= '« '. __('Previous Page') .'' . "\n";
+ $r .= '« '. __('Previous Page') .'' . "\n";
}
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -111,7 +111,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
$p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
- $r .= '' . ( $page_num ) . "\n";
+ $r .= '' . ( $page_num ) . "\n";
$in = true;
elseif ( $in == true ) :
$r .= "...\n";
@@ -122,7 +122,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
}
if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1;
- $r .= ''. __('Next Page') .' »' . "\n";
+ $r .= ''. __('Next Page') .' »' . "\n";
}
echo "$r
";
?>
@@ -248,7 +248,7 @@ $total_pages = ceil( $total / 20 );
$r = '';
if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
- $r .= '« '. __('Previous Page') .'' . "\n";
+ $r .= '« '. __('Previous Page') .'' . "\n";
}
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -258,7 +258,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
$p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
- $r .= '' . ( $page_num ) . "\n";
+ $r .= '' . ( $page_num ) . "\n";
$in = true;
elseif ( $in == true ) :
$r .= "...\n";
@@ -269,7 +269,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
}
if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1;
- $r .= ''. __('Next Page') .' »' . "\n";
+ $r .= ''. __('Next Page') .' »' . "\n";
}
echo "$r
";
?>
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index 520bfbd68..cdf467a47 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -168,11 +168,11 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
?>
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php
index 78e9588a1..f55f73351 100644
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -13,7 +13,7 @@ if (0 == $post_ID) {
$form_extra = "";
}
-$sendto = attribute_escape(stripslashes(wp_get_referer()));
+$sendto = clean_url(stripslashes(wp_get_referer()));
if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
$sendto = 'redo';
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 430b5f6c7..b8cc2a981 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -133,7 +133,7 @@ if ( $links ) {
foreach ($links as $link) {
$link->link_name = attribute_escape(apply_filters('link_title', $link->link_name));
$link->link_description = wp_specialchars(apply_filters('link_description', $link->link_description));
- $link->link_url = attribute_escape($link->link_url);
+ $link->link_url = clean_url($link->link_url);
$link->link_category = wp_get_link_cats($link->link_id);
$short_url = str_replace('http://', '', $link->link_url);
$short_url = str_replace('www.', '', $short_url);
diff --git a/wp-admin/page.php b/wp-admin/page.php
index bb4cf27f2..e6c041f7c 100644
--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@@ -64,7 +64,7 @@ case 'edit':
?>
-
+
-
+
@@ -49,7 +49,7 @@ switch($step) :
if ( empty( $_GET['backto'] ) )
$backto = __get_option('home') . '/';
else
- $backto = attribute_escape(stripslashes($_GET['backto']));
+ $backto = clean_url(stripslashes($_GET['backto']));
?>
diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php
index 1f79fb72a..45fece481 100644
--- a/wp-admin/upload-functions.php
+++ b/wp-admin/upload-functions.php
@@ -83,9 +83,9 @@ function wp_upload_view() {
echo '[ ';
echo '' . __('view') . '';
echo ' | ';
- echo '' . __('edit') . '';
+ echo '' . __('edit') . '';
echo ' | ';
- echo '' . __('cancel') . '';
+ echo '' . __('cancel') . '';
echo ' ]'; ?>
@@ -123,9 +123,9 @@ function wp_upload_form() {
echo '[ ';
echo '' . __('view') . '';
echo ' | ';
- echo '' . __('links') . '';
+ echo '' . __('links') . '';
echo ' | ';
- echo '' . __('cancel') . '';
+ echo '' . __('cancel') . '';
echo ' ]'; ?>
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index f592edba3..562272cc3 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -90,7 +90,7 @@ foreach ( $wp_upload_tabs as $t => $tab_array ) { // We've already done the curr
$href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') );
if ( isset($tab_array[4]) && is_array($tab_array[4]) )
add_query_arg( $tab_array[4], $href );
- $_href = attribute_escape( $href);
+ $_href = clean_url( $href);
$page_links = '';
$class = 'upload-tab alignleft';
if ( $tab == $t ) {
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index b2c19699f..b6ab11992 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -55,7 +55,7 @@ include ('admin-header.php');
diff --git a/wp-includes/bookmark-template.php b/wp-includes/bookmark-template.php
index 65e38aa53..4249f7fc9 100644
--- a/wp-includes/bookmark-template.php
+++ b/wp-includes/bookmark-template.php
@@ -96,7 +96,7 @@ function get_links($category = -1,
$output .= get_option('links_recently_updated_prepend');
$the_link = '#';
if ( !empty($row->link_url) )
- $the_link = wp_specialchars($row->link_url);
+ $the_link = clean_url($row->link_url);
$rel = $row->link_rel;
if ( '' != $rel )
$rel = ' rel="' . $rel . '"';
@@ -260,7 +260,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
$the_link = '#';
if ( !empty($bookmark->link_url) )
- $the_link = wp_specialchars($bookmark->link_url);
+ $the_link = clean_url($bookmark->link_url);
$rel = $bookmark->link_rel;
if ( '' != $rel )
diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index 6bdf060fa..2d0243bcc 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -169,7 +169,7 @@ function sanitize_comment_cookies() {
if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
$comment_author_url = stripslashes($comment_author_url);
- $comment_author_url = attribute_escape($comment_author_url);
+ $comment_author_url = clean_url($comment_author_url);
$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
}
}
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 3b571bce5..32e9096ad 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -1272,7 +1272,7 @@ function wp_nonce_ays($action) {
$adminurl = get_option('siteurl') . '/wp-admin';
if ( wp_get_referer() )
- $adminurl = attribute_escape(wp_get_referer());
+ $adminurl = clean_url(wp_get_referer());
$title = __('WordPress Confirmation');
// Remove extra layer of slashes.
@@ -1289,7 +1289,7 @@ function wp_nonce_ays($action) {
$html .= "\t\t\n";
$html .= "\t\t\n\t\t
" . wp_specialchars(wp_explain_nonce($action)) . "
\n\t\t
" . __('No') . "
\n\t\t
\n