From 9ef2afc85b77b913a9cb99ded033dab40a112a9d Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 28 Apr 2009 06:37:51 +0000
Subject: [PATCH] attr escaping. see #9650

git-svn-id: http://svn.automattic.com/wordpress/trunk@11110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/edit-page-form.php     | 32 ++++++++++++++++----------------
 wp-admin/edit-pages.php         |  6 +++---
 wp-admin/edit-tag-form.php      |  4 ++--
 wp-admin/edit-tags.php          |  8 ++++----
 wp-admin/edit.php               | 12 ++++++------
 wp-admin/export.php             |  4 ++--
 wp-admin/install.php            |  6 +++---
 wp-admin/link-manager.php       | 12 ++++++------
 wp-admin/media-upload.php       |  2 +-
 wp-admin/media.php              |  6 +++---
 wp-admin/options-discussion.php | 12 ++++++------
 wp-admin/options-general.php    |  6 +++---
 wp-admin/options-media.php      |  2 +-
 wp-admin/options-misc.php       |  2 +-
 wp-admin/options-permalink.php  |  8 ++++----
 wp-admin/options-privacy.php    |  2 +-
 wp-admin/options-reading.php    |  2 +-
 wp-admin/options-writing.php    |  2 +-
 wp-admin/options.php            |  2 +-
 wp-admin/plugin-editor.php      | 12 ++++++------
 wp-admin/plugins.php            | 10 +++++-----
 wp-admin/press-this.php         | 14 +++++++-------
 wp-admin/sidebar.php            | 10 +++++-----
 wp-admin/theme-editor.php       | 12 ++++++------
 wp-admin/update-core.php        | 12 ++++++------
 wp-admin/upload.php             | 14 +++++++-------
 wp-admin/user-edit.php          | 26 +++++++++++++-------------
 wp-admin/user-new.php           | 12 ++++++------
 wp-admin/users.php              | 14 +++++++-------
 wp-admin/widgets.php            | 12 ++++++------
 30 files changed, 139 insertions(+), 139 deletions(-)
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php
index 1c1c0cbff..3eefdbd44 100644
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -73,9 +73,9 @@ function page_submit_meta_box($post) {
 <div id="minor-publishing-actions">
 <div id="save-action">
 <?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?>
-<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attr( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />
+<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
 <?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
-<input type="submit" name="save" id="save-post" value="<?php echo attr( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />
+<input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
 <?php } ?>
 </div>
 
@@ -124,7 +124,7 @@ switch ( $post->post_status ) {
 <a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
 
 <div id="post-status-select" class="hide-if-js">
-<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo $post->post_status; ?>" />
+<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" />
 <select name='post_status' id='post_status' tabindex='4'>
 <?php if ( 'publish' == $post->post_status ) : ?>
 <option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
@@ -228,19 +228,19 @@ if ( ( 'edit' == $action ) && current_user_can('delete_page', $post->ID) ) { ?>
 if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) { ?>
 <?php if ( $can_publish ) : ?>
 	<?php if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Schedule') ?>" />
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Schedule') ?>" />
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" />
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" />
 	<?php else : ?>
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Publish') ?>" />
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" />
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" />
 	<?php endif; ?>
 <?php else : ?>
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Submit for Review') ?>" />
-	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Submit for Review') ?>" />
+	<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" />
+	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" />
 <?php endif; ?>
 <?php } else { ?>
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Update Page') ?>" />
-	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Update Page') ?>" />
+	<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Page') ?>" />
+	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Page') ?>" />
 <?php } ?>
 </div>
 <div class="clear"></div>
@@ -293,7 +293,7 @@ function page_attributes_meta_box($post){
 	}
 ?>
 <h5><?php _e('Order') ?></h5>
-<p><label class="hidden" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo $post->menu_order ?>" /></p>
+<p><label class="hidden" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo attr($post->menu_order) ?>" /></p>
 <p><?php _e('Pages are usually ordered alphabetically, but you can put a number above to change the order pages appear in. (We know this is a little janky, it&#8217;ll be better in future releases.)'); ?></p>
 <?php
 }
@@ -417,12 +417,12 @@ if (isset($mode) && 'bookmarklet' == $mode)
 	echo '<input type="hidden" name="mode" value="bookmarklet" />';
 ?>
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
-<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo attr($form_action) ?>' />
+<input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
 <input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
 <?php echo $form_extra ?>
-<input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
-<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
+<input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
+<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
 <?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>
 
diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php
index b8eb28b77..95e27c4bc 100644
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -171,7 +171,7 @@ endif;
 <p class="search-box">
 	<label class="hidden" for="page-search-input"><?php _e( 'Search Pages' ); ?>:</label>
 	<input type="text" id="page-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Pages' ); ?>" class="button" />
+	<input type="submit" value="<?php _ea( 'Search Pages' ); ?>" class="button" />
 </p>
 
 <?php if ( isset($_GET['post_status'] ) ) : ?>
@@ -215,7 +215,7 @@ if ( $page_links ) : ?>
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-pages'); ?>
 </div>
 
@@ -254,7 +254,7 @@ if ( $page_links )
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>
 
 <br class="clear" />
diff --git a/wp-admin/edit-tag-form.php b/wp-admin/edit-tag-form.php
index d715d06a6..5390e6e51 100644
--- a/wp-admin/edit-tag-form.php
+++ b/wp-admin/edit-tag-form.php
@@ -20,7 +20,7 @@ do_action('edit_tag_form_pre', $tag); ?>
 <div id="ajax-response"></div>
 <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate">
 <input type="hidden" name="action" value="editedtag" />
-<input type="hidden" name="tag_ID" value="<?php echo $tag->term_id ?>" />
+<input type="hidden" name="tag_ID" value="<?php echo attr($tag->term_id) ?>" />
 <input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy) ?>" />
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?>
 	<table class="form-table">
@@ -40,7 +40,7 @@ do_action('edit_tag_form_pre', $tag); ?>
             <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
 		</tr>
 	</table>
-<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _e('Update Tag'); ?>" /></p>
+<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _ea('Update Tag'); ?>" /></p>
 <?php do_action('edit_tag_form', $tag); ?>
 </form>
 </div>
diff --git a/wp-admin/edit-tags.php b/wp-admin/edit-tags.php
index 11ab38fd7..5d52de1f2 100644
--- a/wp-admin/edit-tags.php
+++ b/wp-admin/edit-tags.php
@@ -160,7 +160,7 @@ endif; ?>
 <p class="search-box">
 	<label class="hidden" for="tag-search-input"><?php _e( 'Search Tags' ); ?>:</label>
 	<input type="text" id="tag-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Tags' ); ?>" class="button" />
+	<input type="submit" value="<?php _ea( 'Search Tags' ); ?>" class="button" />
 </p>
 </form>
 <br class="clear" />
@@ -201,7 +201,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-tags'); ?>
 </div>
 
@@ -244,7 +244,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>
 
 <br class="clear" />
@@ -297,7 +297,7 @@ else
     <p><?php _e('The description is not prominent by default, however some themes may show it.'); ?></p>
 </div>
 
-<p class="submit"><input type="submit" class="button" name="submit" value="<?php _e('Add Tag'); ?>" /></p>
+<p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Tag'); ?>" /></p>
 <?php do_action('add_tag_form'); ?>
 </form></div>
 <?php } ?>
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index 0075299ac..551cfb989 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -166,13 +166,13 @@ endif;
 <p class="search-box">
 	<label class="hidden" for="post-search-input"><?php _e( 'Search Posts' ); ?>:</label>
 	<input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Posts' ); ?>" class="button" />
+	<input type="submit" value="<?php _ea( 'Search Posts' ); ?>" class="button" />
 </p>
 
 <?php if ( isset($_GET['post_status'] ) ) : ?>
 <input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
 <?php endif; ?>
-<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
+<input type="hidden" name="mode" value="<?php echo attr($mode); ?>" />
 
 <?php if ( have_posts() ) { ?>
 
@@ -195,7 +195,7 @@ $page_links = paginate_links( array(
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-posts'); ?>
 
 <?php // view filters
@@ -222,7 +222,7 @@ foreach ($arc_result as $arc_row) {
 	else
 		$default = '';
 
-	echo "<option$default value='$arc_row->yyear$arc_row->mmonth'>";
+	echo "<option$default value='" . attr("$arc_row->yyear$arc_row->mmonth") . "'>";
 	echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
 	echo "</option>\n";
 }
@@ -236,7 +236,7 @@ $dropdown_options = array('show_option_all' => __('View all categories'), 'hide_
 wp_dropdown_categories($dropdown_options);
 do_action('restrict_manage_posts');
 ?>
-<input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
 
 <?php } ?>
 </div>
@@ -275,7 +275,7 @@ if ( $page_links )
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 <br class="clear" />
 </div>
 <br class="clear" />
diff --git a/wp-admin/export.php b/wp-admin/export.php
index dbe1b143c..3f39ff1fb 100644
--- a/wp-admin/export.php
+++ b/wp-admin/export.php
@@ -42,14 +42,14 @@ require_once ('admin-header.php');
 $authors = $wpdb->get_col( "SELECT post_author FROM $wpdb->posts GROUP BY post_author" );
 foreach ( $authors as $id ) {
 	$o = get_userdata( $id );
-	echo "<option value='$o->ID'>$o->display_name</option>";
+	echo "<option value='" . attr($o->ID) . "'>$o->display_name</option>";
 }
 ?>
 </select>
 </td>
 </tr>
 </table>
-<p class="submit"><input type="submit" name="submit" class="button" value="<?php _e('Download Export File'); ?>" />
+<p class="submit"><input type="submit" name="submit" class="button" value="<?php _ea('Download Export File'); ?>" />
 <input type="hidden" name="download" value="true" />
 </p>
 </form>
diff --git a/wp-admin/install.php b/wp-admin/install.php
index 59678f0a6..370c34b19 100644
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -57,18 +57,18 @@ function display_setup_form( $error = null ) {
 	<table class="form-table">
 		<tr>
 			<th scope="row"><label for="weblog_title"><?php _e('Blog Title'); ?></label></th>
-			<td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? $_POST['weblog_title'] : '' ); ?>" /></td>
+			<td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? attr($_POST['weblog_title']) : '' ); ?>" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><label for="admin_email"><?php _e('Your E-mail'); ?></label></th>
-			<td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? $_POST['admin_email'] : '' ); ?>" /><br />
+			<td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? attr($_POST['admin_email']) : '' ); ?>" /><br />
 			<?php _e('Double-check your email address before continuing.'); ?>
 		</tr>
 		<tr>
 			<td colspan="2"><label><input type="checkbox" name="blog_public" value="1"<?php if( isset($_POST) && ! empty($_POST) && isset( $_POST['blog_public'] ) ) : ?> checked="checked"<?php endif; ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
 		</tr>
 	</table>
-	<p class="step"><input type="submit" name="Submit" value="<?php _e('Install WordPress'); ?>" class="button" /></p>
+	<p class="step"><input type="submit" name="Submit" value="<?php _ea('Install WordPress'); ?>" class="button" /></p>
 </form>
 <?php
 }
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index cebb69ca2..2041ea4c8 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -90,7 +90,7 @@ if ( isset($_GET['deleted']) ) {
 <p class="search-box">
 	<label class="hidden" for="link-search-input"><?php _e( 'Search Links' ); ?>:</label>
 	<input type="text" id="link-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Links' ); ?>" class="button" />
+	<input type="submit" value="<?php _ea( 'Search Links' ); ?>" class="button" />
 </p>
 </form>
 <br class="clear" />
@@ -103,14 +103,14 @@ if ( isset($_GET['deleted']) ) {
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 
 <?php
 $categories = get_terms('link_category', "hide_empty=1");
 $select_cat = "<select name=\"cat_id\">\n";
 $select_cat .= '<option value="all"'  . (($cat_id == 'all') ? " selected='selected'" : '') . '>' . __('View all Categories') . "</option>\n";
 foreach ((array) $categories as $cat)
-	$select_cat .= '<option value="' . $cat->term_id . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n";
+	$select_cat .= '<option value="' . attr($cat->term_id) . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n";
 $select_cat .= "</select>\n";
 
 $select_order = "<select name=\"order_by\">\n";
@@ -124,7 +124,7 @@ echo $select_cat;
 echo $select_order;
 
 ?>
-<input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
 
 </div>
 
@@ -190,7 +190,7 @@ if ( $links ) {
 
 			switch($column_name) {
 				case 'cb':
-					echo '<th scope="row" class="check-column"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></th>';
+					echo '<th scope="row" class="check-column"><input type="checkbox" name="linkcheck[]" value="'. attr($link->link_id) .'" /></th>';
 					break;
 				case 'name':
 
@@ -258,7 +258,7 @@ if ( $links ) {
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>
 
 <br class="clear" />
diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php
index 8241a1562..8c8869cd8 100644
--- a/wp-admin/media-upload.php
+++ b/wp-admin/media-upload.php
@@ -78,7 +78,7 @@ if ( isset($_GET['inline']) ) {
 	<?php wp_nonce_field('media-form'); ?>
 	<div id="media-items"> </div>
 	<p>
-	<input type="submit" class="button savebutton" name="save" value="<?php echo attr( __( 'Save all changes' ) ); ?>" />
+	<input type="submit" class="button savebutton" name="save" value="<?php _ea( 'Save all changes' ); ?>" />
 	</p>
 	</form>
 	</div>
diff --git a/wp-admin/media.php b/wp-admin/media.php
index a22da8a4d..a3f676e3b 100644
--- a/wp-admin/media.php
+++ b/wp-admin/media.php
@@ -93,9 +93,9 @@ case 'edit' :
 </div>
 
 <p class="submit">
-<input type="submit" class="button-primary" name="save" value="<?php _e('Update Media'); ?>" />
-<input type="hidden" name="post_id" id="post_id" value="<?php echo isset($post_id) ? $post_id : ''; ?>" />
-<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $att_id; ?>" />
+<input type="submit" class="button-primary" name="save" value="<?php _ea('Update Media'); ?>" />
+<input type="hidden" name="post_id" id="post_id" value="<?php echo isset($post_id) ? attr($post_id) : ''; ?>" />
+<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo attr($att_id); ?>" />
 <input type="hidden" name="action" value="editattachment" />
 <?php wp_original_referer_field(true, 'previous'); ?>
 <?php wp_nonce_field('media-form'); ?>
diff --git a/wp-admin/options-discussion.php b/wp-admin/options-discussion.php
index 32ea8e2ee..383b0792d 100644
--- a/wp-admin/options-discussion.php
+++ b/wp-admin/options-discussion.php
@@ -64,7 +64,7 @@ $maxdeep = (int) apply_filters( 'thread_comments_depth_max', 10 );
 
 $thread_comments_depth = '</label><select name="thread_comments_depth" id="thread_comments_depth">';
 for ( $i = 1; $i <= $maxdeep; $i++ ) {
-	$thread_comments_depth .= "<option value='$i'";
+	$thread_comments_depth .= "<option value='" . attr($i) . "'";
 	if ( get_option('thread_comments_depth') == $i ) $thread_comments_depth .= " selected='selected'";
 	$thread_comments_depth .= ">$i</option>";
 }
@@ -125,7 +125,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
 <tr valign="top">
 <th scope="row"><?php _e('Comment Moderation') ?></th>
 <td><fieldset><legend class="hidden"><?php _e('Comment Moderation') ?></legend>
-<p><label for="comment_max_links"><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" value="' . get_option('comment_max_links'). '" class="small-text" />' ) ?></label></p>
+<p><label for="comment_max_links"><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" value="' . attr(get_option('comment_max_links')) . '" class="small-text" />' ) ?></label></p>
 
 <p><label for="moderation_keys"><?php _e('When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the <a href="edit-comments.php?comment_status=moderated">moderation queue</a>. One word or IP per line. It will match inside words, so "press" will match "WordPress".') ?></label></p>
 <p>
@@ -159,7 +159,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
 	$yesorno = array(0 => __("Don&#8217;t show Avatars"), 1 => __('Show Avatars'));
 	foreach ( $yesorno as $key => $value) {
 		$selected = (get_option('show_avatars') == $key) ? 'checked="checked"' : '';
-		echo "\n\t<label><input type='radio' name='show_avatars' value='$key' $selected/> $value</label><br />";
+		echo "\n\t<label><input type='radio' name='show_avatars' value='" . attr($key) . "' $selected/> $value</label><br />";
 	}
 ?>
 </fieldset></td>
@@ -172,7 +172,7 @@ printf( __('Comments should be displayed with the %s comments at the top of each
 $ratings = array( 'G' => __('G &#8212; Suitable for all audiences'), 'PG' => __('PG &#8212; Possibly offensive, usually for audiences 13 and above'), 'R' => __('R &#8212; Intended for adult audiences above 17'), 'X' => __('X &#8212; Even more mature than above'));
 foreach ($ratings as $key => $rating) :
 	$selected = (get_option('avatar_rating') == $key) ? 'checked="checked"' : '';
-	echo "\n\t<label><input type='radio' name='avatar_rating' value='$key' $selected/> $rating</label><br />";
+	echo "\n\t<label><input type='radio' name='avatar_rating' value='" . attr($key) . "' $selected/> $rating</label><br />";
 endforeach;
 ?>
 
@@ -201,7 +201,7 @@ $size = 32;
 $avatar_list = '';
 foreach ( $avatar_defaults as $default_key => $default_name ) {
 	$selected = ($default == $default_key) ? 'checked="checked" ' : '';
-	$avatar_list .= "\n\t<label><input type='radio' name='avatar_default' id='avatar_{$default_key}' value='{$default_key}' {$selected}/> ";
+	$avatar_list .= "\n\t<label><input type='radio' name='avatar_default' id='avatar_{$default_key}' value='" . attr($default_key)  . "' {$selected}/> ";
 
 	$avatar = get_avatar( $user_email, $size, $default_key );
 	$avatar_list .= preg_replace("/src='(.+?)'/", "src='\$1&amp;forcedefault=1'", $avatar);
@@ -220,7 +220,7 @@ echo apply_filters('default_avatar_select', $avatar_list);
 <?php do_settings_sections('discussion'); ?>
 
 <p class="submit">
-<input type="submit" name="Submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
 </form>
 </div>
diff --git a/wp-admin/options-general.php b/wp-admin/options-general.php
index 2f03acbb6..dc5cc5c75 100644
--- a/wp-admin/options-general.php
+++ b/wp-admin/options-general.php
@@ -120,7 +120,7 @@ foreach ( $offset_range as $offset ) {
 		$selected = " selected='selected'";
 		$current_offset_name = $offset_name;
 	}
-	echo "<option value=\"$offset\"$selected>" . sprintf(__('UTC %s'), $offset_name) . '</option>';
+	echo "<option value=\"" . attr($offset) . "\"$selected>" . sprintf(__('UTC %s'), $offset_name) . '</option>';
 }
 ?>
 </select>
@@ -263,7 +263,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
 <?php
 for ($day_index = 0; $day_index <= 6; $day_index++) :
 	$selected = (get_option('start_of_week') == $day_index) ? 'selected="selected"' : '';
-	echo "\n\t<option value='$day_index' $selected>" . $wp_locale->get_weekday($day_index) . '</option>';
+	echo "\n\t<option value='" . attr($day_index) . "' $selected>" . $wp_locale->get_weekday($day_index) . '</option>';
 endfor;
 ?>
 </select></td>
@@ -274,7 +274,7 @@ endfor;
 <?php do_settings_sections('general'); ?>
 
 <p class="submit">
-<input type="submit" name="Submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
 </form>
 
diff --git a/wp-admin/options-media.php b/wp-admin/options-media.php
index 87a6d0cef..0d5f2e3ef 100644
--- a/wp-admin/options-media.php
+++ b/wp-admin/options-media.php
@@ -65,7 +65,7 @@ include('admin-header.php');
 <?php do_settings_sections('media'); ?>
 
 <p class="submit">
-	<input type="submit" name="Submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+	<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
 
 </form>
diff --git a/wp-admin/options-misc.php b/wp-admin/options-misc.php
index d3d7af0a2..061587bf8 100644
--- a/wp-admin/options-misc.php
+++ b/wp-admin/options-misc.php
@@ -67,7 +67,7 @@ include('admin-header.php');
 <?php do_settings_sections('misc'); ?>
 
 <p class="submit">
-	<input type="submit" name="Submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+	<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
 
 </form>
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php
index 5720e92a3..8eeff74bb 100644
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -151,15 +151,15 @@ $structures = array(
 		<td><code><?php echo get_option('home'); ?>/?p=123</code></td>
 	</tr>
 	<tr>
-		<th><label><input name="selection" type="radio" value="<?php echo $structures[1]; ?>" class="tog" <?php checked($structures[1], $permalink_structure); ?> /> <?php _e('Day and name'); ?></label></th>
+		<th><label><input name="selection" type="radio" value="<?php echo attr($structures[1]); ?>" class="tog" <?php checked($structures[1], $permalink_structure); ?> /> <?php _e('Day and name'); ?></label></th>
 		<td><code><?php echo get_option('home') . $prefix . '/' . date('Y') . '/' . date('m') . '/' . date('d') . '/sample-post/'; ?></code></td>
 	</tr>
 	<tr>
-		<th><label><input name="selection" type="radio" value="<?php echo $structures[2]; ?>" class="tog" <?php checked($structures[2], $permalink_structure); ?> /> <?php _e('Month and name'); ?></label></th>
+		<th><label><input name="selection" type="radio" value="<?php echo attr($structures[2]); ?>" class="tog" <?php checked($structures[2], $permalink_structure); ?> /> <?php _e('Month and name'); ?></label></th>
 		<td><code><?php echo get_option('home') . $prefix . '/' . date('Y') . '/' . date('m') . '/sample-post/'; ?></code></td>
 	</tr>
 	<tr>
-		<th><label><input name="selection" type="radio" value="<?php echo $structures[3]; ?>" class="tog" <?php checked($structures[3], $permalink_structure); ?> /> <?php _e('Numeric'); ?></label></th>
+		<th><label><input name="selection" type="radio" value="<?php echo attr($structures[3]); ?>" class="tog" <?php checked($structures[3], $permalink_structure); ?> /> <?php _e('Numeric'); ?></label></th>
 		<td><code><?php echo get_option('home') . $prefix  ; ?>/archives/123</code></td>
 	</tr>
 	<tr>
@@ -200,7 +200,7 @@ $structures = array(
 <?php do_settings_sections('permalink'); ?>
 
 <p class="submit">
-	<input type="submit" name="submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+	<input type="submit" name="submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
   </form>
 <?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
diff --git a/wp-admin/options-privacy.php b/wp-admin/options-privacy.php
index c46b72083..862681b47 100644
--- a/wp-admin/options-privacy.php
+++ b/wp-admin/options-privacy.php
@@ -39,7 +39,7 @@ include('./admin-header.php');
 <?php do_settings_sections('privacy'); ?>
 
 <p class="submit">
-	<input type="submit" name="Submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+	<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
 </form>
 
diff --git a/wp-admin/options-reading.php b/wp-admin/options-reading.php
index fbd3bca91..e66606038 100644
--- a/wp-admin/options-reading.php
+++ b/wp-admin/options-reading.php
@@ -80,7 +80,7 @@ include('admin-header.php');
 <?php do_settings_sections('reading'); ?>
 
 <p class="submit">
-	<input type="submit" name="Submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+	<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
 </form>
 </div>
diff --git a/wp-admin/options-writing.php b/wp-admin/options-writing.php
index 10b34ef0c..ab148ed22 100644
--- a/wp-admin/options-writing.php
+++ b/wp-admin/options-writing.php
@@ -127,7 +127,7 @@ wp_dropdown_categories(array('hide_empty' => 0, 'name' => 'default_email_categor
 <?php do_settings_sections('writing'); ?>
 
 <p class="submit">
-	<input type="submit" name="Submit" class="button-primary" value="<?php _e('Save Changes') ?>" />
+	<input type="submit" name="Submit" class="button-primary" value="<?php _ea('Save Changes') ?>" />
 </p>
 </form>
 </div>
diff --git a/wp-admin/options.php b/wp-admin/options.php
index 4255047ac..c371fc61c 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -130,7 +130,7 @@ endforeach;
 ?>
   </table>
 <?php $options_to_update = implode(',', $options_to_update); ?>
-<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo attr($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
   </form>
 </div>
 
diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php
index 595edb66d..2b45c518b 100644
--- a/wp-admin/plugin-editor.php
+++ b/wp-admin/plugin-editor.php
@@ -156,7 +156,7 @@ default:
 	}
 ?>
 		</select>
-		<input type="submit" name="Submit" value="<?php _e('Select') ?>" class="button" />
+		<input type="submit" name="Submit" value="<?php _ea('Select') ?>" class="button" />
 	</form>
 </div>
 <div class="tablenav">
@@ -204,11 +204,11 @@ foreach ( $plugin_files as $plugin_file ) :
 	<?php wp_nonce_field('edit-plugin_' . $file) ?>
 		<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
 		<input type="hidden" name="action" value="update" />
-		<input type="hidden" name="file" value="<?php echo $file ?>" />
-		<input type="hidden" name="plugin" value="<?php echo $plugin ?>" />
+		<input type="hidden" name="file" value="<?php echo attr($file) ?>" />
+		<input type="hidden" name="plugin" value="<?php echo attr($plugin) ?>" />
 		</div>
 		<?php if ( count( $functions ) ) : ?>
-		<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attr(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
+		<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value="<?php _ea( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
 		<?php endif; ?>
 <?php if ( is_writeable($real_file) ) : ?>
 	<?php if ( in_array($file, (array) get_option('active_plugins')) ) { ?>
@@ -217,9 +217,9 @@ foreach ( $plugin_files as $plugin_file ) :
 	<p class="submit">
 	<?php
 		if ( isset($_GET['phperror']) )
-			echo "<input type='hidden' name='phperror' value='1' /><input type='submit' name='submit' class='button-primary' value='" . __('Update File and Attempt to Reactivate') . "' tabindex='2' />";
+			echo "<input type='hidden' name='phperror' value='1' /><input type='submit' name='submit' class='button-primary' value='" . _a('Update File and Attempt to Reactivate') . "' tabindex='2' />";
 		else
-			echo "<input type='submit' name='submit' class='button-primary' value='" . __('Update File') . "' tabindex='2' />";
+			echo "<input type='submit' name='submit' class='button-primary' value='" . _a('Update File') . "' tabindex='2' />";
 	?>
 	</p>
 <?php else : ?>
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index bea219f80..f762a7279 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -142,10 +142,10 @@ if ( !empty($action) ) {
 							echo '<input type="hidden" name="checked[]" value="' . attr($plugin) . '" />';
 					?>
 					<?php wp_nonce_field('bulk-manage-plugins') ?>
-					<input type="submit" name="submit" value="<?php _e('Yes, Delete these files') ?>" class="button" />
+					<input type="submit" name="submit" value="<?php _ea('Yes, Delete these files') ?>" class="button" />
 				</form>
 				<form method="post" action="<?php echo clean_url(wp_get_referer()); ?>" style="display:inline;">
-					<input type="submit" name="submit" value="<?php _e('No, Return me to the plugin list') ?>" class="button" />
+					<input type="submit" name="submit" value="<?php _ea('No, Return me to the plugin list') ?>" class="button" />
 				</form>
 
 				<p><a href="#" onclick="jQuery('#files-list').toggle(); return false;"><?php _e('Click to view entire list of files which will be deleted'); ?></a></p>
@@ -413,9 +413,9 @@ function print_plugin_actions($context) {
 			<option value="delete-selected"><?php _e('Delete'); ?></option>
 	<?php endif; ?>
 		</select>
-		<input type="submit" name="doaction_active" value="<?php _e('Apply'); ?>" class="button-secondary action" />
+		<input type="submit" name="doaction_active" value="<?php _ea('Apply'); ?>" class="button-secondary action" />
 	<?php if( 'recent' == $context ) : ?>
-		<input type="submit" name="clear-recent-list" value="<?php _e('Clear List') ?>" class="button-secondary" />
+		<input type="submit" name="clear-recent-list" value="<?php _ea('Clear List') ?>" class="button-secondary" />
 	<?php endif; ?>
 	</div>
 <?php
@@ -426,7 +426,7 @@ function print_plugin_actions($context) {
 <p class="search-box">
 	<label class="hidden" for="plugin-search-input"><?php _e( 'Search Plugins' ); ?>:</label>
 	<input type="text" id="plugin-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Plugins' ); ?>" class="button" />
+	<input type="submit" value="<?php _ea( 'Search Plugins' ); ?>" class="button" />
 </p>
 </form>
 
diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php
index 1517eaa10..24481cb53 100644
--- a/wp-admin/press-this.php
+++ b/wp-admin/press-this.php
@@ -455,11 +455,11 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
 				<h3><?php _e('Publish') ?></h3>
 				<div class="inside">
 					<p>
-						<input class="button" type="submit" name="draft" value="<?php _e('Save Draft') ?>" id="save" />
+						<input class="button" type="submit" name="draft" value="<?php _ea('Save Draft') ?>" id="save" />
 						<?php if ( current_user_can('publish_posts') ) { ?>
-							<input class="button-primary" type="submit" name="publish" value="<?php _e('Publish') ?>" id="publish" />
+							<input class="button-primary" type="submit" name="publish" value="<?php _ea('Publish') ?>" id="publish" />
 						<?php } else { ?>
-							<br /><br /><input class="button-primary" type="submit" name="review" value="<?php _e('Submit for Review') ?>" id="review" />
+							<br /><br /><input class="button-primary" type="submit" name="review" value="<?php _ea('Submit for Review') ?>" id="review" />
 						<?php } ?>
 						<img src="images/loading-publish.gif" alt="" id="saving" style="display:none;" />
 					</p>
@@ -479,9 +479,9 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
 					<div id="category-adder" class="wp-hidden-children">
 						<a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a>
 						<p id="category-add" class="wp-hidden-child">
-							<label class="hidden" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
+							<label class="hidden" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
 							<label class="hidden" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
-							<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _e( 'Add' ); ?>" tabindex="3" />
+							<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _ea( 'Add' ); ?>" tabindex="3" />
 							<?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
 							<span id="category-ajax-response"></span>
 						</p>
@@ -497,8 +497,8 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
 							<label class="hidden" for="newtag"><?php _e('Post Tags'); ?></label>
 							<input type="hidden" name="tax_input[post_tag]" class="the-tags" id="tax-input[post_tag]" value="" />
 							<span class="ajaxtag" style="display:none;">
-								<input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _e('Add new tag'); ?>" />
-								<input type="button" class="button tagadd" value="Add" tabindex="3" />
+								<input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _ea('Add new tag'); ?>" />
+								<input type="button" class="button tagadd" value="<?php _ea('Add'); ?>" tabindex="3" />
 							</span>
 						</p>
 						<div class="tagchecklist"></div>
diff --git a/wp-admin/sidebar.php b/wp-admin/sidebar.php
index 210c0b9bf..ea9c4ea0f 100644
--- a/wp-admin/sidebar.php
+++ b/wp-admin/sidebar.php
@@ -88,10 +88,10 @@ form {
 <form name="post" action="post.php" method="post">
 <div>
 <input type="hidden" name="action" value="post" />
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo attr($user_ID) ?>" />
 <input type="hidden" name="mode" value="sidebar" />
-<input type="hidden" name="ping_status" value="<?php echo $post->ping_status; ?>" />
-<input type="hidden" name="comment_status" value="<?php echo $post->comment_status; ?>" />
+<input type="hidden" name="ping_status" value="<?php echo attr($post->ping_status); ?>" />
+<input type="hidden" name="comment_status" value="<?php echo attr($post->comment_status); ?>" />
 <?php wp_nonce_field('add-post');
 
 if ( 'b' == $_GET['a'] )
@@ -116,9 +116,9 @@ elseif ( 'c' == $_GET['a'] )
 </div>
 
 <p>
-<input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" accesskey="s" class="button" value="<?php _e('Save as Draft'); ?>" />
+<input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" accesskey="s" class="button" value="<?php _ea('Save as Draft'); ?>" />
 <?php if ( current_user_can('publish_posts') ) : ?>
-<input name="publish" type="submit" id="publish" tabindex="6" accesskey="p" value="<?php _e('Publish') ?>" class="button button-highlighted" />
+<input name="publish" type="submit" id="publish" tabindex="6" accesskey="p" value="<?php _ea('Publish') ?>" class="button button-highlighted" />
 <?php endif; ?>
 </p>
 </div>
diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php
index d900499ad..b3a860788 100644
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -94,7 +94,7 @@ default:
 			$functions = wp_doc_link_parse( $content );
 
 			$docs_select = '<select name="docs-list" id="docs-list">';
-			$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
+			$docs_select .= '<option value="">' . _a( 'Function Name...' ) . '</option>';
 			foreach ( $functions as $function ) {
 				$docs_select .= '<option value="' . urlencode( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
 			}
@@ -130,7 +130,7 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
 }
 ?>
 		</select>
-		<input type="submit" name="Submit" value="<?php _e('Select') ?>" class="button" />
+		<input type="submit" name="Submit" value="<?php _ea('Select') ?>" class="button" />
 	</form>
 </div>
 <div class="tablenav">
@@ -199,14 +199,14 @@ if ($allowed_files) :
 	<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
 		 <input type="hidden" name="action" value="update" />
-		 <input type="hidden" name="file" value="<?php echo $file ?>" />
-		 <input type="hidden" name="theme" value="<?php echo $theme ?>" />
+		 <input type="hidden" name="file" value="<?php echo attr($file) ?>" />
+		 <input type="hidden" name="theme" value="<?php echo attr($theme) ?>" />
 		 </div>
 	<?php if ( isset($functions ) && count($functions) ) { ?>
 		<div id="documentation">
 		<label for="docs-list"><?php _e('Documentation:') ?></label>
 		<?php echo $docs_select; ?>
-		<input type="button" class="button" value=" <?php _e( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" />
+		<input type="button" class="button" value=" <?php _ea( 'Lookup' ); ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" />
 		</div>
 	<?php } ?>
 
@@ -214,7 +214,7 @@ if ($allowed_files) :
 <?php if ( is_writeable($real_file) ) : ?>
 			<p class="submit">
 <?php
-	echo "<input type='submit' name='submit' class='button-primary' value='" . __('Update File') . "' tabindex='2' />";
+	echo "<input type='submit' name='submit' class='button-primary' value='" . _a('Update File') . "' tabindex='2' />";
 ?>
 </p>
 <?php else : ?>
diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php
index 952dd04ed..09a85621a 100644
--- a/wp-admin/update-core.php
+++ b/wp-admin/update-core.php
@@ -40,15 +40,15 @@ function list_core_update( $update ) {
 	echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">';
 	wp_nonce_field('upgrade-core');
 	echo '<p>';
-	echo '<input id="upgrade" class="button" type="submit" value="' . $submit . '" name="upgrade" />&nbsp;';
-	echo '<input name="version" value="'.$update->current.'" type="hidden"/>';
-	echo '<input name="locale" value="'.$update->locale.'" type="hidden"/>';
-	echo '<a href="' . $update->package . '" class="button">' . $download . '</a>&nbsp;';
+	echo '<input id="upgrade" class="button" type="submit" value="' . attr($submit) . '" name="upgrade" />&nbsp;';
+	echo '<input name="version" value="'. attr($update->current) .'" type="hidden"/>';
+	echo '<input name="locale" value="'. attr($update->locale) .'" type="hidden"/>';
+	echo '<a href="' . clean_url($update->package) . '" class="button">' . $download . '</a>&nbsp;';
 	if ( 'en_US' != $update->locale )
 		if ( !isset( $update->dismissed ) || !$update->dismissed )
-			echo '<input id="dismiss" class="button" type="submit" value="' . attr(__('Hide this update')) . '" name="dismiss" />';
+			echo '<input id="dismiss" class="button" type="submit" value="' . _a('Hide this update') . '" name="dismiss" />';
 		else
-			echo '<input id="undismiss" class="button" type="submit" value="' . attr(__('Bring back this update')) . '" name="undismiss" />';
+			echo '<input id="undismiss" class="button" type="submit" value="' . _a('Bring back this update') . '" name="undismiss" />';
 	echo '</p>';
 	echo '</form>';
 
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index a5593d0c9..29c29ee07 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -211,7 +211,7 @@ unset($type_links);
 <p class="search-box">
 	<label class="hidden" for="media-search-input"><?php _e( 'Search Media' ); ?>:</label>
 	<input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Media' ); ?>" class="button" />
+	<input type="submit" value="<?php _ea( 'Search Media' ); ?>" class="button" />
 </p>
 </form>
 
@@ -247,7 +247,7 @@ if ( $page_links ) : ?>
 <option value="attach"><?php _e('Attach to a post'); ?></option>
 <?php } ?>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-media'); ?>
 
 <?php
@@ -272,7 +272,7 @@ foreach ($arc_result as $arc_row) {
 	else
 		$default = '';
 
-	echo "<option$default value='$arc_row->yyear$arc_row->mmonth'>";
+	echo "<option$default value='" . attr("$arc_row->yyear$arc_row->mmonth") . "'>";
 	echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
 	echo "</option>\n";
 }
@@ -280,12 +280,12 @@ foreach ($arc_result as $arc_row) {
 </select>
 <?php endif; // month_count ?>
 
-<input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
 
 <?php } // ! is_singular ?>
 
 <?php if ( isset($_GET['detached']) ) { ?>
-	<input type="submit" id="find_detached" name="find_detached" value="<?php _e('Scan for lost attachments'); ?>" class="button-secondary" />
+	<input type="submit" id="find_detached" name="find_detached" value="<?php _ea('Scan for lost attachments'); ?>" class="button-secondary" />
 <?php } ?>
 
 </div>
@@ -325,7 +325,7 @@ foreach ($arc_result as $arc_row) {
 			$att_title = wp_specialchars( _draft_or_post_title($post->ID) );
 ?>
 	<tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
-		<th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo $post->ID; ?>" /></th>
+		<th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo attr($post->ID); ?>" /></th>
 
 		<td class="media-icon"><?php
 		if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?>
@@ -403,7 +403,7 @@ if ( $page_links )
 <option value="attach"><?php _e('Attach to a post'); ?></option>
 <?php } ?>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>
 
 <br class="clear" />
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index b9bad3335..524ba31e7 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -215,7 +215,7 @@ $current_color = get_user_option('admin_color', $user_id);
 if ( empty($current_color) )
 	$current_color = 'fresh';
 foreach ( $_wp_admin_css_colors as $color => $color_info ): ?>
-<div class="color-option"><input name="admin_color" id="admin_color_<?php echo $color; ?>" type="radio" value="<?php echo $color ?>" class="tog" <?php checked($color, $current_color); ?> />
+<div class="color-option"><input name="admin_color" id="admin_color_<?php echo $color; ?>" type="radio" value="<?php echo attr($color) ?>" class="tog" <?php checked($color, $current_color); ?> />
 	<table class="color-palette">
 	<tr>
 	<?php foreach ( $color_info->colors as $html_color ): ?>
@@ -248,7 +248,7 @@ do_action('personal_options', $profileuser);
 <table class="form-table">
 	<tr>
 		<th><label for="user_login"><?php _e('Username'); ?></label></th>
-		<td><input type="text" name="user_login" id="user_login" value="<?php echo $profileuser->user_login; ?>" disabled="disabled" class="regular-text" /> <?php _e('Your username cannot be changed.'); ?></td>
+		<td><input type="text" name="user_login" id="user_login" value="<?php echo attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <?php _e('Your username cannot be changed.'); ?></td>
 	</tr>
 
 <?php if ( !$is_profile_page ): ?>
@@ -274,17 +274,17 @@ else
 
 <tr>
 	<th><label for="first_name"><?php _e('First name') ?></label></th>
-	<td><input type="text" name="first_name" id="first_name" value="<?php echo $profileuser->first_name ?>" class="regular-text" /></td>
+	<td><input type="text" name="first_name" id="first_name" value="<?php echo attr($profileuser->first_name) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
 	<th><label for="last_name"><?php _e('Last name') ?></label></th>
-	<td><input type="text" name="last_name" id="last_name" value="<?php echo $profileuser->last_name ?>" class="regular-text" /></td>
+	<td><input type="text" name="last_name" id="last_name" value="<?php echo attr($profileuser->last_name) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
 	<th><label for="nickname"><?php _e('Nickname') ?></label></th>
-	<td><input type="text" name="nickname" id="nickname" value="<?php echo $profileuser->nickname ?>" class="regular-text" /></td>
+	<td><input type="text" name="nickname" id="nickname" value="<?php echo attr($profileuser->nickname) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
@@ -303,7 +303,7 @@ else
 			$public_display = array_map( 'trim', $public_display );
 			foreach ( $public_display as $id => $item ) {
 		?>
-			<option id="<?php echo $id; ?>" value="<?php echo $item; ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option>
+			<option id="<?php echo $id; ?>" value="<?php echo attr($item); ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option>
 		<?php
 			}
 		?>
@@ -317,27 +317,27 @@ else
 <table class="form-table">
 <tr>
 	<th><label for="email"><?php _e('E-mail') ?></label></th>
-	<td><input type="text" name="email" id="email" value="<?php echo $profileuser->user_email ?>" class="regular-text" /> <?php _e('Required.');?></td>
+	<td><input type="text" name="email" id="email" value="<?php echo attr($profileuser->user_email) ?>" class="regular-text" /> <?php _e('Required.');?></td>
 </tr>
 
 <tr>
 	<th><label for="url"><?php _e('Website') ?></label></th>
-	<td><input type="text" name="url" id="url" value="<?php echo $profileuser->user_url ?>" class="regular-text code" /></td>
+	<td><input type="text" name="url" id="url" value="<?php echo attr($profileuser->user_url) ?>" class="regular-text code" /></td>
 </tr>
 
 <tr>
 	<th><label for="aim"><?php echo apply_filters('user_aim_label', __('AIM')); ?></label></th>
-	<td><input type="text" name="aim" id="aim" value="<?php echo $profileuser->aim ?>" class="regular-text" /></td>
+	<td><input type="text" name="aim" id="aim" value="<?php echo attr($profileuser->aim) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
 	<th><label for="yim"><?php echo apply_filters('user_yim_label', __('Yahoo IM')); ?></label></th>
-	<td><input type="text" name="yim" id="yim" value="<?php echo $profileuser->yim ?>" class="regular-text" /></td>
+	<td><input type="text" name="yim" id="yim" value="<?php echo attr($profileuser->yim) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
 	<th><label for="jabber"><?php echo apply_filters('user_jabber_label', __('Jabber / Google Talk')); ?></label></th>
-	<td><input type="text" name="jabber" id="jabber" value="<?php echo $profileuser->jabber ?>" class="regular-text" /></td>
+	<td><input type="text" name="jabber" id="jabber" value="<?php echo attr($profileuser->jabber) ?>" class="regular-text" /></td>
 </tr>
 </table>
 
@@ -395,8 +395,8 @@ if ( $show_password_fields ) :
 
 <p class="submit">
 	<input type="hidden" name="action" value="update" />
-	<input type="hidden" name="user_id" id="user_id" value="<?php echo $user_id; ?>" />
-	<input type="submit" class="button-primary" value="<?php $is_profile_page? _e('Update Profile') : _e('Update User') ?>" name="submit" />
+	<input type="hidden" name="user_id" id="user_id" value="<?php echo attr($user_id); ?>" />
+	<input type="submit" class="button-primary" value="<?php $is_profile_page? _ea('Update Profile') : _ea('Update User') ?>" name="submit" />
 </p>
 </form>
 </div>
diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php
index fe563363a..c2b1e6317 100644
--- a/wp-admin/user-new.php
+++ b/wp-admin/user-new.php
@@ -91,23 +91,23 @@ foreach ( array('user_login' => 'login', 'first_name' => 'firstname', 'last_name
 <table class="form-table">
 	<tr class="form-field form-required">
 		<th scope="row"><label for="user_login"><?php _e('Username (required)') ?></label><input name="action" type="hidden" id="action" value="adduser" /></th>
-		<td ><input name="user_login" type="text" id="user_login" value="<?php echo $new_user_login; ?>" aria-required="true" /></td>
+		<td ><input name="user_login" type="text" id="user_login" value="<?php echo attr($new_user_login); ?>" aria-required="true" /></td>
 	</tr>
 	<tr class="form-field">
 		<th scope="row"><label for="first_name"><?php _e('First Name') ?> </label></th>
-		<td><input name="first_name" type="text" id="first_name" value="<?php echo $new_user_firstname; ?>" /></td>
+		<td><input name="first_name" type="text" id="first_name" value="<?php echo attr($new_user_firstname); ?>" /></td>
 	</tr>
 	<tr class="form-field">
 		<th scope="row"><label for="last_name"><?php _e('Last Name') ?> </label></th>
-		<td><input name="last_name" type="text" id="last_name" value="<?php echo $new_user_lastname; ?>" /></td>
+		<td><input name="last_name" type="text" id="last_name" value="<?php echo attr($new_user_lastname); ?>" /></td>
 	</tr>
 	<tr class="form-field form-required">
 		<th scope="row"><label for="email"><?php _e('E-mail (required)') ?></label></th>
-		<td><input name="email" type="text" id="email" value="<?php echo $new_user_email; ?>" /></td>
+		<td><input name="email" type="text" id="email" value="<?php echo attr($new_user_email); ?>" /></td>
 	</tr>
 	<tr class="form-field">
 		<th scope="row"><label for="url"><?php _e('Website') ?></label></th>
-		<td><input name="url" type="text" id="url" class="code" value="<?php echo $new_user_uri; ?>" /></td>
+		<td><input name="url" type="text" id="url" class="code" value="<?php echo attr($new_user_uri); ?>" /></td>
 	</tr>
 
 <?php if ( apply_filters('show_password_fields', true) ) : ?>
@@ -132,7 +132,7 @@ foreach ( array('user_login' => 'login', 'first_name' => 'firstname', 'last_name
 	</tr>
 </table>
 <p class="submit">
-	<input name="adduser" type="submit" id="addusersub" class="button-primary" value="<?php _e('Add User') ?>" />
+	<input name="adduser" type="submit" id="addusersub" class="button-primary" value="<?php _ea('Add User') ?>" />
 </p>
 </form>
 
diff --git a/wp-admin/users.php b/wp-admin/users.php
index cf696645f..9cd069cf5 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -149,7 +149,7 @@ case 'delete':
 		if ( $id == $current_user->ID ) {
 			echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
 		} else {
-			echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
+			echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
 			$go_delete = true;
 		}
 	}
@@ -157,7 +157,7 @@ case 'delete':
 	$user_dropdown = '<select name="reassign_user">';
 	foreach ( (array) $all_logins as $login )
 		if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) )
-			$user_dropdown .= "<option value=\"{$login->ID}\">{$login->user_login}</option>";
+			$user_dropdown .= "<option value=\"" . attr($login->ID) . "\">{$login->user_login}</option>";
 	$user_dropdown .= '</select>';
 	?>
 	</ul>
@@ -170,7 +170,7 @@ case 'delete':
 		<?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li>
 	</ul></fieldset>
 	<input type="hidden" name="action" value="dodelete" />
-	<p class="submit"><input type="submit" name="submit" value="<?php _e('Confirm Deletion'); ?>" class="button-secondary" /></p>
+	<p class="submit"><input type="submit" name="submit" value="<?php _ea('Confirm Deletion'); ?>" class="button-secondary" /></p>
 <?php else : ?>
 	<p><?php _e('There are no valid users selected for deletion.'); ?></p>
 <?php endif; ?>
@@ -292,7 +292,7 @@ unset($role_links);
 <p class="search-box">
 	<label class="hidden" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label>
 	<input type="text" id="user-search-input" name="usersearch" value="<?php echo attr($wp_user_search->search_term); ?>" />
-	<input type="submit" value="<?php _e( 'Search Users' ); ?>" class="button" />
+	<input type="submit" value="<?php _ea( 'Search Users' ); ?>" class="button" />
 </p>
 </form>
 
@@ -308,9 +308,9 @@ unset($role_links);
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <label class="hidden" for="new_role"><?php _e('Change role to&hellip;') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to&hellip;') ?></option><?php wp_dropdown_roles(); ?></select>
-<input type="submit" value="<?php _e('Change'); ?>" name="changeit" class="button-secondary" />
+<input type="submit" value="<?php _ea('Change'); ?>" name="changeit" class="button-secondary" />
 <?php wp_nonce_field('bulk-users'); ?>
 </div>
 
@@ -374,7 +374,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>
 
 <br class="clear" />
diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php
index 3d3501c2f..00ff9ada0 100644
--- a/wp-admin/widgets.php
+++ b/wp-admin/widgets.php
@@ -262,7 +262,7 @@ if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) {
 		<div class="widget-position">
 		<table class="widefat"><thead><tr><th><?php _e('Sidebar'); ?></th><th><?php _e('Position'); ?></th></tr></thead><tbody>
 <?php	foreach ( $wp_registered_sidebars as $sbname => $sbvalue ) {
-			echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='$sbname'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>";
+			echo "\t\t<tr><td><label><input type='radio' name='insidebar' value='" . attr($sbname) . "'" . checked( $sbname, $sidebar, false ) . " /> $sbvalue[name]</label></td><td>";
 			if ( 'wp_inactive_widgets' == $sbname ) {
 				echo '&nbsp;';
 			} else {
@@ -292,12 +292,12 @@ if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) {
 <?php	if ( isset($_GET['addnew']) ) { ?>
 		<a href="widgets.php" class="button alignleft"><?php _e('Cancel'); ?></a>
 <?php	} else { ?>
-		<input type="submit" name="removewidget" class="button alignleft" value="<?php _e('Remove'); ?>" />
+		<input type="submit" name="removewidget" class="button alignleft" value="<?php _ea('Remove'); ?>" />
 <?php	} ?>
-		<input type="submit" name="savewidget" class="button-primary alignright" value="<?php _e('Save Widget'); ?>" />
-		<input type="hidden" name="widget-id" class="widget-id" value="<?php echo $widget_id; ?>" />
-		<input type="hidden" name="id_base" class="id_base" value="<?php echo $id_base; ?>" />
-		<input type="hidden" name="multi_number" class="multi_number" value="<?php echo $multi_number; ?>" />
+		<input type="submit" name="savewidget" class="button-primary alignright" value="<?php _ea('Save Widget'); ?>" />
+		<input type="hidden" name="widget-id" class="widget-id" value="<?php echo attr($widget_id); ?>" />
+		<input type="hidden" name="id_base" class="id_base" value="<?php echo attr($id_base); ?>" />
+		<input type="hidden" name="multi_number" class="multi_number" value="<?php echo attr($multi_number); ?>" />
 <?php	wp_nonce_field("save-delete-widget-$widget_id"); ?>
 		</div>
 		</form>


$sbvalue[name]	"; + echo "\t\t
$sbvalue[name]	"; if ( 'wp_inactive_widgets' == $sbname ) { echo ' '; } else { @@ -292,12 +292,12 @@ if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) { - + - - - - + + + +