diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index ecd13bbd7..fdfe5c78f 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -141,7 +141,7 @@ case 'add-cat' : // From Manage->Categories $cat_full_name = $_cat->cat_name . ' — ' . $cat_full_name; $level++; } - $cat_full_name = attribute_escape( $cat_full_name); + $cat_full_name = attribute_escape($cat_full_name); $x = new WP_Ajax_Response( array( 'what' => 'cat', diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 6a2f6ee32..d260b5823 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -380,17 +380,17 @@ function wp_dropdown_roles( $default = false ) { function get_user_to_edit( $user_id ) { $user = new WP_User( $user_id ); - $user->user_login = attribute_escape( $user->user_login); - $user->user_email = attribute_escape( $user->user_email); - $user->user_url = attribute_escape( $user->user_url); - $user->first_name = attribute_escape( $user->first_name); - $user->last_name = attribute_escape( $user->last_name); - $user->display_name = attribute_escape( $user->display_name); - $user->nickname = attribute_escape( $user->nickname); - $user->aim = attribute_escape( $user->aim); - $user->yim = attribute_escape( $user->yim); - $user->jabber = attribute_escape( $user->jabber); - $user->description = wp_specialchars( $user->description ); + $user->user_login = attribute_escape($user->user_login); + $user->user_email = attribute_escape($user->user_email); + $user->user_url = attribute_escape($user->user_url); + $user->first_name = attribute_escape($user->first_name); + $user->last_name = attribute_escape($user->last_name); + $user->display_name = attribute_escape($user->display_name); + $user->nickname = attribute_escape($user->nickname); + $user->aim = attribute_escape($user->aim); + $user->yim = attribute_escape($user->yim); + $user->jabber = attribute_escape($user->jabber); + $user->description = wp_specialchars($user->description); return $user; } @@ -527,14 +527,14 @@ function edit_user( $user_id = 0 ) { function get_link_to_edit( $link_id ) { $link = get_link( $link_id ); - $link->link_url = attribute_escape( $link->link_url); - $link->link_name = attribute_escape( $link->link_name); - $link->link_image = attribute_escape( $link->link_image); - $link->link_description = attribute_escape( $link->link_description); - $link->link_notes = wp_specialchars( $link->link_notes ); - $link->link_rss = attribute_escape( $link->link_rss); - $link->link_rel = attribute_escape( $link->link_rel); - $link->post_category = $link->link_category; + $link->link_url = attribute_escape($link->link_url); + $link->link_name = attribute_escape($link->link_name); + $link->link_image = attribute_escape($link->link_image); + $link->link_description = attribute_escape($link->link_description); + $link->link_rss = attribute_escape($link->link_rss); + $link->link_rel = attribute_escape($link->link_rel); + $link->link_notes = wp_specialchars($link->link_notes); + $link->post_category = $link->link_category; return $link; } @@ -911,8 +911,8 @@ function list_meta( $meta ) { } $key_js = js_escape( $entry['meta_key'] ); - $entry['meta_key'] = attribute_escape( $entry['meta_key']); - $entry['meta_value'] = attribute_escape( $entry['meta_value']); + $entry['meta_key'] = attribute_escape($entry['meta_key']); + $entry['meta_value'] = attribute_escape($entry['meta_value']); $r .= "\n\t"; $r .= "\n\t\t"; $r .= "\n\t\t"; diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php index 0bdad590c..5e6c8c829 100644 --- a/wp-admin/upload-functions.php +++ b/wp-admin/upload-functions.php @@ -7,7 +7,7 @@ function wp_upload_display( $dims = false, $href = '' ) { list($width,$height) = wp_shrink_dimensions($attachment_data['width'], $attachment_data['height'], 171, 128); ob_start(); the_title(); - $post_title = attribute_escape( ob_get_contents()); + $post_title = attribute_escape(ob_get_contents()); ob_end_clean(); $post_content = apply_filters( 'content_edit_pre', $post->post_content ); @@ -71,9 +71,9 @@ function wp_upload_view() { echo '[ '; echo '' . __('view') . ''; echo ' | '; - echo '' . __('edit') . ''; + echo '' . __('edit') . ''; echo ' | '; - echo '' . __('cancel') . ''; + echo '' . __('cancel') . ''; echo ' ]'; ?> @@ -111,9 +111,9 @@ function wp_upload_form() { echo '[ '; echo '' . __('view') . ''; echo ' | '; - echo '' . __('links') . ''; + echo '' . __('links') . ''; echo ' | '; - echo '' . __('cancel') . ''; + echo '' . __('cancel') . ''; echo ' ]'; ?> diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index a4ff44ff1..575d010f2 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1081,7 +1081,7 @@ function js_escape($text) { return preg_replace("/\r?\n/", "\\n", addslashes($text)); } -// Escaping for HTML attributes like +// Escaping for HTML attributes function attribute_escape($text) { return wp_specialchars($text, true); } diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 556df29d9..b3ed5b529 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -231,7 +231,7 @@ function get_option($setting) { } function form_option($option) { - echo attribute_escape( get_option($option)); + echo attribute_escape(get_option($option)); } function get_alloptions() { @@ -1190,7 +1190,7 @@ function wp_nonce_ays($action) { foreach ( (array) $q as $a ) { $v = substr(strstr($a, '='), 1); $k = substr($a, 0, -(strlen($v)+1)); - $html .= "\t\t\n"; + $html .= "\t\t\n"; } $html .= "\t\t\n"; $html .= "\t\t
\n\t\t

" . wp_explain_nonce($action) . "

\n\t\t

" . __('No') . "

\n\t\t
\n\t\n"; diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index af5b1a791..7e176c0cf 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -901,7 +901,7 @@ function the_editor($content, $id = 'content', $prev_id = 'title') { function the_search_query() { global $s; - echo attribute_escape( stripslashes($s)); + echo attribute_escape(stripslashes($s)); } function language_attributes() { @@ -956,7 +956,7 @@ function paginate_links( $arg = '' ) { $link = str_replace('%#%', $current - 1, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = ""; + $page_links[] = ""; endif; for ( $n = 1; $n <= $total; $n++ ) : if ( $n == $current ) : @@ -968,7 +968,7 @@ function paginate_links( $arg = '' ) { $link = str_replace('%#%', $n, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = "$n"; + $page_links[] = "$n"; $dots = true; elseif ( $dots && !$show_all ) : $page_links[] = "..."; @@ -981,7 +981,7 @@ function paginate_links( $arg = '' ) { $link = str_replace('%#%', $current + 1, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = ""; + $page_links[] = ""; endif; switch ( $type ) : case 'array' : diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php index a8c2e539c..101c9b6f8 100644 --- a/wp-includes/post-template.php +++ b/wp-includes/post-template.php @@ -334,7 +334,7 @@ function get_the_attachment_link($id = 0, $fullsize = false, $max_dims = false) if ( ('attachment' != $_post->post_type) || ('' == $_post->guid) ) return __('Missing Attachment'); - $post_title = attribute_escape( $_post->post_title); + $post_title = attribute_escape($_post->post_title); if (! empty($_post->guid) ) { $innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims); @@ -420,7 +420,7 @@ function get_attachment_icon($id = 0, $fullsize = false, $max_dims = false) { } } - $post_title = attribute_escape( $post->post_title); + $post_title = attribute_escape($post->post_title); $icon = "$post_title"; @@ -435,7 +435,7 @@ function get_attachment_innerHTML($id = 0, $fullsize = false, $max_dims = false) $post = & get_post($id); - $innerHTML = attribute_escape( $post->post_title); + $innerHTML = attribute_escape($post->post_title); return apply_filters('attachment_innerHTML', $innerHTML, $post->ID); }