Some XSS escaping love for nav menus. see #11817
git-svn-id: http://svn.automattic.com/wordpress/trunk@13381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith
parent
3dcd9176de
commit
d01197b568
|
|
@ -95,9 +95,9 @@ function wp_print_nav_menu_item($menu_item, $context, $args = array() ) {
|
|||
<span class="title"><?php echo esc_html($menu_item->title); ?></span>
|
||||
<span class="controls">
|
||||
<span class="type"><?php echo esc_html($menu_item->type); ?></span>
|
||||
<a id="edit<?php echo $menu_item->menu_order; ?>" onclick="edititem(<?php echo $menu_item->menu_order; ?>)" value="<?php echo $menu_item->menu_order; ?>"><img class="edit" alt="<?php esc_attr_e('Edit Menu Item'); ?>" title="<?php esc_attr_e('Edit Menu Item'); ?>" src="<?php echo admin_url('images/ico-edit.png'); ?>" /></a>
|
||||
<a id="remove<?php echo $menu_item->menu_order; ?>" onclick="removeitem(<?php echo $menu_item->menu_order; ?>)" value="<?php echo $menu_item->menu_order; ?>"><img class="remove" alt="<?php esc_attr_e('Remove from Custom Menu'); ?>" title="<?php esc_attr_e('Remove from Custom Menu'); ?>" src="<?php echo admin_url('images/ico-close.png'); ?>" /></a>
|
||||
<a id="view<?php echo $menu_item->menu_order; ?>" target="_blank" href="<?php echo $menu_item->link; ?>"><img alt="<?php esc_attr_e('View Page'); ?>" title="<?php esc_attr_e('View Page'); ?>" src="<?php echo admin_url('images/ico-viewpage.png'); ?>" /></a>
|
||||
<a id="edit<?php echo esc_attr( $menu_item->menu_order ); ?>" onclick="edititem(<?php echo esc_attr( $menu_item->menu_order ); ?>)" value="<?php echo esc_attr( $menu_item->menu_order ); ?>"><img class="edit" alt="<?php esc_attr_e('Edit Menu Item'); ?>" title="<?php esc_attr_e('Edit Menu Item'); ?>" src="<?php echo admin_url('images/ico-edit.png'); ?>" /></a>
|
||||
<a id="remove<?php echo esc_attr( $menu_item->menu_order ); ?>" onclick="removeitem(<?php echo esc_attr( $menu_item->menu_order ); ?>)" value="<?php echo esc_attr( $menu_item->menu_order ); ?>"><img class="remove" alt="<?php esc_attr_e('Remove from Custom Menu'); ?>" title="<?php esc_attr_e('Remove from Custom Menu'); ?>" src="<?php echo admin_url('images/ico-close.png'); ?>" /></a>
|
||||
<a id="view<?php echo esc_attr( $menu_item->menu_order ); ?>" target="_blank" href="<?php echo $menu_item->link; ?>"><img alt="<?php esc_attr_e('View Page'); ?>" title="<?php esc_attr_e('View Page'); ?>" src="<?php echo admin_url('images/ico-viewpage.png'); ?>" /></a>
|
||||
</span>
|
||||
</dt>
|
||||
</dl>
|
||||
|
|
@ -106,17 +106,17 @@ function wp_print_nav_menu_item($menu_item, $context, $args = array() ) {
|
|||
<?php } else { ?>
|
||||
<a class="hide" href="<?php echo $menu_item->link; ?>"><?php echo esc_html( $menu_item->title ); ?></a>
|
||||
<?php } ?>
|
||||
<input type="hidden" name="dbid<?php echo $menu_item->menu_order; ?>" id="dbid<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->ID; ?>" />
|
||||
<input type="hidden" name="postmenu<?php echo $menu_item->menu_order; ?>" id="postmenu<?php echo $menu_item->menu_order; ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'object_id', true ) ); ?>" />
|
||||
<input type="hidden" name="parent<?php echo $menu_item->menu_order; ?>" id="parent<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->parent_item; ?>" />
|
||||
<input type="hidden" name="title<?php echo $menu_item->menu_order; ?>" id="title<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->title; ?>" />
|
||||
<input type="hidden" name="linkurl<?php echo $menu_item->menu_order; ?>" id="linkurl<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->link; ?>" />
|
||||
<input type="hidden" name="description<?php echo $menu_item->menu_order; ?>" id="description<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->description; ?>" />
|
||||
<input type="hidden" name="icon<?php echo $menu_item->menu_order; ?>" id="icon<?php echo $menu_item->menu_order; ?>" value="0" />
|
||||
<input type="hidden" name="position<?php echo $menu_item->menu_order; ?>" id="position<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->menu_order; ?>" />
|
||||
<input type="hidden" name="linktype<?php echo $menu_item->menu_order; ?>" id="linktype<?php echo $menu_item->menu_order; ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'menu_type', true ) ); ?>" />
|
||||
<input type="hidden" name="anchortitle<?php echo $menu_item->menu_order; ?>" id="anchortitle<?php echo $menu_item->menu_order; ?>" value="<?php echo esc_html( $menu_item->post_excerpt ); ?>" />
|
||||
<input type="hidden" name="newwindow<?php echo $menu_item->menu_order; ?>" id="newwindow<?php echo $menu_item->menu_order; ?>" value="<?php echo ( '' == $menu_item->post_content_filtered ? '0' : '1' ); ?>" />
|
||||
<input type="hidden" name="dbid<?php echo esc_attr( $menu_item->menu_order ); ?>" id="dbid<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->ID ); ?>" />
|
||||
<input type="hidden" name="postmenu<?php echo esc_attr( $menu_item->menu_order ); ?>" id="postmenu<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'object_id', true ) ); ?>" />
|
||||
<input type="hidden" name="parent<?php echo esc_attr( $menu_item->menu_order ); ?>" id="parent<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->parent_item ); ?>" />
|
||||
<input type="hidden" name="title<?php echo esc_attr( $menu_item->menu_order ); ?>" id="title<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->title ); ?>" />
|
||||
<input type="hidden" name="linkurl<?php echo esc_attr( $menu_item->menu_order ); ?>" id="linkurl<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->link ); ?>" />
|
||||
<input type="hidden" name="description<?php echo esc_attr( $menu_item->menu_order ); ?>" id="description<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->description ); ?>" />
|
||||
<input type="hidden" name="icon<?php echo esc_attr( $menu_item->menu_order ); ?>" id="icon<?php echo esc_attr( $menu_item->menu_order ); ?>" value="0" />
|
||||
<input type="hidden" name="position<?php echo esc_attr( $menu_item->menu_order ); ?>" id="position<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->menu_order ); ?>" />
|
||||
<input type="hidden" name="linktype<?php echo esc_attr( $menu_item->menu_order ); ?>" id="linktype<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'menu_type', true ) ); ?>" />
|
||||
<input type="hidden" name="anchortitle<?php echo esc_attr( $menu_item->menu_order ); ?>" id="anchortitle<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->post_excerpt ); ?>" />
|
||||
<input type="hidden" name="newwindow<?php echo esc_attr( $menu_item->menu_order ); ?>" id="newwindow<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo ( '' == $menu_item->post_content_filtered ? '0' : '1' ); ?>" />
|
||||
<?php
|
||||
break;
|
||||
|
||||
|
|
@ -126,7 +126,7 @@ function wp_print_nav_menu_item($menu_item, $context, $args = array() ) {
|
|||
if ( $advanced_option_descriptions == 'no' )
|
||||
$args['desc'] = 2;
|
||||
?>
|
||||
<a title="<?php echo $menu_item->anchor_title; ?>" href="<?php echo $menu_item->link; ?>" <?php echo $menu_item->target; ?>><?php echo $args['before_title'] . $menu_item->title . $args['after_title']; ?><?php
|
||||
<a title="<?php echo esc_attr( $menu_item->anchor_title ); ?>" href="<?php echo esc_url( $menu_item->link ); ?>" <?php echo $menu_item->target; ?>><?php echo $args['before_title'] . esc_html( $menu_item->title ) . $args['after_title']; ?><?php
|
||||
|
||||
if ( $advanced_option_descriptions == 'no' ) {
|
||||
// 2 widget override do NOT display descriptions
|
||||
|
|
|
|||
Loading…
Reference in New Issue