From d01197b568974485c1829ba14ade98a134fc28aa Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 24 Feb 2010 20:10:12 +0000
Subject: [PATCH] Some XSS escaping love for nav menus. see #11817

git-svn-id: http://svn.automattic.com/wordpress/trunk@13381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/nav-menu-template.php | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/wp-includes/nav-menu-template.php b/wp-includes/nav-menu-template.php
index 64093c124..19107786d 100644
--- a/wp-includes/nav-menu-template.php
+++ b/wp-includes/nav-menu-template.php
@@ -95,9 +95,9 @@ function wp_print_nav_menu_item($menu_item, $context, $args = array() ) {
 								<span class="title"><?php echo esc_html($menu_item->title); ?></span>
 								<span class="controls">
 								<span class="type"><?php echo esc_html($menu_item->type); ?></span>
-								<a id="edit<?php echo $menu_item->menu_order; ?>" onclick="edititem(<?php echo $menu_item->menu_order; ?>)" value="<?php echo $menu_item->menu_order; ?>"><img class="edit" alt="<?php esc_attr_e('Edit Menu Item'); ?>" title="<?php esc_attr_e('Edit Menu Item'); ?>" src="<?php echo admin_url('images/ico-edit.png'); ?>" /></a>
-								<a id="remove<?php echo $menu_item->menu_order; ?>" onclick="removeitem(<?php echo $menu_item->menu_order; ?>)" value="<?php echo $menu_item->menu_order; ?>"><img class="remove" alt="<?php esc_attr_e('Remove from Custom Menu'); ?>" title="<?php esc_attr_e('Remove from Custom Menu'); ?>" src="<?php echo admin_url('images/ico-close.png'); ?>" /></a>
-								<a id="view<?php echo $menu_item->menu_order; ?>" target="_blank" href="<?php echo $menu_item->link; ?>"><img alt="<?php esc_attr_e('View Page'); ?>" title="<?php esc_attr_e('View Page'); ?>" src="<?php echo admin_url('images/ico-viewpage.png'); ?>" /></a>
+								<a id="edit<?php echo esc_attr( $menu_item->menu_order ); ?>" onclick="edititem(<?php echo esc_attr( $menu_item->menu_order ); ?>)" value="<?php echo esc_attr( $menu_item->menu_order ); ?>"><img class="edit" alt="<?php esc_attr_e('Edit Menu Item'); ?>" title="<?php esc_attr_e('Edit Menu Item'); ?>" src="<?php echo admin_url('images/ico-edit.png'); ?>" /></a>
+								<a id="remove<?php echo esc_attr( $menu_item->menu_order ); ?>" onclick="removeitem(<?php echo esc_attr( $menu_item->menu_order ); ?>)" value="<?php echo esc_attr( $menu_item->menu_order ); ?>"><img class="remove" alt="<?php esc_attr_e('Remove from Custom Menu'); ?>" title="<?php esc_attr_e('Remove from Custom Menu'); ?>" src="<?php echo admin_url('images/ico-close.png'); ?>" /></a>
+								<a id="view<?php echo esc_attr( $menu_item->menu_order ); ?>" target="_blank" href="<?php echo $menu_item->link; ?>"><img alt="<?php esc_attr_e('View Page'); ?>" title="<?php esc_attr_e('View Page'); ?>" src="<?php echo admin_url('images/ico-viewpage.png'); ?>" /></a>
 								</span>
 							</dt>
 						</dl>
@@ -106,17 +106,17 @@ function wp_print_nav_menu_item($menu_item, $context, $args = array() ) {
 						<?php } else { ?>
 						<a class="hide" href="<?php echo $menu_item->link; ?>"><?php echo esc_html( $menu_item->title ); ?></a>
 						<?php } ?>
-						<input type="hidden" name="dbid<?php echo $menu_item->menu_order; ?>" id="dbid<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->ID; ?>" />
-						<input type="hidden" name="postmenu<?php echo $menu_item->menu_order; ?>" id="postmenu<?php echo $menu_item->menu_order; ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'object_id', true ) ); ?>" />
-						<input type="hidden" name="parent<?php echo $menu_item->menu_order; ?>" id="parent<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->parent_item; ?>" />
-						<input type="hidden" name="title<?php echo $menu_item->menu_order; ?>" id="title<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->title; ?>" />
-						<input type="hidden" name="linkurl<?php echo $menu_item->menu_order; ?>" id="linkurl<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->link; ?>" />
-						<input type="hidden" name="description<?php echo $menu_item->menu_order; ?>" id="description<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->description; ?>" />
-						<input type="hidden" name="icon<?php echo $menu_item->menu_order; ?>" id="icon<?php echo $menu_item->menu_order; ?>" value="0" />
-						<input type="hidden" name="position<?php echo $menu_item->menu_order; ?>" id="position<?php echo $menu_item->menu_order; ?>" value="<?php echo $menu_item->menu_order; ?>" />
-						<input type="hidden" name="linktype<?php echo $menu_item->menu_order; ?>" id="linktype<?php echo $menu_item->menu_order; ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'menu_type', true ) ); ?>" />
-						<input type="hidden" name="anchortitle<?php echo $menu_item->menu_order; ?>" id="anchortitle<?php echo $menu_item->menu_order; ?>" value="<?php echo esc_html( $menu_item->post_excerpt ); ?>" />
-						<input type="hidden" name="newwindow<?php echo $menu_item->menu_order; ?>" id="newwindow<?php echo $menu_item->menu_order; ?>" value="<?php echo ( '' == $menu_item->post_content_filtered ? '0' : '1' ); ?>" />
+						<input type="hidden" name="dbid<?php echo esc_attr( $menu_item->menu_order ); ?>" id="dbid<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->ID ); ?>" />
+						<input type="hidden" name="postmenu<?php echo esc_attr( $menu_item->menu_order ); ?>" id="postmenu<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'object_id', true ) ); ?>" />
+						<input type="hidden" name="parent<?php echo esc_attr( $menu_item->menu_order ); ?>" id="parent<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->parent_item ); ?>" />
+						<input type="hidden" name="title<?php echo esc_attr( $menu_item->menu_order ); ?>" id="title<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->title ); ?>" />
+						<input type="hidden" name="linkurl<?php echo esc_attr( $menu_item->menu_order ); ?>" id="linkurl<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->link ); ?>" />
+						<input type="hidden" name="description<?php echo esc_attr( $menu_item->menu_order ); ?>" id="description<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->description ); ?>" />
+						<input type="hidden" name="icon<?php echo esc_attr( $menu_item->menu_order ); ?>" id="icon<?php echo esc_attr( $menu_item->menu_order ); ?>" value="0" />
+						<input type="hidden" name="position<?php echo esc_attr( $menu_item->menu_order ); ?>" id="position<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->menu_order ); ?>" />
+						<input type="hidden" name="linktype<?php echo esc_attr( $menu_item->menu_order ); ?>" id="linktype<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( get_post_meta( $menu_item->ID, 'menu_type', true ) ); ?>" />
+						<input type="hidden" name="anchortitle<?php echo esc_attr( $menu_item->menu_order ); ?>" id="anchortitle<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo esc_attr( $menu_item->post_excerpt ); ?>" />
+						<input type="hidden" name="newwindow<?php echo esc_attr( $menu_item->menu_order ); ?>" id="newwindow<?php echo esc_attr( $menu_item->menu_order ); ?>" value="<?php echo ( '' == $menu_item->post_content_filtered ? '0' : '1' ); ?>" />
 <?php
 		break;
 
@@ -126,7 +126,7 @@ function wp_print_nav_menu_item($menu_item, $context, $args = array() ) {
 			if ( $advanced_option_descriptions == 'no' )
 				$args['desc'] = 2;
 ?>
-			<a title="<?php echo $menu_item->anchor_title; ?>" href="<?php echo $menu_item->link; ?>" <?php echo $menu_item->target; ?>><?php echo $args['before_title'] . $menu_item->title . $args['after_title']; ?><?php
+			<a title="<?php echo esc_attr( $menu_item->anchor_title ); ?>" href="<?php echo esc_url( $menu_item->link ); ?>" <?php echo $menu_item->target; ?>><?php echo $args['before_title'] . esc_html( $menu_item->title ) . $args['after_title']; ?><?php
 
 							if ( $advanced_option_descriptions == 'no' ) {
 								// 2 widget override do NOT display descriptions