js_escape and quot fixes from nbachiyski. fixes #3524
git-svn-id: http://svn.automattic.com/wordpress/trunk@4700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
3e26469375
commit
d8d4ca14d0
|
|
@ -19,10 +19,10 @@ function wp_ajax_meta_row( $pid, $mid, $key, $value ) {
|
|||
$r .= "<tr id='meta-$mid'><td valign='top'>";
|
||||
$r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater('meta','meta-$mid');\",event);' type='text' size='20' value='$key' />";
|
||||
$r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";
|
||||
$r .= "<input name='updatemeta' type='button' class='updatemeta' tabindex='6' value='Update' onclick='return theList.ajaxUpdater('meta','meta-$mid');' /><br />";
|
||||
$r .= "<input name='updatemeta' type='button' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' onclick='return theList.ajaxUpdater('meta','meta-$mid');' /><br />";
|
||||
$r .= "<input name='deletemeta[$mid]' type='submit' onclick=\"return deleteSomething( 'meta', $mid, '";
|
||||
$r .= sprintf(__("You are about to delete the "%s" custom field on this post.\\n"OK" to delete, "Cancel" to stop."), $key_js);
|
||||
$r .= "' );\" class='deletemeta' tabindex='6' value='Delete' /></td></tr>";
|
||||
$r .= js_escape(sprintf(__("You are about to delete the '%s' custom field on this post.\n'OK' to delete, 'Cancel' to stop."), $key_js));
|
||||
$r .= "' );\" class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td></tr>";
|
||||
return $r;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -750,7 +750,7 @@ function _cat_row( $category, $level, $name_override = false ) {
|
|||
$default_link_cat_id = get_option( 'default_link_category' );
|
||||
|
||||
if ( ($category->cat_ID != $default_cat_id ) && ($category->cat_ID != $default_link_cat_id ) )
|
||||
$edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf( __("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop." ), js_escape( $category->cat_name ), js_escape( get_catname( $default_cat_id )), js_escape( get_catname( $default_link_cat_id ) ) ) . "' );\" class='delete'>".__( 'Delete' )."</a>";
|
||||
$edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll of its posts will go into the default category of '%s'\nAll of its bookmarks will go into the default category of '%s'.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>";
|
||||
else
|
||||
$edit .= "<td style='text-align:center'>".__( "Default" );
|
||||
} else
|
||||
|
|
@ -798,7 +798,7 @@ function page_rows( $parent = 0, $level = 0, $pages = 0, $hierarchy = true ) {
|
|||
<td><?php if ( '0000-00-00 00:00:00' ==$post->post_modified ) _e('Unpublished'); else echo mysql2date( 'Y-m-d g:i a', $post->post_modified ); ?></td>
|
||||
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e( 'View' ); ?></a></td>
|
||||
<td><?php if ( current_user_can( 'edit_page', $id ) ) { echo "<a href='page.php?action=edit&post=$id' class='edit'>" . __( 'Edit' ) . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can( 'delete_page', $id ) ) { echo "<a href='" . wp_nonce_url( "page.php?action=delete&post=$id", 'delete-page_' . $id ) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf( __("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop." ), js_escape( get_the_title() ) ) . "' );\">" . __( 'Delete' ) . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can( 'delete_page', $id ) ) { echo "<a href='" . wp_nonce_url( "page.php?action=delete&post=$id", 'delete-page_' . $id ) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . js_escape(sprintf( __("You are about to delete the '%s' page.\n'OK' to delete, 'Cancel' to stop." ), get_the_title() ) ) . "' );\">" . __( 'Delete' ) . "</a>"; } ?></td>
|
||||
</tr>
|
||||
|
||||
<?php
|
||||
|
|
@ -917,10 +917,10 @@ function list_meta( $meta ) {
|
|||
$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
|
||||
$r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
|
||||
$r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>";
|
||||
$r .= "\n\t\t<td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".__( 'Update' )."' /><br />";
|
||||
$r .= "\n\t\t<td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='".attribute_escape(__( 'Update' ))."' /><br />";
|
||||
$r .= "\n\t\t<input name='deletemeta[{$entry['meta_id']}]' type='submit' onclick=\"return deleteSomething( 'meta', {$entry['meta_id']}, '";
|
||||
$r .= sprintf( __("You are about to delete the "%s" custom field on this post.\\n"OK" to delete, "Cancel" to stop." ), $key_js );
|
||||
$r .= "' );\" class='deletemeta' tabindex='6' value='".__( 'Delete' )."' /></td>";
|
||||
$r .= js_escape(sprintf( __("You are about to delete the '%s' custom field on this post.\n'OK' to delete, 'Cancel' to stop." ), $key_js ) );
|
||||
$r .= "' );\" class='deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' /></td>";
|
||||
$r .= "\n\t</tr>";
|
||||
}
|
||||
echo $r;
|
||||
|
|
|
|||
|
|
@ -157,12 +157,12 @@ $start = " start='$offset'";
|
|||
<?php
|
||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||
echo " <a href='comment.php?action=editcomment&c=".$comment->comment_ID."'>" . __('Edit') . '</a>';
|
||||
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by "%s".\n"Cancel" to stop, "OK" to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
|
||||
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
|
||||
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
||||
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
|
||||
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $comment->comment_post_ID . '&c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
|
||||
}
|
||||
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=" . $comment->comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by "%s".\n"Cancel" to stop, "OK" to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ";
|
||||
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&dt=spam&p=" . $comment->comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . "</a> ";
|
||||
}
|
||||
$post = get_post($comment->comment_post_ID);
|
||||
$post_title = wp_specialchars( $post->post_title, 'double' );
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ if ( $links ) {
|
|||
break;
|
||||
case 'action':
|
||||
echo '<td><a href="link.php?link_id='.$link->link_id.'&action=edit" class="edit">'.__('Edit').'</a></td>';
|
||||
echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." onclick=\"return deleteSomething( 'link', $link->link_id , '".js_escape(sprintf(__("You are about to delete the "%s" link to %s.\n"Cancel" to stop, "OK" to delete."), $link->link_name, $link->link_url )).'\' );" class="delete">'.__('Delete').'</a></td>';
|
||||
echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." onclick=\"return deleteSomething( 'link', $link->link_id , '".js_escape(sprintf(__("You are about to delete the '%s' link to %s.\n'Cancel' to stop, 'OK' to delete."), $link->link_name, $link->link_url )).'\' );" class="delete">'.__('Delete').'</a></td>';
|
||||
break;
|
||||
default:
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue