new function for escaping within attributes: attribute_escape()

git-svn-id: https://develop.svn.wordpress.org/trunk@4656 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2006-12-21 10:10:04 +00:00
parent 48ee537a1c
commit 31c39f948d
37 changed files with 126 additions and 123 deletions

View File

@@ -323,7 +323,7 @@ function get_default_post_to_edit() {
else if ( !empty( $post_title ) ) {
$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
$text = funky_javascript_fix( $text);
$popupurl = wp_specialchars( $_REQUEST['popupurl'] );
$popupurl = attribute_escape($_REQUEST['popupurl']);
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
}
@@ -380,16 +380,16 @@ function wp_dropdown_roles( $default = false ) {
function get_user_to_edit( $user_id ) {
$user = new WP_User( $user_id );
$user->user_login = wp_specialchars( $user->user_login, 1 );
$user->user_email = wp_specialchars( $user->user_email, 1 );
$user->user_url = wp_specialchars( $user->user_url, 1 );
$user->first_name = wp_specialchars( $user->first_name, 1 );
$user->last_name = wp_specialchars( $user->last_name, 1 );
$user->display_name = wp_specialchars( $user->display_name, 1 );
$user->nickname = wp_specialchars( $user->nickname, 1 );
$user->aim = wp_specialchars( $user->aim, 1 );
$user->yim = wp_specialchars( $user->yim, 1 );
$user->jabber = wp_specialchars( $user->jabber, 1 );
$user->user_login = attribute_escape( $user->user_login);
$user->user_email = attribute_escape( $user->user_email);
$user->user_url = attribute_escape( $user->user_url);
$user->first_name = attribute_escape( $user->first_name);
$user->last_name = attribute_escape( $user->last_name);
$user->display_name = attribute_escape( $user->display_name);
$user->nickname = attribute_escape( $user->nickname);
$user->aim = attribute_escape( $user->aim);
$user->yim = attribute_escape( $user->yim);
$user->jabber = attribute_escape( $user->jabber);
$user->description = wp_specialchars( $user->description );
return $user;
@@ -527,13 +527,13 @@ function edit_user( $user_id = 0 ) {
function get_link_to_edit( $link_id ) {
$link = get_link( $link_id );
$link->link_url = wp_specialchars( $link->link_url, 1 );
$link->link_name = wp_specialchars( $link->link_name, 1 );
$link->link_image = wp_specialchars( $link->link_image, 1 );
$link->link_description = wp_specialchars( $link->link_description, 1 );
$link->link_url = attribute_escape( $link->link_url);
$link->link_name = attribute_escape( $link->link_name);
$link->link_image = attribute_escape( $link->link_image);
$link->link_description = attribute_escape( $link->link_description);
$link->link_notes = wp_specialchars( $link->link_notes );
$link->link_rss = wp_specialchars( $link->link_rss, 1 );
$link->link_rel = wp_specialchars( $link->link_rel, 1 );
$link->link_rss = attribute_escape( $link->link_rss);
$link->link_rel = attribute_escape( $link->link_rel);
$link->post_category = $link->link_category;
return $link;
@@ -541,12 +541,12 @@ function get_link_to_edit( $link_id ) {
function get_default_link_to_edit() {
if ( isset( $_GET['linkurl'] ) )
$link->link_url = wp_specialchars( $_GET['linkurl'], 1 );
$link->link_url = attribute_escape( $_GET['linkurl']);
else
$link->link_url = '';
if ( isset( $_GET['name'] ) )
$link->link_name = wp_specialchars( $_GET['name'], 1 );
$link->link_name = attribute_escape( $_GET['name']);
else
$link->link_name = '';
@@ -831,7 +831,7 @@ function user_row( $user_object, $style = '' ) {
}
$r .= "</td>\n\t\t<td>";
if ( current_user_can( 'edit_user', $user_object->ID ) ) {
$edit_link = wp_specialchars( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) );
$edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
$r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
}
$r .= "</td>\n\t</tr>";
@@ -911,8 +911,8 @@ function list_meta( $meta ) {
}
$key_js = js_escape( $entry['meta_key'] );
$entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
$entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
$entry['meta_key'] = attribute_escape( $entry['meta_key']);
$entry['meta_value'] = attribute_escape( $entry['meta_value']);
$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
$r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
$r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>";
@@ -965,7 +965,7 @@ function meta_form() {
<?php
foreach ( $keys as $key ) {
$key = wp_specialchars( $key, 1 );
$key = attribute_escape( $key);
echo "\n\t<option value='$key'>$key</option>";
}
?>
@@ -1992,7 +1992,7 @@ function wp_reset_vars( $vars ) {
function wp_remember_old_slug() {
global $post;
$name = wp_specialchars($post->post_name); // just in case
$name = attribute_escape($post->post_name); // just in case
if ( strlen($name) )
echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
}