vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

new function for escaping within attributes: attribute_escape()

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@4656 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2006-12-21 10:10:04 +00:00
parent 48ee537a1c
commit 31c39f948d
37 changed files with 126 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/users.php
View File

@@ -12,10 +12,10 @@ $action = $_REQUEST['action'];
$update = '';
if ( empty($_POST) ) {
$referer = '<input type="hidden" name="wp_http_referer" value="'. wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
$referer = '<input type="hidden" name="wp_http_referer" value="'. attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
} elseif ( isset($_POST['wp_http_referer']) ) {
$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_POST['wp_http_referer']));
$referer = '<input type="hidden" name="wp_http_referer" value="' . wp_specialchars($redirect) . '" />';
$referer = '<input type="hidden" name="wp_http_referer" value="' . attribute_escape($redirect) . '" />';
} else {
$redirect = 'users.php';
}
@@ -338,7 +338,7 @@ default:
<?php endif; ?>
<form action="" method="get" name="search" id="search">
<p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term, 1); ?>" /> <input type="submit" value="<?php _e('Search users &raquo;'); ?>" class="button" /></p>
<p><input type="text" name="usersearch" id="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search users &raquo;'); ?>" class="button" /></p>
</form>
<?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?>
@@ -429,7 +429,7 @@ foreach ( (array) $roleclass as $user_object ) {
if ( is_wp_error($add_user_errors) ) {
foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
$var = 'new_' . $var;
$$var = wp_specialchars(stripslashes($_POST[$formpost]));
$$var = attribute_escape(stripslashes($_POST[$formpost]));
}
unset($name);
}