vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-31 10:44:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize browser-bound add_query_arg() outputs. fixes #3937

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@5007 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2007-03-09 04:36:24 +00:00
parent b35406f1ad
commit db67d51e29
4 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wp-admin/edit-comments.php
View File

@@ -101,7 +101,7 @@ $total_pages = ceil( $total / 20 );
$r = '';
if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
$r .= '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
$r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
}
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -111,7 +111,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
$p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
$r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
$r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
$in = true;
elseif ( $in == true ) :
$r .= "...\n";
@@ -122,7 +122,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
}
if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1;
$r .= '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
$r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
}
echo "<p class='pagenav'>$r</p>";
?>
@@ -248,7 +248,7 @@ $total_pages = ceil( $total / 20 );
$r = '';
if ( 1 < $page ) {
$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
$r .= '<a class="prev" href="' . add_query_arg( $args ) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
$r .= '<a class="prev" href="' . attribute_escape(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
}
if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
@@ -258,7 +258,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
$p = false;
if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
$r .= '<a class="page-numbers" href="' . add_query_arg($args) . '">' . ( $page_num ) . "</a>\n";
$r .= '<a class="page-numbers" href="' . attribute_escape(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
$in = true;
elseif ( $in == true ) :
$r .= "...\n";
@@ -269,7 +269,7 @@ if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
}
if ( ( $page ) * 20 < $total || -1 == $total ) {
$args['apage'] = $page + 1;
$r .= '<a class="next" href="' . add_query_arg($args) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
$r .= '<a class="next" href="' . attribute_escape(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
}
echo "<p class='pagenav'>$r</p>";
?>