s/attribute_escape/attr/. see #9650

git-svn-id: https://develop.svn.wordpress.org/trunk@11109 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2009-04-28 05:58:45 +00:00
parent 6c066a90d8
commit fe7c34b6fd
84 changed files with 391 additions and 391 deletions

View File

@@ -118,7 +118,7 @@ function _cat_row( $category, $level, $name_override = false ) {
$name = ( $name_override ? $name_override : $pad . ' ' . $category->name );
$edit_link = "categories.php?action=edit&cat_ID=$category->term_id";
if ( current_user_can( 'manage_categories' ) ) {
$edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attribute_escape( $name ) . '</a><br />';
$edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>" . attr( $name ) . '</a><br />';
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
@@ -257,7 +257,7 @@ function inline_edit_term_row($type) {
<p class="inline-edit-save submit">
<a accesskey="c" href="#inline-edit" title="<?php _e('Cancel'); ?>" class="cancel button-secondary alignleft"><?php _e('Cancel'); ?></a>
<?php $update_text = ( $is_tag ) ? __( 'Update Tag' ) : __( 'Update Category' ); ?>
<a accesskey="s" href="#inline-edit" title="<?php echo attribute_escape( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
<a accesskey="s" href="#inline-edit" title="<?php echo attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a>
<img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
<span class="error" style="display:none;"></span>
<?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?>
@@ -289,7 +289,7 @@ function link_cat_row( $category, $name_override = false ) {
$name = ( $name_override ? $name_override : $category->name );
$edit_link = "link-category.php?action=edit&amp;cat_ID=$category->term_id";
if ( current_user_can( 'manage_categories' ) ) {
$edit = "<a class='row-title' href='$edit_link' title='" . attribute_escape(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
$edit = "<a class='row-title' href='$edit_link' title='" . attr(sprintf(__('Edit "%s"'), $category->name)) . "'>$name</a><br />";
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
@@ -649,7 +649,7 @@ function _tag_row( $tag, $class = '', $taxonomy = 'post_tag' ) {
$out .= '<th scope="row" class="check-column"> <input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" /></th>';
break;
case 'name':
$out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attribute_escape(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
$out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . attr(sprintf(__('Edit "%s"'), $name)) . '">' . $name . '</a></strong><br />';
$actions = array();
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
@@ -1247,12 +1247,12 @@ function inline_edit_row( $type ) {
wp_nonce_field( 'inlineeditnonce', '_inline_edit', false );
$update_text = ( $is_page ) ? __( 'Update Page' ) : __( 'Update Post' );
?>
<a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attribute_escape( $update_text ); ?></a>
<a accesskey="s" href="#inline-edit" title="<?php _e('Update'); ?>" class="button-primary save alignright"><?php echo attr( $update_text ); ?></a>
<img class="waiting" style="display:none;" src="images/loading.gif" alt="" />
<?php } else {
$update_text = ( $is_page ) ? __( 'Update Pages' ) : __( 'Update Posts' );
?>
<input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attribute_escape( $update_text ); ?>" />
<input accesskey="s" class="button-primary alignright" type="submit" name="bulk_edit" value="<?php echo attr( $update_text ); ?>" />
<?php } ?>
<input type="hidden" name="post_view" value="<?php echo $m; ?>" />
<br class="clear" />
@@ -1278,7 +1278,7 @@ function get_inline_data($post) {
if ( ! current_user_can('edit_' . $post->post_type, $post->ID) )
return;
$title = attribute_escape($post->post_title);
$title = attr($post->post_title);
echo '
<div class="hidden" id="inline_' . $post->ID . '">
@@ -1427,22 +1427,22 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'title':
$attributes = 'class="post-title column-title"' . $style;
?>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $post->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $title ?></a><?php } else { echo $title; }; _post_states($post); ?></strong>
<?php
if ( 'excerpt' == $mode )
the_excerpt();
$actions = array();
if ( current_user_can('edit_post', $post->ID) ) {
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attribute_escape(__('Edit this post')) . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attribute_escape(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_post', $post->ID) )
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
} else {
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
}
$actions = apply_filters('post_row_actions', $actions, $post);
$action_count = count($actions);
@@ -1643,19 +1643,19 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
$attributes = 'class="post-title page-title column-title"' . $style;
$edit_link = get_edit_post_link( $page->ID );
?>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
<td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo attr(sprintf(__('Edit "%s"'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
<?php
$actions = array();
if ( current_user_can('edit_page', $page->ID) ) {
$actions['edit'] = '<a href="' . $edit_link . '" title="' . attribute_escape(__('Edit this page')) . '">' . __('Edit') . '</a>';
$actions['edit'] = '<a href="' . $edit_link . '" title="' . attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
$actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
$actions['delete'] = "<a class='submitdelete' title='" . attribute_escape(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
$actions['delete'] = "<a class='submitdelete' title='" . attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
if ( current_user_can('edit_page', $page->ID) )
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('Preview "%s"'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';
} else {
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
$actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . attr(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
}
$actions = apply_filters('page_row_actions', $actions, $page);
$action_count = count($actions);
@@ -2114,9 +2114,9 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
comment_text(); ?>
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
<textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
<div class="author-email"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author_email ); ?></div>
<div class="author"><?php if ( $user_can ) echo attribute_escape( $comment->comment_author ); ?></div>
<div class="author-url"><?php echo attribute_escape( $comment->comment_author_url ); ?></div>
<div class="author-email"><?php if ( $user_can ) echo attr( $comment->comment_author_email ); ?></div>
<div class="author"><?php if ( $user_can ) echo attr( $comment->comment_author ); ?></div>
<div class="author-url"><?php echo attr( $comment->comment_author_url ); ?></div>
<div class="comment_status"><?php echo $comment->comment_approved; ?></div>
</div>
<?php
@@ -2417,7 +2417,7 @@ function _list_meta_row( $entry, &$count ) {
}
}
$entry['meta_key'] = attribute_escape($entry['meta_key']);
$entry['meta_key'] = attr($entry['meta_key']);
$entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
$entry['meta_id'] = (int) $entry['meta_id'];
@@ -2427,8 +2427,8 @@ function _list_meta_row( $entry, &$count ) {
$r .= "\n\t\t<td class='left'><label class='hidden' for='meta[{$entry['meta_id']}][key]'>" . __( 'Key' ) . "</label><input name='meta[{$entry['meta_id']}][key]' id='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' />";
$r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' ";
$r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' />";
$r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attribute_escape(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
$r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attr(__( 'Delete' ))."' />";
$r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attr(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
$r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
$r .= "</td>";
@@ -2472,7 +2472,7 @@ function meta_form() {
<?php
foreach ( $keys as $key ) {
$key = attribute_escape( $key );
$key = attr( $key );
echo "\n<option value='$key'>$key</option>";
}
?>
@@ -2782,7 +2782,7 @@ function wp_import_upload_form( $action ) {
<p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php
else :
?>
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attr($action) ?>">
<p>
<?php wp_nonce_field('import-upload'); ?>
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
@@ -2805,7 +2805,7 @@ function wp_import_upload_form( $action ) {
*/
function wp_remember_old_slug() {
global $post;
$name = attribute_escape($post->post_name); // just in case
$name = attr($post->post_name); // just in case
if ( strlen($name) )
echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
}
@@ -3171,15 +3171,15 @@ function find_posts_div($found_action = '') {
/**
* Display the post password.
*
* The password is passed through {@link attribute_escape()} to ensure that it
* The password is passed through {@link attr()} to ensure that it
* is safe for placing in an html attribute.
*
* @uses attribute_escape
* @uses attr
* @since 2.7.0
*/
function the_post_password() {
global $post;
if ( isset( $post->post_password ) ) echo attribute_escape( $post->post_password );
if ( isset( $post->post_password ) ) echo attr( $post->post_password );
}
/**
@@ -3297,12 +3297,12 @@ function _draft_or_post_title($post_id = 0)
* A simple wrapper to display the "s" parameter in a GET URI. This function
* should only be used when {@link the_search_query()} cannot.
*
* @uses attribute_escape
* @uses attr
* @since 2.7.0
*
*/
function _admin_search_query() {
echo isset($_GET['s']) ? attribute_escape( stripslashes( $_GET['s'] ) ) : '';
echo isset($_GET['s']) ? attr( stripslashes( $_GET['s'] ) ) : '';
}
/**