From 7fcda10d46f156646731a4d066e62c57f4a3c1bf Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Sun, 2 May 2010 22:53:59 +0000 Subject: [PATCH] Escape links by default. Props alexkingorg. see #13051 git-svn-id: https://develop.svn.wordpress.org/trunk@14347 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/admin-header.php | 4 +- wp-admin/edit-comments.php | 10 +-- wp-admin/edit-form-advanced.php | 20 ++--- wp-admin/edit.php | 6 +- wp-admin/import/livejournal.php | 4 +- wp-admin/includes/dashboard.php | 14 ++-- wp-admin/includes/media.php | 8 +- wp-admin/includes/meta-boxes.php | 8 +- wp-admin/includes/ms.php | 18 ++--- wp-admin/includes/nav-menu.php | 6 +- wp-admin/includes/plugin-install.php | 2 +- wp-admin/includes/plugin.php | 2 +- wp-admin/includes/template.php | 16 ++-- wp-admin/includes/widgets.php | 2 +- wp-admin/js/revisions-js.php | 2 +- wp-admin/ms-delete-site.php | 2 +- wp-admin/ms-edit.php | 6 +- wp-admin/ms-options.php | 2 +- wp-admin/ms-sites.php | 32 ++++---- wp-admin/ms-themes.php | 2 +- wp-admin/ms-users.php | 16 ++-- wp-admin/my-sites.php | 2 +- wp-admin/network.php | 6 +- wp-admin/options-general.php | 2 +- wp-admin/press-this.php | 8 +- wp-admin/themes.php | 2 +- wp-admin/update-core.php | 2 +- wp-admin/upload.php | 4 +- wp-admin/user-edit.php | 2 +- wp-admin/widgets.php | 4 +- wp-content/themes/twentyten/functions.php | 2 +- wp-includes/comment-template.php | 2 +- wp-includes/default-widgets.php | 2 +- wp-includes/general-template.php | 8 +- wp-includes/link-template.php | 94 +++++++++++++++++------ wp-includes/ms-functions.php | 4 +- 36 files changed, 186 insertions(+), 140 deletions(-) diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php index 709418ba25..5c1a394f82 100644 --- a/wp-admin/admin-header.php +++ b/wp-admin/admin-header.php @@ -105,9 +105,9 @@ if ( function_exists('mb_strlen') ) { } ?> - +

> - + diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index 152f97b013..583f811d31 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -156,7 +156,7 @@ if ( isset($_GET['approved']) || isset($_GET['deleted']) || isset($_GET['trashed if ( $spammed > 0 ) { $ids = isset($_GET['ids']) ? $_GET['ids'] : 0; - $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' ' . __('Undo') . '
'; + $messages[] = sprintf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed ) . ' ' . __('Undo') . '
'; } if ( $unspammed > 0 ) @@ -164,7 +164,7 @@ if ( isset($_GET['approved']) || isset($_GET['deleted']) || isset($_GET['trashed if ( $trashed > 0 ) { $ids = isset($_GET['ids']) ? $_GET['ids'] : 0; - $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' ' . __('Undo') . '
'; + $messages[] = sprintf( _n( '%s comment moved to the Trash.', '%s comments moved to the Trash.', $trashed ), $trashed ) . ' ' . __('Undo') . '
'; } if ( $untrashed > 0 ) @@ -176,13 +176,13 @@ if ( isset($_GET['approved']) || isset($_GET['deleted']) || isset($_GET['trashed if ( $same > 0 && $comment = get_comment( $same ) ) { switch ( $comment->comment_approved ) { case '1' : - $messages[] = __('This comment is already approved.') . ' ' . __( 'Edit comment' ) . ''; + $messages[] = __('This comment is already approved.') . ' ' . __( 'Edit comment' ) . ''; break; case 'trash' : - $messages[] = __( 'This comment is already in the Trash.' ) . ' ' . __( 'View Trash' ) . ''; + $messages[] = __( 'This comment is already in the Trash.' ) . ' ' . __( 'View Trash' ) . ''; break; case 'spam' : - $messages[] = __( 'This comment is already marked as spam.' ) . ' ' . __( 'Edit comment' ) . ''; + $messages[] = __( 'This comment is already marked as spam.' ) . ' ' . __( 'Edit comment' ) . ''; break; } } diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index ea01523973..1837d4411b 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -36,32 +36,32 @@ $action = isset($action) ? $action : ''; $messages = array(); $messages['post'] = array( '', - sprintf( __('Post updated. View post'), esc_url( get_permalink($post_ID) ) ), + sprintf( __('Post updated. View post'), get_permalink($post_ID) ), __('Custom field updated.'), __('Custom field deleted.'), __('Post updated.'), /* translators: %s: date and time of the revision */ isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, - sprintf( __('Post published. View post'), esc_url( get_permalink($post_ID) ) ), + sprintf( __('Post published. View post'), get_permalink($post_ID) ), __('Post saved.'), - sprintf( __('Post submitted. Preview post'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), + sprintf( __('Post submitted. Preview post'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ), sprintf( __('Post scheduled for: %1$s. Preview post'), // translators: Publish box date format, see http://php.net/date - date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), - sprintf( __('Post draft updated. Preview post'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), + date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ), + sprintf( __('Post draft updated. Preview post'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ), ); $messages['page'] = array( '', - sprintf( __('Page updated. View page'), esc_url( get_permalink($post_ID) ) ), + sprintf( __('Page updated. View page'), get_permalink($post_ID) ), __('Custom field updated.'), __('Custom field deleted.'), __('Page updated.'), isset($_GET['revision']) ? sprintf( __('Page restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, - sprintf( __('Page published. View page'), esc_url( get_permalink($post_ID) ) ), + sprintf( __('Page published. View page'), get_permalink($post_ID) ), __('Page saved.'), - sprintf( __('Page submitted. Preview page'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), - sprintf( __('Page scheduled for: %1$s. Preview page'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), - sprintf( __('Page draft updated. Preview page'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), + sprintf( __('Page submitted. Preview page'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ), + sprintf( __('Page scheduled for: %1$s. Preview page'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ), + sprintf( __('Page draft updated. Preview page'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ), ); $message = false; diff --git a/wp-admin/edit.php b/wp-admin/edit.php index dcc1b0b02d..b20b8efa97 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -199,7 +199,7 @@ if ( isset($_GET['deleted']) && (int) $_GET['deleted'] ) { if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) { printf( _n( 'Item moved to the trash.', '%s items moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) ); $ids = isset($_GET['ids']) ? $_GET['ids'] : 0; - echo ' ' . __('Undo') . '
'; + echo ' ' . __('Undo') . '
'; unset($_GET['trashed']); } @@ -366,8 +366,8 @@ if ( $is_trash && current_user_can($post_type_object->edit_others_cap) ) { ?>
diff --git a/wp-admin/import/livejournal.php b/wp-admin/import/livejournal.php index dece821620..af18595c3b 100644 --- a/wp-admin/import/livejournal.php +++ b/wp-admin/import/livejournal.php @@ -976,7 +976,7 @@ class LJ_API_Import { if ( next_counter <= 0 ) { if ( jQuery( '#' ).length ) { jQuery( "# input[type='submit']" ).hide(); - str = ' '; + str = ' '; jQuery( '#' ).html( str ); jQuery( '#' ).submit(); return; @@ -1005,7 +1005,7 @@ class LJ_API_Import { if ( jQuery( '#' ).length ) { jQuery( "# input[type='submit']" ).hide(); jQuery.ajaxSetup({'timeout':3600000}); - str = ' '; + str = ' '; jQuery( '#' ).html( str ); jQuery('#ljapi-status').load(ajaxurl, {'action':'lj-importer', 'import':'livejournal', diff --git a/wp-admin/includes/dashboard.php b/wp-admin/includes/dashboard.php index 50ad748c68..7db6b4c027 100644 --- a/wp-admin/includes/dashboard.php +++ b/wp-admin/includes/dashboard.php @@ -383,14 +383,14 @@ function wp_dashboard_quick_press() { $drafts = false; if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) { $view = get_permalink( $_POST['post_ID'] ); - $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) ); + $edit = get_edit_post_link( $_POST['post_ID'] ); if ( 'post-quickpress-publish' == $_POST['action'] ) { if ( current_user_can('publish_posts') ) - printf( '

' . __( 'Post Published. View post | Edit post' ) . '

', esc_url( $view ), $edit ); + printf( '

' . __( 'Post Published. View post | Edit post' ) . '

', $view , $edit ); else - printf( '

' . __( 'Post submitted. Preview post | Edit post' ) . '

', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); + printf( '

' . __( 'Post submitted. Preview post | Edit post' ) . '

', add_query_arg( 'preview', 1, $view ), $edit ); } else { - printf( '

' . __( 'Draft Saved. Preview post | Edit post' ) . '

', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); + printf( '

' . __( 'Draft Saved. Preview post | Edit post' ) . '

', add_query_arg( 'preview', 1, $view ), $edit ); $drafts_query = new WP_Query( array( 'post_type' => 'post', 'post_status' => 'draft', @@ -410,7 +410,7 @@ function wp_dashboard_quick_press() { $post = get_default_post_to_edit(); ?> -
+

@@ -443,7 +443,7 @@ function wp_dashboard_quick_press() { - +

@@ -558,7 +558,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) { $comment_post_url = get_edit_post_link( $comment->comment_post_ID ); $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); $comment_post_link = "$comment_post_title"; - $comment_link = '#'; + $comment_link = '#'; $actions_string = ''; if ( current_user_can('edit_post', $comment->comment_post_ID) ) { diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 7f6fb498d0..ef1d49e5f7 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -1223,7 +1223,7 @@ function get_media_item( $attachment_id, $args = null ) { $image_edit_button = ''; if ( gd_edit_image_support( $post->post_mime_type ) ) { $nonce = wp_create_nonce( "image_editor-$post->ID" ); - $image_edit_button = " "; + $image_edit_button = " "; } $attachment_url = get_permalink( $attachment_id ); @@ -1640,7 +1640,7 @@ var addExtImage = { document.getElementById('go_button').style.color = '#bbb'; if ( ! document.forms[0].src.value ) document.getElementById('status_img').innerHTML = '*'; - else document.getElementById('status_img').innerHTML = ''; + else document.getElementById('status_img').innerHTML = ''; }, updateImageData : function() { @@ -1649,7 +1649,7 @@ var addExtImage = { t.width = t.preloadImg.width; t.height = t.preloadImg.height; document.getElementById('go_button').style.color = '#333'; - document.getElementById('status_img').innerHTML = ''; + document.getElementById('status_img').innerHTML = ''; }, getImageData : function() { @@ -1659,7 +1659,7 @@ var addExtImage = { t.resetImageData(); return false; } - document.getElementById('status_img').innerHTML = ''; + document.getElementById('status_img').innerHTML = ''; t.preloadImg = new Image(); t.preloadImg.onload = t.updateImageData; t.preloadImg.onerror = t.resetImageData; diff --git a/wp-admin/includes/meta-boxes.php b/wp-admin/includes/meta-boxes.php index d6ff999f78..07ee733823 100644 --- a/wp-admin/includes/meta-boxes.php +++ b/wp-admin/includes/meta-boxes.php @@ -37,10 +37,10 @@ function post_submit_meta_box($post) {
post_status ) { - $preview_link = esc_url(get_permalink($post->ID)); + $preview_link = get_permalink($post->ID); $preview_button = __('Preview Changes'); } else { - $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); + $preview_link = apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))); $preview_button = __('Preview'); } ?> @@ -204,7 +204,7 @@ if ( current_user_can( "delete_post", $post->ID ) ) {
- + post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) { if ( $can_publish ) : @@ -451,7 +451,7 @@ function post_comment_meta_box($post) { -

+

diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php index 5a910fcdc0..b76bf453eb 100644 --- a/wp-admin/includes/ms.php +++ b/wp-admin/includes/ms.php @@ -210,7 +210,7 @@ function confirm_delete_users( $users ) { foreach ( (array) $blogs as $key => $details ) { $blog_users = get_users_of_blog( $details->userblog_id ); if ( is_array( $blog_users ) && !empty( $blog_users ) ) { - $user_site = "{$details->blogname}"; + $user_site = "{$details->blogname}"; $user_dropdown = " " . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on the options page for it to work." ), esc_url( admin_url( 'ms-options.php' ) ) ) . "
"; + echo "
" . sprintf( __( "Warning! The current theme supports Featured Images. You must enable image uploads on the options page for it to work." ), admin_url( 'ms-options.php' ) ) . "
"; } } add_action( 'admin_notices', 'show_post_thumbnail_warning' ); @@ -803,7 +803,7 @@ add_action( 'admin_notices', 'ms_deprecated_blogs_file' ); * @return none */ function _admin_notice_multisite_activate_plugins_page() { - $message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '' . __( 'Activate' ) . '' ); + $message = sprintf( __( 'The plugins page is not visible to normal users. It must be activated first. %s' ), '' . __( 'Activate' ) . '' ); echo "

$message

"; } diff --git a/wp-admin/includes/nav-menu.php b/wp-admin/includes/nav-menu.php index 3e33d88f79..af48d71067 100644 --- a/wp-admin/includes/nav-menu.php +++ b/wp-admin/includes/nav-menu.php @@ -450,7 +450,7 @@ function wp_nav_menu_item_link_meta_box() {

- +

@@ -639,7 +639,7 @@ function wp_nav_menu_item_post_type_meta_box( $object, $post_type ) { - +

@@ -807,7 +807,7 @@ function wp_nav_menu_item_taxonomy_meta_box( $object, $taxonomy ) { - +

diff --git a/wp-admin/includes/plugin-install.php b/wp-admin/includes/plugin-install.php index 821db020d1..c81a04702e 100644 --- a/wp-admin/includes/plugin-install.php +++ b/wp-admin/includes/plugin-install.php @@ -147,7 +147,7 @@ function install_dashboard() { $tags = array(); foreach ( (array)$api_tags as $tag ) $tags[ $tag['name'] ] = (object) array( - 'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ), + 'link' => admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])), 'name' => $tag['name'], 'id' => sanitize_title_with_dashes($tag['name']), 'count' => $tag['count'] ); diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php index 4055cb6dfe..fd251fc54a 100644 --- a/wp-admin/includes/plugin.php +++ b/wp-admin/includes/plugin.php @@ -822,7 +822,7 @@ function add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $func add_action( $hookname, $function ); if ( empty($icon_url) ) - $icon_url = esc_url( admin_url( 'images/generic.png' ) ); + $icon_url = admin_url( 'images/generic.png' ); elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') ) $icon_url = 'https://' . substr($icon_url, 7); diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 64aa1a72cf..820a4215f2 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -65,7 +65,7 @@ function inline_edit_term_row($type, $taxonomy) { singular_label ); ?> - + @@ -613,7 +613,7 @@ function wp_manage_posts_columns( $screen = '') { $posts_columns['tags'] = __('Tags'); $post_status = !empty($_REQUEST['post_status']) ? $_REQUEST['post_status'] : 'all'; if ( !in_array( $post_status, array('pending', 'draft', 'future') ) && ( empty($post_type) || post_type_supports($post_type, 'comments') ) ) - $posts_columns['comments'] = '
Comments
'; + $posts_columns['comments'] = '
Comments
'; $posts_columns['date'] = __('Date'); if ( 'page' == $post_type ) @@ -643,7 +643,7 @@ function wp_manage_media_columns() { //$posts_columns['tags'] = _x('Tags', 'column name'); /* translators: column name */ $posts_columns['parent'] = _x('Attached to', 'column name'); - $posts_columns['comments'] = '
Comments
'; + $posts_columns['comments'] = '
Comments
'; //$posts_columns['comments'] = __('Comments'); /* translators: column name */ $posts_columns['date'] = _x('Date', 'column name'); @@ -1153,7 +1153,7 @@ endif; // post_type_supports comments or pings ?> $update_text = __( 'Update' ); ?> - + @@ -1818,7 +1818,7 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) { if ($current_user->ID == $user_object->ID) { $edit_link = 'profile.php'; } else { - $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) ); + $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) ); } $edit = "$user_object->user_login
"; @@ -2012,7 +2012,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true, $post_type_object = get_post_type_object($post->post_type); $user_can = current_user_can($post_type_object->edit_cap, $post->ID); - $comment_url = esc_url(get_comment_link($comment->comment_ID)); + $comment_url = get_comment_link($comment->comment_ID); $author_url = get_comment_author_url(); if ( 'http://' == $author_url ) $author_url = ''; @@ -2068,7 +2068,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true, if ( $comment->comment_parent ) { $parent = get_comment( $comment->comment_parent ); - $parent_link = esc_url( get_comment_link( $comment->comment_parent ) ); + $parent_link = get_comment_link( $comment->comment_parent ); $name = apply_filters( 'get_comment_author', $parent->comment_author ); // there's no API function for this printf( ' | '.__( 'In reply to %2$s.' ), $parent_link, $name ); } @@ -2275,7 +2275,7 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single', - +

diff --git a/wp-admin/includes/widgets.php b/wp-admin/includes/widgets.php index aef0dbafae..4edf5c3e19 100644 --- a/wp-admin/includes/widgets.php +++ b/wp-admin/includes/widgets.php @@ -202,7 +202,7 @@ function wp_widget_control( $sidebar_args ) {
- +

diff --git a/wp-admin/js/revisions-js.php b/wp-admin/js/revisions-js.php index e473d31366..949a4ac61d 100644 --- a/wp-admin/js/revisions-js.php +++ b/wp-admin/js/revisions-js.php @@ -12,7 +12,7 @@ function dvortr( $str ) { ); } -$j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) ); +$j = site_url( '/wp-includes/js/jquery/jquery.js' ); $n = esc_html( $GLOBALS['current_user']->data->display_name ); $d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) ); diff --git a/wp-admin/ms-delete-site.php b/wp-admin/ms-delete-site.php index b49a02204b..e362c18714 100644 --- a/wp-admin/ms-delete-site.php +++ b/wp-admin/ms-delete-site.php @@ -37,7 +37,7 @@ if ( isset( $_POST['action'] ) && $_POST['action'] == 'deleteblog' && isset( $_P $hash = wp_generate_password( 20, false ); update_option( 'delete_blog_hash', $hash ); - $url_delete = esc_url( admin_url( 'ms-delete-site.php?h=' . $hash ) ); + $url_delete = admin_url( 'ms-delete-site.php?h=' . $hash ); $content = apply_filters( 'delete_site_email_content', __( "Dear User, You recently clicked the 'Delete Site' link on your site and filled in a diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index d1d0dcbc45..ed95929e4a 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -29,7 +29,7 @@ switch ( $_GET['action'] ) { wp_die( __( 'You do not have permission to access this page.' ) ); if ( empty( $_POST ) ) - wp_die( sprintf( __( 'You probably need to go back to the options page.', esc_url( admin_url( 'ms-options.php' ) ) ) ) ); + wp_die( sprintf( __( 'You probably need to go back to the options page.', admin_url( 'ms-options.php' ) ) ) ); if ( isset($_POST['WPLANG']) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) ) update_site_option( 'WPLANG', $_POST['WPLANG'] ); @@ -204,7 +204,7 @@ switch ( $_GET['action'] ) { wp_die( __( 'You do not have permission to access this page.' ) ); if ( empty( $_POST ) ) - wp_die( sprintf( __( 'You probably need to go back to the sites page', esc_url( admin_url( 'ms-sites.php' ) ) ) ) ); + wp_die( sprintf( __( 'You probably need to go back to the sites page', admin_url( 'ms-sites.php' ) ) ) ); switch_to_blog( $id ); @@ -466,7 +466,7 @@ switch ( $_GET['action'] ) { -

WordPress

+

WordPress

diff --git a/wp-admin/ms-options.php b/wp-admin/ms-options.php index 3bd5acf1c1..0afe09575e 100644 --- a/wp-admin/ms-options.php +++ b/wp-admin/ms-options.php @@ -94,7 +94,7 @@ if (isset($_GET['updated'])) {
id, 'feed/' ) ) - echo __( 'A good one to use would be the feed from your main site: ' ) . esc_url( get_home_url( $current_site->id, 'feed/' ) ) ?> + echo __( 'A good one to use would be the feed from your main site: ' ) . get_home_url( $current_site->id, 'feed/' ); ?>

diff --git a/wp-admin/ms-sites.php b/wp-admin/ms-sites.php index 311e75a2d0..6a5a5bc5d9 100644 --- a/wp-admin/ms-sites.php +++ b/wp-admin/ms-sites.php @@ -84,7 +84,7 @@ switch ( $action ) { ?> @@ -531,7 +531,7 @@ switch ( $action ) { case 'blogname': ?> - + ' . sprintf( _x( '%1$s – %2$s', '%1$s: site name. %2$s: site tagline.' ), get_blog_option( $blog['blog_id'], 'blogname' ), get_blog_option( $blog['blog_id'], 'blogdescription ' ) ) . '

'; @@ -546,28 +546,28 @@ switch ( $action ) { 'visit' => '', ); - $actions['edit'] = '' . __( 'Edit' ) . ''; - $actions['backend'] = "" . __( 'Backend' ) . ''; + $actions['edit'] = '' . __( 'Edit' ) . ''; + $actions['backend'] = "" . __( 'Backend' ) . ''; if ( $current_site->blog_id != $blog['blog_id'] ) { if ( get_blog_status( $blog['blog_id'], 'deleted' ) == '1' ) - $actions['activate'] = '' . __( 'Activate' ) . ''; + $actions['activate'] = '' . __( 'Activate' ) . ''; else - $actions['deactivate'] = '' . __( 'Deactivate' ) . ''; + $actions['deactivate'] = '' . __( 'Deactivate' ) . ''; if ( get_blog_status( $blog['blog_id'], 'archived' ) == '1' ) - $actions['unarchive'] = '' . __( 'Unarchive' ) . ''; + $actions['unarchive'] = '' . __( 'Unarchive' ) . ''; else - $actions['archive'] = '' . __( 'Archive' ) . ''; + $actions['archive'] = '' . __( 'Archive' ) . ''; if ( get_blog_status( $blog['blog_id'], 'spam' ) == '1' ) - $actions['unspam'] = '' . __( 'Not Spam' ) . ''; + $actions['unspam'] = '' . __( 'Not Spam' ) . ''; else - $actions['spam'] = '' . __( 'Spam' ) . ''; + $actions['spam'] = '' . __( 'Spam' ) . ''; - $actions['delete'] = '' . __( 'Delete' ) . ''; + $actions['delete'] = '' . __( 'Delete' ) . ''; } - $actions['visit'] = "" . __( 'Visit' ) . ''; + $actions['visit'] = "" . __( 'Visit' ) . ''; $actions = array_filter( $actions ); if ( count( $actions ) ) : ?>
@@ -608,10 +608,10 @@ switch ( $action ) { $blogusers_warning = ''; if ( count( $blogusers ) > 5 ) { $blogusers = array_slice( $blogusers, 0, 5 ); - $blogusers_warning = __( 'Only showing first 5 users.' ) . ' ' . __( 'More' ) . ''; + $blogusers_warning = __( 'Only showing first 5 users.' ) . ' ' . __( 'More' ) . ''; } foreach ( $blogusers as $key => $val ) { - echo '' . esc_html( $val->user_login ) . ' '; + echo '' . esc_html( $val->user_login ) . ' '; if ( 'list' != $mode ) echo '(' . $val->user_email . ')'; echo '
'; diff --git a/wp-admin/ms-themes.php b/wp-admin/ms-themes.php index 61fa51c8ef..35c3b6bfce 100644 --- a/wp-admin/ms-themes.php +++ b/wp-admin/ms-themes.php @@ -26,7 +26,7 @@ $themes = get_themes(); $allowed_themes = get_site_allowed_themes(); ?>
- +

diff --git a/wp-admin/ms-users.php b/wp-admin/ms-users.php index fd6c59a433..5b026a4f30 100644 --- a/wp-admin/ms-users.php +++ b/wp-admin/ms-users.php @@ -149,8 +149,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
@@ -230,15 +230,15 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET[' $edit_link = ( $current_user->ID == $user['ID'] ) ? 'profile.php' : 'user-edit.php?user_id=' . $user['ID']; ?> -
- + - | + |
@@ -273,17 +273,17 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET[' if ( is_array( $blogs ) ) { foreach ( (array) $blogs as $key => $val ) { $path = ( $val->path == '/' ) ? '' : $val->path; - echo '' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . ''; + echo '' . str_replace( '.' . $current_site->domain, '', $val->domain . $path ) . ''; echo ' '; // Edit - echo '' . __( 'Edit' ) . ' | '; + echo '' . __( 'Edit' ) . ' | '; // View echo 'userblog_id, 'spam' ) == 1 ) echo 'style="background-color: #faa" '; - echo 'href="' . esc_url( get_home_url( $val->userblog_id ) ) . '">' . __( 'View' ) . ''; + echo 'href="' . get_home_url( $val->userblog_id ) . '">' . __( 'View' ) . ''; echo '
'; } diff --git a/wp-admin/my-sites.php b/wp-admin/my-sites.php index af1acdfd76..9492c44cd5 100644 --- a/wp-admin/my-sites.php +++ b/wp-admin/my-sites.php @@ -83,7 +83,7 @@ if ( $updated ) { ?> $s = $i == 3 ? '' : 'border-right: 1px solid #ccc;'; echo ""; echo "

{$user_blog->blogname}

"; - echo "

" . apply_filters( 'myblogs_blog_actions', "" . __( 'Visit' ) . " | " . __( 'Dashboard' ) . "", $user_blog ) . "

"; + echo "

" . apply_filters( 'myblogs_blog_actions', "" . __( 'Visit' ) . " | " . __( 'Dashboard' ) . "", $user_blog ) . "

"; echo apply_filters( 'myblogs_options', '', $user_blog ); echo ""; $i++; diff --git a/wp-admin/network.php b/wp-admin/network.php index 745fc1f073..48f011f9c6 100644 --- a/wp-admin/network.php +++ b/wp-admin/network.php @@ -92,7 +92,7 @@ include( './admin-header.php' ); function network_step1( $errors = false ) { if ( get_option( 'siteurl' ) != get_option( 'home' ) ) { - echo '

' . __('Error:') . ' ' . sprintf( __( 'Your WordPress address must match your Site address before creating a Network. See General Settings.' ), esc_url( admin_url( 'options-general.php' ) ) ) . '

'; + echo '

' . __('Error:') . ' ' . sprintf( __( 'Your WordPress address must match your Site address before creating a Network. See General Settings.' ), admin_url( 'options-general.php' ) ) . '

'; include ('./admin-footer.php' ); die(); } @@ -113,7 +113,7 @@ function network_step1( $errors = false ) { echo '

' . __( 'You cannot use an IP address such as 127.0.0.1.' ) . '

'; else echo '

' . sprintf( __( 'You cannot use port numbers such as %s.' ), $has_ports ) . '

'; - echo '' . __( 'Return to Dashboard' ) . ''; + echo '' . __( 'Return to Dashboard' ) . ''; include( './admin-footer.php' ); die(); } @@ -333,7 +333,7 @@ $htaccess_file .= "\nRewriteRule . index.php [L]"; -

+

-

%1$s. Cancel'), $new_admin_email, esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?>

+

%1$s. Cancel'), $new_admin_email, admin_url( 'options.php?dismiss=new_admin_email' ) ); ?>

diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index e32b44928e..a4124c5b91 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -399,7 +399,7 @@ var photostorage = false; jQuery('#waiting').hide(); jQuery('#extra-fields').show(); } - jQuery('#extra-fields').before('
'); + jQuery('#extra-fields').before('
'); if(photostorage == false) { jQuery.ajax({ @@ -475,7 +475,7 @@ var photostorage = false;

- +

@@ -563,11 +563,11 @@ var photostorage = false;
  • Add: -<?php _e('Insert an Image'); ?> +<?php _e('Insert an Image'); ?>
  • - <?php _e('Embed a Video'); ?> + <?php _e('Embed a Video'); ?>
  • diff --git a/wp-admin/themes.php b/wp-admin/themes.php index c231a60dd7..5a9f9e09c4 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -212,7 +212,7 @@ foreach ( $cols as $col => $theme_name ) { $parent_theme = $themes[$theme_name]['Parent Theme']; $theme_root = $themes[$theme_name]['Theme Root']; $theme_root_uri = $themes[$theme_name]['Theme Root URI']; - $preview_link = esc_url(get_option('home') . '/'); + $preview_link = trailingslashit( home_url() ); if ( is_ssl() ) $preview_link = str_replace( 'http://', 'https://', $preview_link ); $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) ); diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php index e6536251b0..f2c4497a86 100644 --- a/wp-admin/update-core.php +++ b/wp-admin/update-core.php @@ -334,7 +334,7 @@ function do_core_upgrade( $reinstall = false ) { show_message( __('Installation Failed') ); } else { show_message( __('WordPress updated successfully') ); - show_message( '' . __('Actions:') . ' ' . __('Go to Dashboard') . '' ); + show_message( '' . __('Actions:') . ' ' . __('Go to Dashboard') . '' ); } echo ''; } diff --git a/wp-admin/upload.php b/wp-admin/upload.php index 8117f8e175..d01ba4d6e1 100644 --- a/wp-admin/upload.php +++ b/wp-admin/upload.php @@ -193,7 +193,7 @@ if ( isset($_GET['deleted']) && (int) $_GET['deleted'] ) { if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) { $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) ); - $message .= ' ' . __('Undo') . ''; + $message .= ' ' . __('Undo') . ''; $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']); } @@ -205,7 +205,7 @@ if ( isset($_GET['untrashed']) && (int) $_GET['untrashed'] ) { $messages[1] = __('Media attachment updated.'); $messages[2] = __('Media permanently deleted.'); $messages[3] = __('Error saving media attachment.'); -$messages[4] = __('Media moved to the trash.') . ' ' . __('Undo') . ''; +$messages[4] = __('Media moved to the trash.') . ' ' . __('Undo') . ''; $messages[5] = __('Media restored from the trash.'); if ( isset($_GET['message']) && (int) $_GET['message'] ) { diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 8ebb78d781..2d26be3549 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -160,7 +160,7 @@ include ('admin-header.php');

    -> +> diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php index 6a1399ac2c..7e0127491e 100644 --- a/wp-admin/widgets.php +++ b/wp-admin/widgets.php @@ -365,7 +365,7 @@ require_once( './admin-header.php' ); ?> +
  • @@ -387,7 +387,7 @@ foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) { +
    -
    +
    diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 5ec8990c76..e5a2254672 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -1032,7 +1032,7 @@ function get_comment_reply_link($args = array(), $comment = null, $post = null) $link = ''; if ( get_option('comment_registration') && !$user_ID ) - $link = '' . $login_text . ''; + $link = '' . $login_text . ''; else $link = "comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text"; return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post); diff --git a/wp-includes/default-widgets.php b/wp-includes/default-widgets.php index 973d450735..bd86550761 100644 --- a/wp-includes/default-widgets.php +++ b/wp-includes/default-widgets.php @@ -644,7 +644,7 @@ class WP_Widget_Recent_Comments extends WP_Widget { ' . __('Log in') . ''; + $link = '' . __('Log in') . ''; else - $link = '' . __('Log out') . ''; + $link = '' . __('Log out') . ''; if ( $echo ) echo apply_filters('loginout', $link); @@ -2111,9 +2111,9 @@ function wp_admin_css( $file = 'wp-admin', $force_echo = false ) { return; } - echo apply_filters( 'wp_admin_css', "\n", $file ); + echo apply_filters( 'wp_admin_css', "\n", $file ); if ( 'rtl' == get_bloginfo( 'text_direction' ) ) - echo apply_filters( 'wp_admin_css', "\n", "$file-rtl" ); + echo apply_filters( 'wp_admin_css', "\n", "$file-rtl" ); } /** diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index 2ef9d54550..469627d77d 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -1824,8 +1824,8 @@ function get_shortcut_link() { * @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https' * @return string Home url link with optional path appended. */ -function home_url( $path = '', $scheme = null ) { - return get_home_url(null, $path, $scheme); +function home_url( $path = '', $scheme = null, $esc_url = true ) { + return get_home_url(null, $path, $scheme, $esc_url); } /** @@ -1843,7 +1843,7 @@ function home_url( $path = '', $scheme = null ) { * @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https' * @return string Home url link with optional path appended. */ -function get_home_url( $blog_id = null, $path = '', $scheme = null ) { +function get_home_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) { $orig_scheme = $scheme; if ( !in_array($scheme, array('http', 'https')) ) @@ -1859,7 +1859,12 @@ function get_home_url( $blog_id = null, $path = '', $scheme = null ) { if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) === false ) $url .= '/' . ltrim( $path, '/' ); - return apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id ); + $url = apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id ); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** @@ -1878,8 +1883,8 @@ function get_home_url( $blog_id = null, $path = '', $scheme = null ) { * @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'. * @return string Site url link with optional path appended. */ -function site_url( $path = '', $scheme = null ) { - return get_site_url(null, $path, $scheme); +function site_url( $path = '', $scheme = null, $esc_url = true ) { + return get_site_url(null, $path, $scheme, $esc_url); } /** @@ -1897,7 +1902,7 @@ function site_url( $path = '', $scheme = null ) { * @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'. * @return string Site url link with optional path appended. */ -function get_site_url( $blog_id = null, $path = '', $scheme = null ) { +function get_site_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) { // should the list of allowed schemes be maintained elsewhere? $orig_scheme = $scheme; if ( !in_array($scheme, array('http', 'https')) ) { @@ -1921,7 +1926,12 @@ function get_site_url( $blog_id = null, $path = '', $scheme = null ) { if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= '/' . ltrim($path, '/'); - return apply_filters('site_url', $url, $path, $orig_scheme, $blog_id); + $url = apply_filters('site_url', $url, $path, $orig_scheme, $blog_id); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** @@ -1934,8 +1944,8 @@ function get_site_url( $blog_id = null, $path = '', $scheme = null ) { * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @return string Admin url link with optional path appended */ -function admin_url( $path = '', $scheme = 'admin' ) { - return get_admin_url(null, $path, $scheme); +function admin_url( $path = '', $scheme = 'admin', $esc_url = true ) { + return get_admin_url(null, $path, $scheme, $esc_url); } /** @@ -1949,13 +1959,18 @@ function admin_url( $path = '', $scheme = 'admin' ) { * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @return string Admin url link with optional path appended */ -function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) { +function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin', $esc_url = true ) { $url = get_site_url($blog_id, 'wp-admin/', $scheme); if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= ltrim($path, '/'); - return apply_filters('admin_url', $url, $path, $blog_id); + $url = apply_filters('admin_url', $url, $path, $blog_id); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** @@ -1967,13 +1982,18 @@ function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) { * @param string $path Optional. Path relative to the includes url. * @return string Includes url link with optional path appended. */ -function includes_url($path = '') { +function includes_url($path = '', $esc_url = true) { $url = site_url() . '/' . WPINC . '/'; if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= ltrim($path, '/'); - return apply_filters('includes_url', $url, $path); + $url = apply_filters('includes_url', $url, $path); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** @@ -1985,7 +2005,7 @@ function includes_url($path = '') { * @param string $path Optional. Path relative to the content url. * @return string Content url link with optional path appended. */ -function content_url($path = '') { +function content_url($path = '', $esc_url = true) { $url = WP_CONTENT_URL; if ( 0 === strpos($url, 'http') && is_ssl() ) $url = str_replace( 'http://', 'https://', $url ); @@ -1993,7 +2013,12 @@ function content_url($path = '') { if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= '/' . ltrim($path, '/'); - return apply_filters('content_url', $url, $path); + $url = apply_filters('content_url', $url, $path); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** @@ -2007,7 +2032,7 @@ function content_url($path = '') { * @param string $plugin Optional. The plugin file that you want to be relative to - i.e. pass in __FILE__ * @return string Plugins url link with optional path appended. */ -function plugins_url($path = '', $plugin = '') { +function plugins_url($path = '', $plugin = '', $esc_url = true) { $mu_plugin_dir = WPMU_PLUGIN_DIR; foreach ( array('path', 'plugin', 'mu_plugin_dir') as $var ) { @@ -2032,7 +2057,13 @@ function plugins_url($path = '', $plugin = '') { if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= '/' . ltrim($path, '/'); - return apply_filters('plugins_url', $url, $path, $plugin); + $url = apply_filters('plugins_url', $url, $path, $plugin); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; + } /** @@ -2049,7 +2080,7 @@ function plugins_url($path = '', $plugin = '') { * @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'. * @return string Site url link with optional path appended. */ -function network_site_url( $path = '', $scheme = null ) { +function network_site_url( $path = '', $scheme = null, $esc_url = true ) { global $current_site; if ( !is_multisite() ) @@ -2074,7 +2105,12 @@ function network_site_url( $path = '', $scheme = null ) { if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= ltrim($path, '/'); - return apply_filters('network_site_url', $url, $path, $orig_scheme); + $url = apply_filters('network_site_url', $url, $path, $orig_scheme); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** @@ -2091,7 +2127,7 @@ function network_site_url( $path = '', $scheme = null ) { * @param string $scheme (optional) Scheme to give the home url context. Currently 'http','https' * @return string Home url link with optional path appended. */ -function network_home_url( $path = '', $scheme = null ) { +function network_home_url( $path = '', $scheme = null, $esc_url = true ) { global $current_site; if ( !is_multisite() ) @@ -2109,7 +2145,12 @@ function network_home_url( $path = '', $scheme = null ) { if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) === false ) $url .= ltrim( $path, '/' ); - return apply_filters( 'network_home_url', $url, $path, $orig_scheme); + $url = apply_filters( 'network_home_url', $url, $path, $orig_scheme); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** @@ -2122,13 +2163,18 @@ function network_home_url( $path = '', $scheme = null ) { * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @return string Admin url link with optional path appended */ -function network_admin_url( $path = '', $scheme = 'admin' ) { +function network_admin_url( $path = '', $scheme = 'admin', $esc_url = true ) { $url = network_site_url('wp-admin/', $scheme); if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= ltrim($path, '/'); - return apply_filters('network_admin_url', $url, $path); + $url = apply_filters('network_admin_url', $url, $path); + + if ( $esc_url ) + $url = esc_url($url); + + return $url; } /** diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 89a5d4020a..2b4f7ef479 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -852,7 +852,7 @@ function newblog_notify_siteadmin( $blog_id, $deprecated = '' ) { if ( is_email($email) == false ) return false; - $options_site_url = esc_url(network_admin_url('ms-options.php')); + $options_site_url = network_admin_url('ms-options.php'); switch_to_blog( $blog_id ); $blogname = get_option( 'blogname' ); @@ -881,7 +881,7 @@ function newuser_notify_siteadmin( $user_id ) { $user = new WP_User($user_id); - $options_site_url = esc_url(network_admin_url('ms-options.php')); + $options_site_url = network_admin_url('ms-options.php'); $msg = sprintf(__('New User: %1s Remote IP: %2s