<form name="searchform" action="" method="get">
<fieldset>
<legend><?php _e('Search Pages…') ?></legend>
- <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />
+ <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
</fieldset>
</form>
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
- <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+ <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title('','',0))) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php
endforeach;
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff