<form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;">
<fieldset>
<legend><?php _e('Search Posts…') ?></legend>
- <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" />
+ <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" />
<input type="submit" name="submit" value="<?php _e('Search') ?>" />
</fieldset>
</form>
case 'control_delete':
?>
- <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+ <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<?php
break;
<?php
if ( current_user_can('edit_post', $post->ID) ) {
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
- echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
+ echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "');\">" . __('Delete') . '</a> ';
+
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
- echo " - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
+ echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
} else {
- echo " - <a href=\"post.php?action=approvecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";
+ echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
}
}
echo "]";
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff