Input cleanup

m · m · commit 31ea9c565dc3 · 2004-10-05T06:59:13.000Z
git-svn-id: https://develop.svn.wordpress.org/trunk@1743 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php
@@ -41,20 +41,6 @@
 <link rel="stylesheet" href="wp-admin.css" type="text/css" />
 <link rel="shortcut icon" href="../wp-images/wp-favicon.png" />
 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
-<?php
-if ($redirect==1) {
-?>
-<script type="text/javascript">
-<!--
-function redirect() {
-  window.location = "<?php echo $redirect_url; ?>";
-}
-setTimeout("redirect();", 600);
-//-->
-</script>
-<?php
-} // redirect
-?>
 
 <?php if (isset($xfn)) : ?>
 <script type="text/javascript">
diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php
@@ -1,8 +1,4 @@
 <?php
-/* <Bookmarklet> */
-
-// accepts 'post_title' and 'content' as vars passed in. Add-on from Alex King
-
 $mode = 'bookmarklet';
 
 $standalone = 1;
@@ -23,12 +19,11 @@
 </script>
 </head>
 <body></body>
-</html><?php
-
+</html>
+<?php
 } else {
-
-    $popuptitle = stripslashes($popuptitle);
-    $text = stripslashes(urldecode($text));
+    $popuptitle = htmlspecialchars(stripslashes($popuptitle));
+    $text = htmlspecialchars(stripslashes(urldecode($text)));
     
     /* big funky fixes for browsers' javascript bugs */
     
@@ -57,7 +52,7 @@
 // and that is what is being included below. For this reason, I am just duplicating
 // the var instead of changing the assignment on the lines above. 
 // -- Alex King 2004-01-07
-    $edited_post_title = $post_title;
+    $edited_post_title = htmlspecialchars($post_title);
 
 // $post_pingback needs to be set in any file that includes edit-form.php
     $post_pingback = get_settings('default_pingback_flag');
diff --git a/wp-admin/categories.php b/wp-admin/categories.php
@@ -97,7 +97,7 @@ function add_magic_quotes($array) {
     <h2><?php _e('Edit Category') ?></h2>
     <form name="editcat" action="categories.php" method="post">
         <input type="hidden" name="action" value="editedcat" />
-        <input type="hidden" name="cat_ID" value="<?php echo $_GET['cat_ID'] ?>" />
+        <input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" />
         <p><?php _e('Category name:') ?><br />
         <input type="text" name="cat_name" value="<?php echo htmlspecialchars($cat_name); ?>" /></p>
         <p><?php _e('Category parent:') ?><br />
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
@@ -28,7 +28,7 @@ function checkAll(form)
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo $s; ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo htmlspecialchars($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
@@ -148,6 +148,4 @@ function checkAll(form)
 
 </div>
 
-<?php 
-include('admin-footer.php');
-?>
+<?php include('admin-footer.php'); ?>
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
@@ -65,7 +65,7 @@
 if ( isset( $_GET['m'] ) ) {
 	echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );
 } elseif ( isset( $_GET['s'] ) ) {
-	printf(__('Search for &#8220;%s&#8221;'), $_GET['s']);
+	printf(__('Search for &#8220;%s&#8221;'), htmlspecialchars($_GET['s']) );
 } else {
 	_e('Last 15 Posts');
 }

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@`
`65`	`65`	`if ( isset( $_GET['m'] ) ) {`
`66`	`66`	`echo $month[substr( $_GET['m'], 4, 2 )] . ' ' . substr( $_GET['m'], 0, 4 );`
`67`	`67`	`} elseif ( isset( $_GET['s'] ) ) {`
`68`		`- printf(__('Search for “%s”'), $_GET['s']);`
	`68`	`+ printf(__('Search for “%s”'), htmlspecialchars($_GET['s']) );`
`69`	`69`	`} else {`
`70`	`70`	`_e('Last 15 Posts');`
`71`	`71`	`}`