<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[12619] trunk/wp-admin/ms-options.php: Add esc_attr to ms-options.php.</title>
</head>
<body>

<div id="msg">
<dl>
<dt>Revision</dt> <dd><a href="http://trac.wordpress.org/changeset/12619">12619</a></dd>
<dt>Author</dt> <dd>ryan</dd>
<dt>Date</dt> <dd>2010-01-07 00:21:19 +0000 (Thu, 07 Jan 2010)</dd>
</dl>

<h3>Log Message</h3>
<pre>Add esc_attr to ms-options.php. see <a href="http://trac.wordpress.org/ticket/11782">#11782</a></pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadminmsoptionsphp">trunk/wp-admin/ms-options.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadminmsoptionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/ms-options.php (12618 => 12619)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/ms-options.php        2010-01-07 00:17:13 UTC (rev 12618)
+++ trunk/wp-admin/ms-options.php        2010-01-07 00:21:19 UTC (rev 12619)
</span><span class="lines">@@ -9,9 +9,8 @@
</span><span class="cx"> 
</span><span class="cx"> include('admin-header.php');
</span><span class="cx"> 
</span><del>-if( is_site_admin() == false ) {
</del><ins>+if ( !is_super_admin() )
</ins><span class="cx">     wp_die( __('You do not have permission to access this page.') );
</span><del>-}
</del><span class="cx"> 
</span><span class="cx"> if (isset($_GET['updated'])) {
</span><span class="cx">         ?&gt;
</span><span class="lines">@@ -29,7 +28,7 @@
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Site Name') ?&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><del>-                                        &lt;input name=&quot;site_name&quot; type=&quot;text&quot; id=&quot;site_name&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo $current_site-&gt;site_name ?&gt;&quot; size=&quot;45&quot; /&gt;
</del><ins>+                                        &lt;input name=&quot;site_name&quot; type=&quot;text&quot; id=&quot;site_name&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo esc_attr($current_site-&gt;site_name) ?&gt;&quot; size=&quot;45&quot; /&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e('What you would like to call this website.') ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -38,7 +37,7 @@
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Site Admin Email') ?&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><del>-                                        &lt;input name=&quot;admin_email&quot; type=&quot;text&quot; id=&quot;admin_email&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo stripslashes( get_site_option('admin_email') ) ?&gt;&quot; size=&quot;45&quot; /&gt;
</del><ins>+                                        &lt;input name=&quot;admin_email&quot; type=&quot;text&quot; id=&quot;admin_email&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo esc_attr( stripslashes( get_site_option('admin_email') ) ) ?&gt;&quot; size=&quot;45&quot; /&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php printf( __( 'Registration and support mails will come from this address. Make it generic like &quot;support@%s&quot;' ), $current_site-&gt;domain ); ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -95,8 +94,8 @@
</span><span class="cx">                                         } else {
</span><span class="cx">                                                 $blogname = '';
</span><span class="cx">                                         }?&gt;
</span><del>-                                        &lt;input name=&quot;dashboard_blog_orig&quot; type=&quot;hidden&quot; id=&quot;dashboard_blog_orig&quot; value=&quot;&lt;?php echo $blogname; ?&gt;&quot; /&gt;
-                                        &lt;input name=&quot;dashboard_blog&quot; type=&quot;text&quot; id=&quot;dashboard_blog&quot; value=&quot;&lt;?php echo $blogname; ?&gt;&quot; size=&quot;30&quot; /&gt;
</del><ins>+                                        &lt;input name=&quot;dashboard_blog_orig&quot; type=&quot;hidden&quot; id=&quot;dashboard_blog_orig&quot; value=&quot;&lt;?php echo esc_attr($blogname); ?&gt;&quot; /&gt;
+                                        &lt;input name=&quot;dashboard_blog&quot; type=&quot;text&quot; id=&quot;dashboard_blog&quot; value=&quot;&lt;?php echo esc_attr($blogname); ?&gt;&quot; size=&quot;30&quot; /&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e( &quot;Blogname ('dashboard', 'control', 'manager', etc) or blog id.&lt;br /&gt;New users are added to this blog as subscribers (or the user role defined below) if they don't have a blog. Leave blank for the main blog. 'Subscriber' users on old blog will be moved to the new blog if changed. New blog will be created if it does not exist.&quot; ); ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -116,7 +115,7 @@
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Banned Names') ?&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><del>-                                        &lt;input name=&quot;illegal_names&quot; type=&quot;text&quot; id=&quot;illegal_names&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo implode( &quot; &quot;, get_site_option('illegal_names') ); ?&gt;&quot; size=&quot;45&quot; /&gt;
</del><ins>+                                        &lt;input name=&quot;illegal_names&quot; type=&quot;text&quot; id=&quot;illegal_names&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo esc_attr( implode( &quot; &quot;, get_site_option('illegal_names') ) ); ?&gt;&quot; size=&quot;45&quot; /&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e('Users are not allowed to register these blogs. Separate names by spaces.') ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -193,7 +192,7 @@
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('First Comment URL') ?&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><del>-                                        &lt;input type=&quot;text&quot; size='40' name=&quot;first_comment_url&quot; id=&quot;first_comment_url&quot; value=&quot;&lt;?php echo get_site_option('first_comment_url') ?&gt;&quot; /&gt;
</del><ins>+                                        &lt;input type=&quot;text&quot; size='40' name=&quot;first_comment_url&quot; id=&quot;first_comment_url&quot; value=&quot;&lt;?php echo esc_attr(get_site_option('first_comment_url')) ?&gt;&quot; /&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e('URL on first comment on a new blog.') ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -216,21 +215,21 @@
</span><span class="cx">                         &lt;/tr&gt;
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Blog upload space') ?&gt;&lt;/th&gt;
</span><del>-                                &lt;td&gt;&lt;input name=&quot;blog_upload_space&quot; type=&quot;text&quot; id=&quot;blog_upload_space&quot; value=&quot;&lt;?php echo get_site_option('blog_upload_space', 10) ?&gt;&quot; size=&quot;3&quot; /&gt; MB&lt;/td&gt;
</del><ins>+                                &lt;td&gt;&lt;input name=&quot;blog_upload_space&quot; type=&quot;text&quot; id=&quot;blog_upload_space&quot; value=&quot;&lt;?php echo esc_attr( get_site_option('blog_upload_space', 10) ) ?&gt;&quot; size=&quot;3&quot; /&gt; MB&lt;/td&gt;
</ins><span class="cx">                         &lt;/tr&gt;
</span><span class="cx"> 
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Upload File Types') ?&gt;&lt;/th&gt;
</span><del>-                                &lt;td&gt;&lt;input name=&quot;upload_filetypes&quot; type=&quot;text&quot; id=&quot;upload_filetypes&quot; value=&quot;&lt;?php echo get_site_option('upload_filetypes', 'jpg jpeg png gif') ?&gt;&quot; size=&quot;45&quot; /&gt;&lt;/td&gt;
</del><ins>+                                &lt;td&gt;&lt;input name=&quot;upload_filetypes&quot; type=&quot;text&quot; id=&quot;upload_filetypes&quot; value=&quot;&lt;?php echo esc_attr( get_site_option('upload_filetypes', 'jpg jpeg png gif') ) ?&gt;&quot; size=&quot;45&quot; /&gt;&lt;/td&gt;
</ins><span class="cx">                         &lt;/tr&gt;
</span><span class="cx"> 
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Max upload file size') ?&gt;&lt;/th&gt;
</span><del>-                                &lt;td&gt;&lt;input name=&quot;fileupload_maxk&quot; type=&quot;text&quot; id=&quot;fileupload_maxk&quot; value=&quot;&lt;?php echo get_site_option('fileupload_maxk', 300) ?&gt;&quot; size=&quot;5&quot; /&gt; KB&lt;/td&gt;
</del><ins>+                                &lt;td&gt;&lt;input name=&quot;fileupload_maxk&quot; type=&quot;text&quot; id=&quot;fileupload_maxk&quot; value=&quot;&lt;?php echo esc_attr( get_site_option('fileupload_maxk', 300) ) ?&gt;&quot; size=&quot;5&quot; /&gt; KB&lt;/td&gt;
</ins><span class="cx">                         &lt;/tr&gt;
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Admin Notice Feed') ?&gt;&lt;/th&gt;
</span><del>-                                &lt;td&gt;&lt;input name=&quot;admin_notice_feed&quot; style=&quot;width: 95%&quot; type=&quot;text&quot; id=&quot;admin_notice_feed&quot; value=&quot;&lt;?php echo get_site_option( 'admin_notice_feed' ) ?&gt;&quot; size=&quot;80&quot; /&gt;&lt;br /&gt;
</del><ins>+                                &lt;td&gt;&lt;input name=&quot;admin_notice_feed&quot; style=&quot;width: 95%&quot; type=&quot;text&quot; id=&quot;admin_notice_feed&quot; value=&quot;&lt;?php echo esc_attr( get_site_option( 'admin_notice_feed' ) ) ?&gt;&quot; size=&quot;80&quot; /&gt;&lt;br /&gt;
</ins><span class="cx">                                 &lt;?php _e( 'Display the latest post from this RSS or Atom feed on all blog dashboards. Leave blank to disable.' ); ?&gt;&lt;br /&gt;
</span><span class="cx">                                 &lt;?php if( get_site_option( 'admin_notice_feed' ) != 'http://' . $current_site-&gt;domain . $current_site-&gt;path . 'feed/' )
</span><span class="cx">                                         echo __( &quot;A good one to use would be the feed from your main blog: &quot; ) . 'http://' . $current_site-&gt;domain . $current_site-&gt;path . 'feed/'; ?&gt;&lt;/td&gt;
</span><span class="lines">@@ -242,7 +241,7 @@
</span><span class="cx">                         &lt;tr valign=&quot;top&quot;&gt;
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;?php _e('Site Admins') ?&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><del>-                                        &lt;input name=&quot;site_admins&quot; type=&quot;text&quot; id=&quot;site_admins&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo implode(' ', get_site_option( 'site_admins', array( 'admin' ) ) ) ?&gt;&quot; size=&quot;45&quot; /&gt;
</del><ins>+                                        &lt;input name=&quot;site_admins&quot; type=&quot;text&quot; id=&quot;site_admins&quot; style=&quot;width: 95%&quot; value=&quot;&lt;?php echo esc_attr( implode(' ', get_site_option( 'site_admins', array( 'admin' ) ) ) ) ?&gt;&quot; size=&quot;45&quot; /&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e('These users may login to the main blog and administer the site. Space separated list of usernames.') ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -291,7 +290,7 @@
</span><span class="cx">                 &lt;?php do_action( 'wpmu_options' ); // Add more options here ?&gt;
</span><span class="cx"> 
</span><span class="cx">                 &lt;p class=&quot;submit&quot;&gt;
</span><del>-                        &lt;input type=&quot;submit&quot; name=&quot;Submit&quot; value=&quot;&lt;?php _e('Update Options') ?&gt;&quot; /&gt;&lt;/p&gt;
</del><ins>+                        &lt;input type=&quot;submit&quot; name=&quot;Submit&quot; value=&quot;&lt;?php esc_attr_e('Update Options') ?&gt;&quot; /&gt;&lt;/p&gt;
</ins><span class="cx">         &lt;/form&gt;
</span><span class="cx"> &lt;/div&gt;
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>