Changeset 11380

Timestamp:

05/18/2009 03:11:07 PM (15 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Location:

trunk

Files:

• wp-admin/admin-ajax.php (modified) (4 diffs)
• wp-admin/admin-header.php (modified) (1 diff)
• wp-admin/async-upload.php (modified) (1 diff)
• wp-admin/categories.php (modified) (1 diff)
• wp-admin/edit-attachment-rows.php (modified) (2 diffs)
• wp-admin/edit-category-form.php (modified) (1 diff)
• wp-admin/edit-comments.php (modified) (1 diff)
• wp-admin/edit-form-advanced.php (modified) (4 diffs)
• wp-admin/edit-link-categories.php (modified) (1 diff)
• wp-admin/edit-link-form.php (modified) (1 diff)
• wp-admin/edit-page-form.php (modified) (3 diffs)
• wp-admin/edit-pages.php (modified) (1 diff)
• wp-admin/edit-tag-form.php (modified) (1 diff)
• wp-admin/edit-tags.php (modified) (1 diff)
• wp-admin/edit.php (modified) (1 diff)
• wp-admin/export.php (modified) (1 diff)
• wp-admin/import.php (modified) (1 diff)
• wp-admin/import/opml.php (modified) (1 diff)
• wp-admin/includes/bookmark.php (modified) (1 diff)
• wp-admin/includes/dashboard.php (modified) (4 diffs)
• wp-admin/includes/export.php (modified) (1 diff)
• wp-admin/includes/media.php (modified) (3 diffs)
• wp-admin/includes/post.php (modified) (3 diffs)
• wp-admin/includes/template.php (modified) (11 diffs)
• wp-admin/includes/theme-install.php (modified) (2 diffs)
• wp-admin/includes/user.php (modified) (4 diffs)
• wp-admin/includes/widgets.php (modified) (1 diff)
• wp-admin/index.php (modified) (1 diff)
• wp-admin/js/revisions-js.php (modified) (1 diff)
• wp-admin/link-manager.php (modified) (1 diff)
• wp-admin/media-upload.php (modified) (1 diff)
• wp-admin/options-discussion.php (modified) (1 diff)
• wp-admin/options-general.php (modified) (1 diff)
• wp-admin/options-media.php (modified) (1 diff)
• wp-admin/options-misc.php (modified) (1 diff)
• wp-admin/options-permalink.php (modified) (3 diffs)
• wp-admin/options-privacy.php (modified) (1 diff)
• wp-admin/options-reading.php (modified) (1 diff)
• wp-admin/options-writing.php (modified) (1 diff)
• wp-admin/options.php (modified) (1 diff)
• wp-admin/page.php (modified) (1 diff)
• wp-admin/plugin-editor.php (modified) (1 diff)
• wp-admin/plugin-install.php (modified) (1 diff)
• wp-admin/plugins.php (modified) (2 diffs)
• wp-admin/post.php (modified) (1 diff)
• wp-admin/press-this.php (modified) (1 diff)
• wp-admin/revision.php (modified) (1 diff)
• wp-admin/theme-editor.php (modified) (1 diff)
• wp-admin/theme-install.php (modified) (1 diff)
• wp-admin/themes.php (modified) (1 diff)
• wp-admin/tools.php (modified) (1 diff)
• wp-admin/upload.php (modified) (2 diffs)
• wp-admin/user-edit.php (modified) (1 diff)
• wp-admin/users.php (modified) (1 diff)
• wp-admin/widgets.php (modified) (4 diffs)
• wp-includes/classes.php (modified) (1 diff)
• wp-includes/comment-template.php (modified) (1 diff)
• wp-includes/default-filters.php (modified) (5 diffs)
• wp-includes/default-widgets.php (modified) (2 diffs)
• wp-includes/feed.php (modified) (1 diff)
• wp-includes/formatting.php (modified) (8 diffs)
• wp-includes/functions.php (modified) (5 diffs)
• wp-includes/general-template.php (modified) (1 diff)
• wp-includes/l10n.php (modified) (2 diffs)
• wp-includes/user.php (modified) (1 diff)
• wp-includes/widgets.php (modified) (1 diff)
• wp-mail.php (modified) (2 diffs)
• xmlrpc.php (modified) (3 diffs)

trunk/wp-admin/admin-ajax.php

@@ -423 +423 @@
         }
         $cat_id = $cat_id['term_id'];
-        $cat_name = wp_specialchars(stripslashes($cat_name));
+        $cat_name = (stripslashes($cat_name));
         $x->add( array(
             'what' => 'link-category',
@@ -899 +899 @@
             $data = new WP_Error( 'locked', sprintf(
                 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
-                wp_specialchars( $last_user_name )
+                ( $last_user_name )
             ) );
 
@@ -1058 +1058 @@
         $last_user = get_userdata( $last );
         $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
-        printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),    wp_specialchars( $last_user_name ) );
+        printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),    ( $last_user_name ) );
         exit;
     }
@@ -1218 +1218 @@
 
         $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
-        $html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";
+        $html .= '<td><label for="found-'.$post->ID.'">'.).'</td></tr>'."\n\n";
     }
     $html .= '</tbody></table>';

trunk/wp-admin/admin-header.php

@@ -11 +11 @@
 
 get_admin_page_title();
-$title = wp_specialchars( strip_tags( $title ) );
+$title = ( strip_tags( $title ) );
 wp_user_settings();
 wp_menu_unfold();

trunk/wp-admin/async-upload.php

@@ -43 +43 @@
 $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 if (is_wp_error($id)) {
-    echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
+    echo '<div id="media-upload-error">'.($id->get_error_message()).'</div>';
     exit;
 }

trunk/wp-admin/categories.php

@@ -130 +130 @@
 <div class="wrap nosubsub">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( stripslashes($_GET['s']) ) ); ?>
 </h2>
 

trunk/wp-admin/edit-attachment-rows.php

@@ -25 +25 @@
     <tbody id="the-list" class="list:post">
 <?php
-add_filter('the_title','wp_specialchars');
+add_filter('the_title','');
 $alt = '';
 $posts_columns = get_column_headers('upload');
@@ -111 +111 @@
             $out = array();
             foreach ( $tags as $c )
-                $out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
+                $out[] = "<a href='edit.php?tag=$c->slug'> " . (sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
             echo join( ', ', $out );
         } else {

trunk/wp-admin/edit-category-form.php

@@ -67 +67 @@
         <tr class="form-field">
             <th scope="row" valign="top"><label for="category_description"><?php _e('Description') ?></label></th>
-            <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->description); ?></textarea><br />
+            <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo ($category->description); ?></textarea><br />
             <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
         </tr>

trunk/wp-admin/edit-comments.php

@@ -97 +97 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( wp_specialchars( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
+    printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( ( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
 </h2>
 

trunk/wp-admin/edit-form-advanced.php

@@ -167 +167 @@
 }
 
-?><?php echo wp_specialchars( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
+?><?php echo ( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
 
 <div id="post-visibility-select" class="hide-if-js">
@@ -391 +391 @@
         $already_pinged = explode("\n", trim($post->pinged));
         foreach ($already_pinged as $pinged_url) {
-            $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
+            $pings .= "\n\t<li>" . ($pinged_url) . "</li>";
         }
         $pings .= '</ul>';
@@ -550 +550 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 <?php if ( $notice ) : ?>
 <div id="notice" class="error"><p><?php echo $notice ?></p></div>
@@ -623 +623 @@
         if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
             $last_user = get_userdata($last_id);
-            printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
+            printf(__('Last edited by %1$s on %2$s at %3$s'), ( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
         } else {
             printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));

trunk/wp-admin/edit-link-categories.php

@@ -62 +62 @@
 <div class="wrap nosubsub">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( stripslashes($_GET['s']) ) ); ?>
 </h2>
 

trunk/wp-admin/edit-link-form.php

@@ -343 +343 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <?php if ( isset( $_GET['added'] ) ) : ?>

trunk/wp-admin/edit-page-form.php

@@ -159 +159 @@
 }
 
-echo wp_specialchars( $visibility_trans ); ?></span>
+echo ( $visibility_trans ); ?></span>
 <?php if ( $can_publish ) { ?>
 <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
@@ -398 +398 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form name="post" action="page.php" method="post" id="post">
@@ -461 +461 @@
         if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
             $last_user = get_userdata($last_id);
-            printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
+            printf(__('Last edited by %1$s on %2$s at %3$s'), ( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
         } else {
             printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));

trunk/wp-admin/edit-pages.php

@@ -105 +105 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( get_search_query() ) ); ?>
 </h2>
 

trunk/wp-admin/edit-tag-form.php

@@ -37 +37 @@
         <tr class="form-field">
             <th scope="row" valign="top"><label for="description"><?php _e('Description') ?></label></th>
-            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($tag->description); ?></textarea><br />
+            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo ($tag->description); ?></textarea><br />
             <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
         </tr>

trunk/wp-admin/edit-tags.php

@@ -147 +147 @@
 <div class="wrap nosubsub">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( stripslashes($_GET['s']) ) ); ?>
 </h2>
 

trunk/wp-admin/edit.php

@@ -97 +97 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( get_search_query() ) ); ?>
 </h2>
 

trunk/wp-admin/export.php

@@ -25 +25 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>

trunk/wp-admin/import.php

@@ -16 +16 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 <p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p>
 

trunk/wp-admin/import/opml.php

@@ -59 +59 @@
 foreach ($categories as $category) {
 ?>
-<option value="<?php echo $category->term_id; ?>"><?php echo wp_specialchars(apply_filters('link_category', $category->name)); ?></option>
+<option value="<?php echo $category->term_id; ?>"><?php echo (apply_filters('link_category', $category->name)); ?></option>
 <?php
 } // end foreach

trunk/wp-admin/includes/bookmark.php

@@ -30 +30 @@
         wp_die( __( 'Cheatin’ uh?' ));
 
-    $_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
+    $_POST['link_url'] = ( $_POST['link_url'] );
     $_POST['link_url'] = clean_url($_POST['link_url']);
-    $_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
-    $_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
+    $_POST['link_name'] = ( $_POST['link_name'] );
+    $_POST['link_image'] = ( $_POST['link_image'] );
     $_POST['link_rss'] = clean_url($_POST['link_rss']);
     if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )

trunk/wp-admin/includes/dashboard.php

@@ -582 +582 @@
                     $type = ucwords( $comment->comment_type );
                 endswitch;
-                $type = wp_specialchars( $type );
+                $type = ( $type );
             ?>
             <div class="dashboard-comment-wrap">
@@ -647 +647 @@
         $site_link = clean_url( strip_tags( $author->get_link() ) );
 
-        if ( !$publisher = wp_specialchars( strip_tags( $author->get_name() ) ) )
+        if ( !$publisher = ( strip_tags( $author->get_name() ) ) )
             $publisher = __( 'Somebody' );
         if ( $site_link )
@@ -668 +668 @@
                 /* translators: incoming links feed, %4$s is the date */
                 $text .= ' ' . __( 'on %4$s' );
-            $date = wp_specialchars( strip_tags( $item->get_date() ) );
+            $date = ( strip_tags( $item->get_date() ) );
             $date = strtotime( $date );
             $date = gmdate( get_option( 'date_format' ), $date );
@@ -814 +814 @@
         else // but let's make it forward compatible if things change
             $title = $item->get_title();
-        $title = wp_specialchars( $title );
-
-        $description = wp_specialchars( strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))) );
+        $title = ( $title );
+
+        $description = ( strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))) );
 
         $ilink = wp_nonce_url('plugin-install.php?tab=plugin-information&plugin=' . $slug, 'install-plugin_' . $slug) .

trunk/wp-admin/includes/export.php

@@ -100 +100 @@
         $str = utf8_encode($str);
 
-    // $str = ent2ncr(wp_specialchars($str));
+    // $str = ent2ncr(($str));
 
     $str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>";

trunk/wp-admin/includes/media.php

@@ -1199 +1199 @@
             $item .= $field[$field['input']];
         elseif ( $field['input'] == 'textarea' ) {
-            $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
+            $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . ( $field['value'] ) . "</textarea>";
         } else {
             $item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
@@ -1420 +1420 @@
         echo get_media_items( $id, $errors );
     } else {
-        echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
+        echo '<div id="media-upload-error">'.($id->get_error_message()).'</div>';
         exit;
     }
@@ -1803 +1803 @@
 
     echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
-    echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
+    echo ( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
     echo "</option>\n";
 }

trunk/wp-admin/includes/post.php

@@ -320 +320 @@
 function get_default_post_to_edit() {
     if ( !empty( $_REQUEST['post_title'] ) )
-        $post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
+        $post_title = ( stripslashes( $_REQUEST['post_title'] ));
     else if ( !empty( $_REQUEST['popuptitle'] ) ) {
-        $post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
+        $post_title = ( stripslashes( $_REQUEST['popuptitle'] ));
         $post_title = funky_javascript_fix( $post_title );
     } else {
@@ -330 +330 @@
     $post_content = '';
     if ( !empty( $_REQUEST['content'] ) )
-        $post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
+        $post_content = ( stripslashes( $_REQUEST['content'] ));
     else if ( !empty( $post_title ) ) {
-        $text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
+        $text       = ( stripslashes( urldecode( $_REQUEST['text'] ) ) );
         $text       = funky_javascript_fix( $text);
         $popupurl   = clean_url($_REQUEST['popupurl']);
@@ -339 +339 @@
 
     if ( !empty( $_REQUEST['excerpt'] ) )
-        $post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
+        $post_excerpt = ( stripslashes( $_REQUEST['excerpt'] ));
     else
         $post_excerpt = '';

trunk/wp-admin/includes/template.php

@@ -470 +470 @@
 
         $class = in_array( $category->term_id, $popular_cats ) ? ' class="popular-category"' : '';
-        $output .= "\n<li id='category-$category->term_id'$class>" . '<label class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . wp_specialchars( apply_filters('the_category', $category->name )) . '</label>';
+        $output .= "\n<li id='category-$category->term_id'$class>" . '<label class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . ( apply_filters('the_category', $category->name )) . '</label>';
     }
 
@@ -563 +563 @@
             <label class="selectit">
             <input id="in-<?php echo $id; ?>" type="checkbox" value="<?php echo (int) $category->term_id; ?>" />
-                <?php echo wp_specialchars( apply_filters( 'the_category', $category->name ) ); ?>
+                <?php echo ( apply_filters( 'the_category', $category->name ) ); ?>
             </label>
         </li>
@@ -615 +615 @@
     foreach ( $categories as $category ) {
         $cat_id = $category->term_id;
-        $name = wp_specialchars( apply_filters('the_category', $category->name));
+        $name = ( apply_filters('the_category', $category->name));
         $checked = in_array( $cat_id, $checked_categories );
         echo '<li id="link-category-', $cat_id, '"><label for="in-link-category-', $cat_id, '" class="selectit"><input value="', $cat_id, '" type="checkbox" name="link_category[]" id="in-link-category-', $cat_id, '"', ($checked ? ' checked="checked"' : "" ), '/> ', $name, "</label></li>";
@@ -1305 +1305 @@
     <div class="mn">' . mysql2date( 'i', $post->post_date, false ) . '</div>
     <div class="ss">' . mysql2date( 's', $post->post_date, false ) . '</div>
-    <div class="post_password">' . wp_specialchars($post->post_password, 1) . '</div>';
+    <div class="post_password">' . ) . '</div>';
 
     if( $post->post_type == 'page' )
         echo '
     <div class="post_parent">' . $post->post_parent . '</div>
-    <div class="page_template">' . wp_specialchars(get_post_meta( $post->ID, '_wp_page_template', true ), 1) . '</div>
+    <div class="page_template">' . ) . '</div>
     <div class="menu_order">' . $post->menu_order . '</div>';
 
     if( $post->post_type == 'post' )
         echo '
-    <div class="tags_input">' . wp_specialchars( str_replace( ',', ', ', get_tags_to_edit($post->ID) ), 1) . '</div>
+    <div class="tags_input">' . ) . '</div>
     <div class="post_category">' . implode( ',', wp_get_post_categories( $post->ID ) ) . '</div>
     <div class="sticky">' . (is_sticky($post->ID) ? 'sticky' : '') . '</div>';
@@ -1332 +1332 @@
     global $wp_query, $post, $mode;
 
-    add_filter('the_title','wp_specialchars');
+    add_filter('the_title','');
 
     // Create array of post IDs.
@@ -1479 +1479 @@
                 $out = array();
                 foreach ( $categories as $c )
-                    $out[] = "<a href='edit.php?category_name=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "</a>";
+                    $out[] = "<a href='edit.php?category_name=$c->slug'> " . (sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "</a>";
                     echo join( ', ', $out );
             } else {
@@ -1495 +1495 @@
                 $out = array();
                 foreach ( $tags as $c )
-                    $out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
+                    $out[] = "<a href='edit.php?tag=$c->slug'> " . (sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
                 echo join( ', ', $out );
             } else {
@@ -1592 +1592 @@
     }
 
-    $page->post_title = wp_specialchars( $page->post_title );
+    $page->post_title = ( $page->post_title );
     $pad = str_repeat( '&#8212; ', $level );
     $id = (int) $page->ID;
@@ -1654 +1654 @@
         $edit_link = get_edit_post_link( $page->ID );
         ?>
-        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . wp_specialchars($parent_name) : ''; ?></strong>
+        <td <?php echo $attributes ?>><strong><?php if ( current_user_can( 'edit_post', $page->ID ) ) { ?><a class="row-title" href="<?php echo $edit_link; ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $title)); ?>"><?php echo $pad; echo $title ?></a><?php } else { echo $pad; echo $title; }; _post_states($page); echo isset($parent_name) ? ' | ' . __('Parent Page: ') . ($parent_name) : ''; ?></strong>
         <?php
         $actions = array();
@@ -2338 +2338 @@
             if ( $currentcat != $category->term_id && $parent == $category->parent) {
                 $pad = str_repeat( '&#8211; ', $level );
-                $category->name = wp_specialchars( $category->name );
+                $category->name = ( $category->name );
                 echo "\n\t<option value='$category->term_id'";
                 if ( $currentparent == $category->term_id )
@@ -2628 +2628 @@
                 $current = '';
 
-            echo "\n\t<option class='level-$level' value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>";
+            echo "\n\t<option class='level-$level' value='$item->ID'$current>$pad " . ($item->post_title) . "</option>";
             parent_dropdown( $default, $item->ID, $level +1 );
         }

trunk/wp-admin/includes/theme-install.php

@@ -194 +194 @@
         if ( isset($trans[$feature_name]) )
              $feature_name = $trans[$feature_name];
-        $feature_name = wp_specialchars( $feature_name );
+        $feature_name = ( $feature_name );
         echo '<div class="feature-name">' . $feature_name . '</div>';
 
@@ -202 +202 @@
             if ( isset($trans[$feature]) )
                 $feature_name = $trans[$feature];
-            $feature_name = wp_specialchars( $feature_name );
+            $feature_name = ( $feature_name );
             $feature = esc_attr($feature);
 ?>

trunk/wp-admin/includes/user.php

@@ -66 +66 @@
 
     if ( isset( $_POST['user_login'] ))
-        $user->user_login = wp_specialchars( trim( $_POST['user_login'] ));
+        $user->user_login = ( trim( $_POST['user_login'] ));
 
     $pass1 = $pass2 = '';
@@ -87 +87 @@
 
     if ( isset( $_POST['email'] ))
-        $user->user_email = wp_specialchars( trim( $_POST['email'] ));
+        $user->user_email = ( trim( $_POST['email'] ));
     if ( isset( $_POST['url'] ) ) {
         if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
@@ -97 +97 @@
     }
     if ( isset( $_POST['first_name'] ))
-        $user->first_name = wp_specialchars( trim( $_POST['first_name'] ));
+        $user->first_name = ( trim( $_POST['first_name'] ));
     if ( isset( $_POST['last_name'] ))
-        $user->last_name = wp_specialchars( trim( $_POST['last_name'] ));
+        $user->last_name = ( trim( $_POST['last_name'] ));
     if ( isset( $_POST['nickname'] ))
-        $user->nickname = wp_specialchars( trim( $_POST['nickname'] ));
+        $user->nickname = ( trim( $_POST['nickname'] ));
     if ( isset( $_POST['display_name'] ))
-        $user->display_name = wp_specialchars( trim( $_POST['display_name'] ));
+        $user->display_name = ( trim( $_POST['display_name'] ));
     if ( isset( $_POST['description'] ))
         $user->description = trim( $_POST['description'] );
     if ( isset( $_POST['jabber'] ))
-        $user->jabber = wp_specialchars( trim( $_POST['jabber'] ));
+        $user->jabber = ( trim( $_POST['jabber'] ));
     if ( isset( $_POST['aim'] ))
-        $user->aim = wp_specialchars( trim( $_POST['aim'] ));
+        $user->aim = ( trim( $_POST['aim'] ));
     if ( isset( $_POST['yim'] ))
-        $user->yim = wp_specialchars( trim( $_POST['yim'] ));
+        $user->yim = ( trim( $_POST['yim'] ));
     if ( !$update )
         $user->rich_editing = 'true';  // Default to true for new users.
@@ -381 +381 @@
     $user->yim          = isset( $user->yim ) && !empty( $user->yim ) ? esc_attr($user->yim) : '';
     $user->jabber       = isset( $user->jabber ) && !empty( $user->jabber ) ? esc_attr($user->jabber) : '';
-    $user->description  = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : '';
+    $user->description  = isset( $user->description ) && !empty( $user->description ) ? ($user->description) : '';
 
     return $user;

trunk/wp-admin/includes/widgets.php

@@ -163 +163 @@
     unset($wp_registered_widgets[$widget_id]['_callback']);
 
-    $widget_title = wp_specialchars( strip_tags( $sidebar_args['widget_name'] ) );
+    $widget_title = ( strip_tags( $sidebar_args['widget_name'] ) );
     $has_form = 'noform';
 

trunk/wp-admin/index.php

@@ -31 +31 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <div id="dashboard-widgets-wrap">

trunk/wp-admin/js/revisions-js.php

@@ -14 +14 @@
 
 $j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
-$n = wp_specialchars( $GLOBALS['current_user']->data->display_name );
+$n = ( $GLOBALS['current_user']->data->display_name );
 $d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );
 

trunk/wp-admin/link-manager.php

@@ -72 +72 @@
 <div class="wrap nosubsub">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( stripslashes($_GET['s']) ) ); ?>
 </h2>
 

trunk/wp-admin/media-upload.php

@@ -56 +56 @@
     <div class="wrap">
     <?php screen_icon(); ?>
-    <h2><?php echo wp_specialchars( $title ); ?></h2>
+    <h2><?php echo ( $title ); ?></h2>
 
     <form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&amp;upload-page-form=" class="media-upload-form type-form validate" id="file-form">

trunk/wp-admin/options-discussion.php

@@ -18 +18 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form method="post" action="options.php">

trunk/wp-admin/options-general.php

@@ -53 +53 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form method="post" action="options.php">

trunk/wp-admin/options-media.php

@@ -19 +19 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form action="options.php" method="post">

trunk/wp-admin/options-misc.php

@@ -19 +19 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form method="post" action="options.php">

trunk/wp-admin/options-permalink.php

@@ -143 +143 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form name="form" action="options-permalink.php" method="post">
@@ -227 +227 @@
 <form action="options-permalink.php" method="post">
 <?php wp_nonce_field('update-permalink') ?>
-    <p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>
+    <p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo ($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>
 </form>
 <p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.')  ?></p>  
@@ -236 +236 @@
 <form action="options-permalink.php" method="post">
 <?php wp_nonce_field('update-permalink') ?>
-    <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
+    <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo ($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
 </form>
     <?php endif; ?>

trunk/wp-admin/options-privacy.php

@@ -18 +18 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form method="post" action="options.php">

trunk/wp-admin/options-reading.php

@@ -18 +18 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form name="form1" method="post" action="options.php">

trunk/wp-admin/options-writing.php

@@ -18 +18 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form method="post" action="options.php">

trunk/wp-admin/options.php

@@ -122 +122 @@
 <td>";
 
-    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . ($value) . "</textarea>";
     else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . esc_attr($value) . "'$disabled />";
 

trunk/wp-admin/page.php

@@ -101 +101 @@
             $last_user = get_userdata( $last );
             $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-            $message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) );
+            $message = sprintf( __( 'Warning: %s is currently editing this page' ), ( $last_user_name ) );
             $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
             add_action('admin_notices', create_function( '', "echo '$message';" ) );

trunk/wp-admin/plugin-editor.php

@@ -136 +136 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 <div class="bordertitle">
     <form id="themeselector" action="plugin-editor.php" method="post">

trunk/wp-admin/plugin-install.php

@@ -57 +57 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
     <ul class="subsubsub">

trunk/wp-admin/plugins.php

@@ -190 +190 @@
 if ( !empty($invalid) )
     foreach ( $invalid as $plugin_file => $error )
-        echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>';
+        echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), ($plugin_file), $error->get_error_message()) . '</p></div>';
 ?>
 
@@ -223 +223 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <?php

trunk/wp-admin/post.php

@@ -136 +136 @@
             $last_user = get_userdata( $last );
             $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-            $message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
+            $message = sprintf( __( 'Warning: %s is currently editing this post' ), ( $last_user_name ) );
             $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
             add_action('admin_notices', create_function( '', "echo '$message';" ) );

trunk/wp-admin/press-this.php

@@ -92 +92 @@
 
 // Set Variables
-$title = isset($_GET['t']) ? wp_specialchars(aposfix(stripslashes($_GET['t']))) : '';
+$title = isset($_GET['t']) ? (aposfix(stripslashes($_GET['t']))) : '';
 $selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : '';
 if ( ! empty($selection) ) {

trunk/wp-admin/revision.php

@@ -178 +178 @@
 
     <tr id="revision-field-<?php echo $field; ?>">
-        <th scope="row"><?php echo wp_specialchars( $field_title ); ?></th>
+        <th scope="row"><?php echo ( $field_title ); ?></th>
         <td><div class="pre"><?php echo $content; ?></div></td>
     </tr>

trunk/wp-admin/theme-editor.php

@@ -116 +116 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 <div class="bordertitle">
     <form id="themeselector" action="theme-editor.php" method="post">

trunk/wp-admin/theme-install.php

@@ -57 +57 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
     <ul class="subsubsub">

trunk/wp-admin/themes.php

@@ -120 +120 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <h3><?php _e('Current Theme'); ?></h3>

trunk/wp-admin/tools.php

@@ -18 +18 @@
 ?>
 <div class="wrap">
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <div class="tool-box">

trunk/wp-admin/upload.php

@@ -165 +165 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( get_search_query() ) ); ?>
 </h2>
 
@@ -323 +323 @@
         foreach ( $orphans as $post ) {
             $class = 'alternate' == $class ? '' : 'alternate';
-            $att_title = wp_specialchars( _draft_or_post_title($post->ID) );
+            $att_title = ( _draft_or_post_title($post->ID) );
 ?>
     <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">

trunk/wp-admin/user-edit.php

@@ -116 +116 @@
 <div class="wrap" id="profile-page">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <form id="your-profile" action="" method="post">

trunk/wp-admin/users.php

@@ -240 +240 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo ( $title );
 if ( isset($_GET['usersearch']) && $_GET['usersearch'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( $_GET['usersearch'] ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', ( $_GET['usersearch'] ) ); ?>
 </h2>
 

trunk/wp-admin/widgets.php

@@ -126 +126 @@
     <div class="wrap">
     <?php screen_icon(); ?>
-    <h2><?php echo wp_specialchars( $title ); ?></h2>
+    <h2><?php echo ( $title ); ?></h2>
         <div class="error">
             <p><?php _e( 'No Sidebars Defined' ); ?></p>
@@ -259 +259 @@
         <div class="wrap">
         <?php screen_icon(); ?>
-        <h2><?php echo wp_specialchars( $title ); ?></h2>
+        <h2><?php echo ( $title ); ?></h2>
         <div class="editwidget"<?php echo $width; ?>>
-        <h3><?php printf( __( 'Widget %s' ), wp_specialchars( strip_tags($control['name']) ) ); ?></h3>
+        <h3><?php printf( __( 'Widget %s' ), ( strip_tags($control['name']) ) ); ?></h3>
 
         <form action="widgets.php" method="post">
@@ -335 +335 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo ( $title ); ?></h2>
 
 <?php if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) { ?>
@@ -379 +379 @@
     <div class="sidebar-name">
     <div class="sidebar-name-arrow"><br /></div>
-    <h3><?php echo wp_specialchars( $registered_sidebar['name'] ); ?>
+    <h3><?php echo ( $registered_sidebar['name'] ); ?>
     <span><img src="images/wpspin_dark.gif" class="ajax-feedback" title="" alt="" /></span></h3></div>
     <?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?>

trunk/wp-includes/classes.php

@@ -1253 +1253 @@
             $output .= ' selected="selected"';
         $output .= '>';
-        $title = wp_specialchars($page->post_title);
+        $title = ($page->post_title);
         $output .= "$pad$title";
         $output .= "</option>\n";

trunk/wp-includes/comment-template.php

@@ -1079 +1079 @@
 
     $style = isset($_GET['replytocom']) ? '' : ' style="display:none;"';
-    $link = wp_specialchars( remove_query_arg('replytocom') ) . '#respond';
+    $link = ( remove_query_arg('replytocom') ) . '#respond';
     return apply_filters('cancel_comment_reply_link', '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>', $link, $text);
 }

trunk/wp-includes/default-filters.php

@@ -21 +21 @@
     add_filter($filter, 'trim');
     add_filter($filter, 'wp_filter_kses');
-    add_filter($filter, 'wp_specialchars', 30);
+    add_filter($filter, '', 30);
 }
 
@@ -81 +81 @@
     add_filter($filter, 'wptexturize');
     add_filter($filter, 'convert_chars');
-    add_filter($filter, 'wp_specialchars');
+    add_filter($filter, '');
 }
 
@@ -132 +132 @@
 add_filter('the_title_rss', 'strip_tags');
 add_filter('the_title_rss', 'ent2ncr', 8);
-add_filter('the_title_rss', 'wp_specialchars');
+add_filter('the_title_rss', '');
 add_filter('the_content_rss', 'ent2ncr', 8);
 add_filter('the_excerpt_rss', 'convert_chars');
@@ -138 +138 @@
 add_filter('comment_author_rss', 'ent2ncr', 8);
 add_filter('comment_text_rss', 'ent2ncr', 8);
-add_filter('comment_text_rss', 'wp_specialchars');
+add_filter('comment_text_rss', '');
 add_filter('bloginfo_rss', 'ent2ncr', 8);
 add_filter('the_author', 'ent2ncr', 8);
@@ -144 +144 @@
 // Misc filters
 add_filter('option_ping_sites', 'privacy_ping_filter');
-add_filter('option_blog_charset', 'wp_specialchars');
+add_filter('option_blog_charset', '
 add_filter('option_home', '_config_wp_home');
 add_filter('option_siteurl', '_config_wp_siteurl');

trunk/wp-includes/default-widgets.php

@@ -821 +821 @@
         $desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
         $desc = wp_html_excerpt( $desc, 360 ) . ' […]';
-        $desc = wp_specialchars( $desc );
+        $desc = ( $desc );
 
         if ( $show_summary ) {
@@ -845 +845 @@
             $author = $item->get_author();
             $author = $author->get_name();
-            $author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>';
+            $author = ' <cite>' . ( strip_tags( $author ) ) . '</cite>';
         }
 

trunk/wp-includes/feed.php

@@ -166 +166 @@
         $encode_html = 2;
     if ( 1== $encode_html ) {
-        $content = wp_specialchars($content);
+        $content = ($content);
         $cut = 0;
     } elseif ( 0 == $encode_html ) {

trunk/wp-includes/formatting.php

@@ -214 +214 @@
  * @return string The encoded text with HTML entities.
  */
-function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
+function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
     $string = (string) $string;
 
@@ -287 +287 @@
  *
  * @param string $string The text which is to be decoded.
- * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
+ * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
  * @return string The decoded text without HTML entities.
  */
@@ -302 +302 @@
     }
 
-    // Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value
+    // Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value
     if ( empty( $quote_style ) ) {
         $quote_style = ENT_NOQUOTES;
@@ -2075 +2075 @@
 function esc_js( $text ) {
     $safe_text = wp_check_invalid_utf8( $text );
-    $safe_text = wp_specialchars( $safe_text, ENT_COMPAT );
+    $safe_text = wp_specialchars( $safe_text, ENT_COMPAT );
     $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
     $safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) );
@@ -2099 +2099 @@
 
 /**
- * Escaping for HTML attributes.
+ * Escaping for HTML s.
  *
  * @since 2.8.0
@@ -2106 +2106 @@
  * @return string
  */
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 function esc_attr( $text ) {
     $safe_text = wp_check_invalid_utf8( $text );
-    $safe_text = wp_specialchars( $safe_text, ENT_QUOTES );
+    $safe_text = wp_specialchars( $safe_text, ENT_QUOTES );
     return apply_filters( 'attribute_escape', $safe_text, $text );
 }
@@ -2225 +2254 @@
             $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
             $value = stripslashes($value);
-            $value = wp_specialchars( $value );
+            $value = ( $value );
             break;
 
@@ -2299 +2328 @@
  * Callback function used by preg_replace.
  *
- * @uses wp_specialchars to format the $matches text.
+ * @uses  to format the $matches text.
  * @since 2.3.0
  *
  * @param array $matches Populated by matches to preg_replace.
- * @return string The text returned after wp_specialchars if needed.
+ * @return string The text returned after  if needed.
  */
 function wp_pre_kses_less_than_callback( $matches ) {
     if ( false === strpos($matches[0], '>') )
-        return wp_specialchars($matches[0]);
+        return ($matches[0]);
     return $matches[0];
 }

trunk/wp-includes/functions.php

@@ -380 +380 @@
     $protected = array( 'alloptions', 'notoptions' );
     if ( in_array( $option, $protected ) )
-        die( sprintf( __( '%s is a protected WP option and may not be modified' ), wp_specialchars( $option ) ) );
+        die( sprintf( __( '%s is a protected WP option and may not be modified' ), ( $option ) ) );
 }
 
@@ -1594 +1594 @@
     $hook = 'do_feed_' . $feed;
     if ( !has_action($hook) ) {
-        $message = sprintf( __( 'ERROR: %s is not a valid feed template' ), wp_specialchars($feed));
+        $message = sprintf( __( 'ERROR: %s is not a valid feed template' ), ($feed));
         wp_die($message);
     }
@@ -1719 +1719 @@
 function wp_nonce_url( $actionurl, $action = -1 ) {
     $actionurl = str_replace( '&', '&', $actionurl );
-    return wp_specialchars( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
+    return ( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
 }
 
@@ -2309 +2309 @@
                         $object = call_user_func( $lookup, $object );
                 }
-                return sprintf( $trans[$verb][$noun][0], wp_specialchars($object) );
+                return sprintf( $trans[$verb][$noun][0], ($object) );
             } else {
                 return $trans[$verb][$noun][0];
@@ -2335 +2335 @@
 function wp_nonce_ays( $action ) {
     $title = __( 'WordPress Failure Notice' );
-    $html = wp_specialchars( wp_explain_nonce( $action ) );
+    $html = ( wp_explain_nonce( $action ) );
     if ( wp_get_referer() )
         $html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";

trunk/wp-includes/general-template.php

@@ -1470 +1470 @@
 
         if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
-            $title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], wp_specialchars( get_the_title() ) ));
+            $title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], ( get_the_title() ) ));
             $href = get_post_comments_feed_link( $post->ID );
         }

trunk/wp-includes/l10n.php

@@ -121 +121 @@
 
 /**
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
  * Displays the returned translated text from translate().
  *
@@ -145 +161 @@
 function esc_attr_e( $text, $domain = 'default' ) {
     echo esc_attr( translate( $text, $domain ) );
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 }
 

trunk/wp-includes/user.php

@@ -541 +541 @@
             $_selected = $user->ID == $selected ? " selected='selected'" : '';
             $display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
-            $output .= "\t<option value='$user->ID'$_selected>" . wp_specialchars($display) . "</option>\n";
+            $output .= "\t<option value='$user->ID'$_selected>" . ($display) . "</option>\n";
         }
 

trunk/wp-includes/widgets.php

@@ -602 +602 @@
 
     if ( isset($wp_registered_widgets[$id]['description']) )
-        return wp_specialchars( $wp_registered_widgets[$id]['description'] );
+        return ( $wp_registered_widgets[$id]['description'] );
 }
 

trunk/wp-mail.php

@@ -24 +24 @@
     ( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) {
         $pop3->quit();
-        wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : wp_specialchars($pop3->ERROR) );
+        wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : ($pop3->ERROR) );
 }
 
@@ -196 +196 @@
     do_action('publish_phone', $post_ID);
 
-    echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), wp_specialchars($post_author)) . '</p>';
-    echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), wp_specialchars($post_title)) . '</p>';
+    echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), ($post_author)) . '</p>';
+    echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), ($post_title)) . '</p>';
 
     if(!$pop3->delete($i)) {
-        echo '<p>' . sprintf(__('Oops: %s'), wp_specialchars($pop3->ERROR)) . '</p>';
+        echo '<p>' . sprintf(__('Oops: %s'), ($pop3->ERROR)) . '</p>';
         $pop3->reset();
         exit;

trunk/xmlrpc.php

@@ -884 +884 @@
                 $struct['count']            = $tag->count;
                 $struct['slug']             = $tag->slug;
-                $struct['html_url']         = wp_specialchars( get_tag_link( $tag->term_id ) );
-                $struct['rss_url']          = wp_specialchars( get_tag_feed_link( $tag->term_id ) );
+                $struct['html_url']         = ( get_tag_link( $tag->term_id ) );
+                $struct['rss_url']          = ( get_tag_feed_link( $tag->term_id ) );
 
                 $tags[] = $struct;
@@ -2791 +2791 @@
                 $struct['categoryDescription'] = $cat->description;
                 $struct['categoryName'] = $cat->name;
-                $struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id));
-                $struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2'));
+                $struct['htmlUrl'] = (get_category_link($cat->term_id));
+                $struct['rssUrl'] = (get_category_feed_link($cat->term_id, 'rss2'));
 
                 $categories_struct[] = $struct;
@@ -3328 +3328 @@
         $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
 
-        $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
+        $context = '[...] ' . ( $excerpt ) . ' [...]';
         $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );