Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

_a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_at…

…tr_x(), esc_attr() -- still short, but less cryptic. see #9650

git-svn-id: http://core.svn.wordpress.org/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
commit 4465875cb8ff20691fcc224cfc8a88348d702fc2 1 parent 17846be
authored May 05, 2009

Showing 110 changed files with 703 additions and 703 deletions. Show diff stats Hide diff stats

  1. 8  wp-admin/admin-ajax.php
  2. 8  wp-admin/categories.php
  3. 10  wp-admin/comment.php
  4. 22  wp-admin/custom-header.php
  5. 8  wp-admin/edit-attachment-rows.php
  6. 8  wp-admin/edit-category-form.php
  7. 48  wp-admin/edit-comments.php
  8. 66  wp-admin/edit-form-advanced.php
  9. 18  wp-admin/edit-form-comment.php
  10. 8  wp-admin/edit-link-categories.php
  11. 10  wp-admin/edit-link-category-form.php
  12. 26  wp-admin/edit-link-form.php
  13. 46  wp-admin/edit-page-form.php
  14. 8  wp-admin/edit-pages.php
  15. 10  wp-admin/edit-tag-form.php
  16. 12  wp-admin/edit-tags.php
  17. 16  wp-admin/edit.php
  18. 4  wp-admin/export.php
  19. 8  wp-admin/import/blogger.php
  20. 4  wp-admin/import/btt.php
  21. 12  wp-admin/import/dotclear.php
  22. 2  wp-admin/import/greymatter.php
  23. 8  wp-admin/import/jkw.php
  24. 20  wp-admin/import/livejournal.php
  25. 8  wp-admin/import/mt.php
  26. 2  wp-admin/import/opml.php
  27. 6  wp-admin/import/stp.php
  28. 12  wp-admin/import/textpattern.php
  29. 8  wp-admin/import/utw.php
  30. 6  wp-admin/import/wordpress.php
  31. 10  wp-admin/import/wp-cat2tag.php
  32. 2  wp-admin/includes/bookmark.php
  33. 24  wp-admin/includes/class-wp-upgrader.php
  34. 20  wp-admin/includes/dashboard.php
  35. 12  wp-admin/includes/file.php
  36. 2  wp-admin/includes/manifest.php
  37. 84  wp-admin/includes/media.php
  38. 18  wp-admin/includes/plugin-install.php
  39. 2  wp-admin/includes/plugin.php
  40. 2  wp-admin/includes/taxonomy.php
  41. 84  wp-admin/includes/template.php
  42. 18  wp-admin/includes/theme-install.php
  43. 18  wp-admin/includes/user.php
  44. 16  wp-admin/includes/widgets.php
  45. 6  wp-admin/install.php
  46. 16  wp-admin/link-manager.php
  47. 2  wp-admin/load-scripts.php
  48. 2  wp-admin/load-styles.php
  49. 2  wp-admin/media-upload.php
  50. 6  wp-admin/media.php
  51. 2  wp-admin/menu.php
  52. 16  wp-admin/options-discussion.php
  53. 14  wp-admin/options-general.php
  54. 2  wp-admin/options-media.php
  55. 6  wp-admin/options-misc.php
  56. 14  wp-admin/options-permalink.php
  57. 2  wp-admin/options-privacy.php
  58. 2  wp-admin/options-reading.php
  59. 2  wp-admin/options-writing.php
  60. 6  wp-admin/options.php
  61. 20  wp-admin/plugin-editor.php
  62. 20  wp-admin/plugins.php
  63. 30  wp-admin/press-this.php
  64. 10  wp-admin/sidebar.php
  65. 16  wp-admin/theme-editor.php
  66. 6  wp-admin/themes.php
  67. 2  wp-admin/tools.php
  68. 10  wp-admin/update-core.php
  69. 20  wp-admin/upload.php
  70. 26  wp-admin/user-edit.php
  71. 12  wp-admin/user-new.php
  72. 22  wp-admin/users.php
  73. 12  wp-admin/widgets.php
  74. 12  wp-app.php
  75. 12  wp-content/themes/classic/comments-popup.php
  76. 8  wp-content/themes/classic/comments.php
  77. 2  wp-content/themes/classic/sidebar.php
  78. 8  wp-content/themes/default/comments-popup.php
  79. 6  wp-content/themes/default/comments.php
  80. 52  wp-content/themes/default/functions.php
  81. 4  wp-includes/author-template.php
  82. 4  wp-includes/bookmark-template.php
  83. 4  wp-includes/bookmark.php
  84. 2  wp-includes/category-template.php
  85. 4  wp-includes/class.wp-styles.php
  86. 6  wp-includes/classes.php
  87. 2  wp-includes/comment-template.php
  88. 4  wp-includes/comment.php
  89. 40  wp-includes/default-widgets.php
  90. 4  wp-includes/deprecated.php
  91. 4  wp-includes/feed-atom-comments.php
  92. 2  wp-includes/feed-rss2-comments.php
  93. 2  wp-includes/feed.php
  94. 8  wp-includes/formatting.php
  95. 8  wp-includes/functions.php
  96. 24  wp-includes/general-template.php
  97. 6  wp-includes/kses.php
  98. 16  wp-includes/l10n.php
  99. 18  wp-includes/link-template.php
  100. 6  wp-includes/media.php
  101. 2  wp-includes/pluggable.php
  102. 20  wp-includes/post-template.php
  103. 4  wp-includes/post.php
  104. 2  wp-includes/rss.php
  105. 18  wp-includes/script-loader.php
  106. 6  wp-includes/taxonomy.php
  107. 2  wp-includes/theme.php
  108. 6  wp-includes/update.php
  109. 8  wp-links-opml.php
  110. 20  wp-login.php
8  wp-admin/admin-ajax.php
@@ -426,7 +426,7 @@ function _wp_ajax_delete_comment_response( $comment_id ) {
426 426
 		$x->add( array(
427 427
 			'what' => 'link-category',
428 428
 			'id' => $cat_id,
429  
-			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
  429
+			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
430 430
 			'position' => -1
431 431
 		) );
432 432
 	}
@@ -474,7 +474,7 @@ function _wp_ajax_delete_comment_response( $comment_id ) {
474 474
 		$cat_full_name = $_cat->name . ' &#8212; ' . $cat_full_name;
475 475
 		$level++;
476 476
 	}
477  
-	$cat_full_name = attr($cat_full_name);
  477
+	$cat_full_name = esc_attr($cat_full_name);
478 478
 
479 479
 	$x = new WP_Ajax_Response( array(
480 480
 		'what' => 'cat',
@@ -552,7 +552,7 @@ function _wp_ajax_delete_comment_response( $comment_id ) {
552 552
 		die('0');
553 553
 
554 554
 	$tag_full_name = $tag->name;
555  
-	$tag_full_name = attr($tag_full_name);
  555
+	$tag_full_name = esc_attr($tag_full_name);
556 556
 
557 557
 	$x = new WP_Ajax_Response( array(
558 558
 		'what' => 'tag',
@@ -1214,7 +1214,7 @@ function _wp_ajax_delete_comment_response( $comment_id ) {
1214 1214
 			$time = mysql2date(__('Y/m/d'), $post->post_date);
1215 1215
 		}
1216 1216
 
1217  
-		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . attr($post->ID) . '"></td>';
  1217
+		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1218 1218
 		$html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";
1219 1219
 	}
1220 1220
 	$html .= '</tbody></table>';
8  wp-admin/categories.php
@@ -144,7 +144,7 @@
144 144
 <p class="search-box">
145 145
 	<label class="invisible" for="category-search-input"><?php _e('Search Categories'); ?>:</label>
146 146
 	<input type="text" id="category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
147  
-	<input type="submit" value="<?php _ea( 'Search Categories' ); ?>" class="button" />
  147
+	<input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" />
148 148
 </p>
149 149
 </form>
150 150
 <br class="clear" />
@@ -189,7 +189,7 @@
189 189
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
190 190
 <option value="delete"><?php _e('Delete'); ?></option>
191 191
 </select>
192  
-<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
  192
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
193 193
 <?php wp_nonce_field('bulk-categories'); ?>
194 194
 </div>
195 195
 
@@ -229,7 +229,7 @@
229 229
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
230 230
 <option value="delete"><?php _e('Delete'); ?></option>
231 231
 </select>
232  
-<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
  232
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
233 233
 <?php wp_nonce_field('bulk-categories'); ?>
234 234
 </div>
235 235
 
@@ -283,7 +283,7 @@
283 283
     <p><?php _e('The description is not prominent by default, however some themes may show it.'); ?></p>
284 284
 </div>
285 285
 
286  
-<p class="submit"><input type="submit" class="button" name="submit" value="<?php _ea('Add Category'); ?>" /></p>
  286
+<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p>
287 287
 <?php do_action('edit_category_form', $category); ?>
288 288
 </form></div>
289 289
 
10  wp-admin/comment.php
@@ -90,18 +90,18 @@ function comment_footer_die( $msg ) {  //
90 90
 
91 91
 <table width="100%">
92 92
 <tr>
93  
-<td><input type='button' class="button" value='<?php _ea('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
94  
-<td class="textright"><input type='submit' class="button" value='<?php echo attr($button); ?>' /></td>
  93
+<td><input type='button' class="button" value='<?php esc_attr_e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
  94
+<td class="textright"><input type='submit' class="button" value='<?php echo esc_attr($button); ?>' /></td>
95 95
 </tr>
96 96
 </table>
97 97
 
98 98
 <?php wp_nonce_field( $nonce_action ); ?>
99  
-<input type='hidden' name='action' value='<?php echo attr($formaction); ?>' />
  99
+<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
100 100
 <?php if ( 'spam' == $_GET['dt'] ) { ?>
101 101
 <input type='hidden' name='dt' value='spam' />
102 102
 <?php } ?>
103  
-<input type='hidden' name='p' value='<?php echo attr($comment->comment_post_ID); ?>' />
104  
-<input type='hidden' name='c' value='<?php echo attr($comment->comment_ID); ?>' />
  103
+<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
  104
+<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
105 105
 <input type='hidden' name='noredir' value='1' />
106 106
 </form>
107 107
 
22  wp-admin/custom-header.php
@@ -284,10 +284,10 @@ function step_1() {
284 284
 </div>
285 285
 <?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
286 286
 <form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>">
287  
-<input type="button" class="button" value="<?php _ea('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
288  
-<input type="button" class="button" value="<?php _ea('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php _ea('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
  287
+<input type="button" class="button" value="<?php esc_attr_e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
  288
+<input type="button" class="button" value="<?php esc_attr_e('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php esc_attr_e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
289 289
 <?php wp_nonce_field('custom-header') ?>
290  
-<input type="hidden" name="textcolor" id="textcolor" value="#<?php attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php _ea('Save Changes'); ?>" /></form>
  290
+<input type="hidden" name="textcolor" id="textcolor" value="#<?php esc_attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php esc_attr_e('Save Changes'); ?>" /></form>
291 291
 <?php } ?>
292 292
 
293 293
 <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;display:none;"> </div>
@@ -296,12 +296,12 @@ function step_1() {
296 296
 <h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
297 297
 <p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
298 298
 
299  
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
  299
+<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo esc_attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
300 300
 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
301 301
 <input type="hidden" name="action" value="save" />
302 302
 <?php wp_nonce_field('custom-header') ?>
303 303
 <p class="submit">
304  
-<input type="submit" value="<?php _ea('Upload'); ?>" />
  304
+<input type="submit" value="<?php esc_attr_e('Upload'); ?>" />
305 305
 </p>
306 306
 </form>
307 307
 
@@ -311,9 +311,9 @@ function step_1() {
311 311
 <div class="wrap">
312 312
 <h2><?php _e('Reset Header Image and Color'); ?></h2>
313 313
 <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
314  
-<form method="post" action="<?php echo attr(add_query_arg('step', 1)) ?>">
  314
+<form method="post" action="<?php echo esc_attr(add_query_arg('step', 1)) ?>">
315 315
 <?php wp_nonce_field('custom-header'); ?>
316  
-<input type="submit" class="button" name="resetheader" value="<?php _ea('Restore Original Header'); ?>" />
  316
+<input type="submit" class="button" name="resetheader" value="<?php esc_attr_e('Restore Original Header'); ?>" />
317 317
 </form>
318 318
 </div>
319 319
 		<?php endif;
@@ -372,7 +372,7 @@ function step_2() {
372 372
 
373 373
 <div class="wrap">
374 374
 
375  
-<form method="POST" action="<?php echo attr(add_query_arg('step', 3)) ?>">
  375
+<form method="POST" action="<?php echo esc_attr(add_query_arg('step', 3)) ?>">
376 376
 
377 377
 <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
378 378
 <div id="testWrap" style="position: relative">
@@ -386,10 +386,10 @@ function step_2() {
386 386
 <input type="hidden" name="y2" id="y2" />
387 387
 <input type="hidden" name="width" id="width" />
388 388
 <input type="hidden" name="height" id="height" />
389  
-<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo attr($id); ?>" />
390  
-<input type="hidden" name="oitar" id="oitar" value="<?php echo attr($oitar); ?>" />
  389
+<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($id); ?>" />
  390
+<input type="hidden" name="oitar" id="oitar" value="<?php echo esc_attr($oitar); ?>" />
391 391
 <?php wp_nonce_field('custom-header') ?>
392  
-<input type="submit" value="<?php _ea('Crop Header'); ?>" />
  392
+<input type="submit" value="<?php esc_attr_e('Crop Header'); ?>" />
393 393
 </p>
394 394
 
395 395
 </form>
8  wp-admin/edit-attachment-rows.php
@@ -62,7 +62,7 @@
62 62
 			if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) {
63 63
 ?>
64 64
 
65  
-				<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>">
  65
+				<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>">
66 66
 					<?php echo $thumb; ?>
67 67
 				</a>
68 68
 
@@ -74,7 +74,7 @@
74 74
 
75 75
 	case 'media':
76 76
 		?>
77  
-		<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
  77
+		<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
78 78
 		<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
79 79
 		<p>
80 80
 		<?php
@@ -83,7 +83,7 @@
83 83
 			$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
84 84
 		if ( current_user_can('delete_post', $post->ID) )
85 85
 			$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
86  
-		$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
  86
+		$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
87 87
 		$action_count = count($actions);
88 88
 		$i = 0;
89 89
 		echo '<div class="row-actions">';
@@ -182,7 +182,7 @@
182 182
 	case 'actions':
183 183
 		?>
184 184
 		<td <?php echo $attributes ?>>
185  
-		<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
  185
+		<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
186 186
 		<a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a>
187 187
 		</td>
188 188
 		<?php
8  wp-admin/edit-category-form.php
@@ -44,17 +44,17 @@ function _fill_empty_category(&$category) {
44 44
 <div id="ajax-response"></div>
45 45
 <form name="editcat" id="editcat" method="post" action="categories.php" class="validate">
46 46
 <input type="hidden" name="action" value="editedcat" />
47  
-<input type="hidden" name="cat_ID" value="<?php echo attr($category->term_id) ?>" />
  47
+<input type="hidden" name="cat_ID" value="<?php echo esc_attr($category->term_id) ?>" />
48 48
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-category_' . $cat_ID); ?>
49 49
 	<table class="form-table">
50 50
 		<tr class="form-field form-required">
51 51
 			<th scope="row" valign="top"><label for="cat_name"><?php _e('Category Name') ?></label></th>
52  
-			<td><input name="cat_name" id="cat_name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /><br />
  52
+			<td><input name="cat_name" id="cat_name" type="text" value="<?php echo esc_attr($category->name); ?>" size="40" aria-required="true" /><br />
53 53
             <?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></td>
54 54
 		</tr>
55 55
 		<tr class="form-field">
56 56
 			<th scope="row" valign="top"><label for="category_nicename"><?php _e('Category Slug') ?></label></th>
57  
-			<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
  57
+			<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo esc_attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
58 58
             <?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
59 59
 		</tr>
60 60
 		<tr class="form-field">
@@ -70,7 +70,7 @@ function _fill_empty_category(&$category) {
70 70
             <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
71 71
 		</tr>
72 72
 	</table>
73  
-<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _ea('Update Category'); ?>" /></p>
  73
+<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Category'); ?>" /></p>
74 74
 <?php do_action('edit_category_form', $category); ?>
75 75
 </form>
76 76
 </div>
48  wp-admin/edit-comments.php
@@ -83,7 +83,7 @@
83 83
 
84 84
 require_once('admin-header.php');
85 85
 
86  
-$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attr($_GET['mode']);
  86
+$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : esc_attr($_GET['mode']);
87 87
 
88 88
 $default_status = get_user_option('edit_comments_last_view');
89 89
 if ( empty($default_status) )
@@ -94,10 +94,10 @@
94 94
 if ( $comment_status != $default_status )
95 95
 	update_usermeta($current_user->ID, 'edit_comments_last_view', $comment_status);
96 96
 
97  
-$comment_type = !empty($_GET['comment_type']) ? attr($_GET['comment_type']) : '';
  97
+$comment_type = !empty($_GET['comment_type']) ? esc_attr($_GET['comment_type']) : '';
98 98
 
99 99
 $search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : '';
100  
-$search = attr( $search_dirty ); ?>
  100
+$search = esc_attr( $search_dirty ); ?>
101 101
 
102 102
 <div class="wrap">
103 103
 <?php screen_icon(); ?>
@@ -164,7 +164,7 @@
164 164
 	/*
165 165
 	// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
166 166
 	if ( !empty( $_GET['s'] ) )
167  
-		$link = add_query_arg( 's', attr( stripslashes( $_GET['s'] ) ), $link );
  167
+		$link = add_query_arg( 's', esc_attr( stripslashes( $_GET['s'] ) ), $link );
168 168
 	*/
169 169
 	$status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf(
170 170
 		_n( $label[0], $label[1], $num_comments->$status ),
@@ -182,7 +182,7 @@
182 182
 <p class="search-box">
183 183
 	<label class="invisible" for="comment-search-input"><?php _e( 'Search Comments' ); ?>:</label>
184 184
 	<input type="text" id="comment-search-input" name="s" value="<?php _admin_search_query(); ?>" />
185  
-	<input type="submit" value="<?php _ea( 'Search Comments' ); ?>" class="button" />
  185
+	<input type="submit" value="<?php esc_attr_e( 'Search Comments' ); ?>" class="button" />
186 186
 </p>
187 187
 
188 188
 <?php
@@ -224,12 +224,12 @@
224 224
 
225 225
 ?>
226 226
 
227  
-<input type="hidden" name="mode" value="<?php echo attr($mode); ?>" />
  227
+<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
228 228
 <?php if ( $post_id ) : ?>
229  
-<input type="hidden" name="p" value="<?php echo attr( intval( $post_id ) ); ?>" />
  229
+<input type="hidden" name="p" value="<?php echo esc_attr( intval( $post_id ) ); ?>" />
230 230
 <?php endif; ?>
231  
-<input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" />
232  
-<input type="hidden" name="pagegen_timestamp" value="<?php echo attr(current_time('mysql', 1)); ?>" />
  231
+<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
  232
+<input type="hidden" name="pagegen_timestamp" value="<?php echo esc_attr(current_time('mysql', 1)); ?>" />
233 233
 
234 234
 <div class="tablenav">
235 235
 
@@ -240,9 +240,9 @@
240 240
 	'<span class="total-type-count">' . number_format_i18n( $total ) . '</span>',
241 241
 	$page_links
242 242
 ); echo $page_links_text; ?></div>
243  
-<input type="hidden" name="_total" value="<?php echo attr($total); ?>" />
244  
-<input type="hidden" name="_per_page" value="<?php echo attr($comments_per_page); ?>" />
245  
-<input type="hidden" name="_page" value="<?php echo attr($page); ?>" />
  243
+<input type="hidden" name="_total" value="<?php echo esc_attr($total); ?>" />
  244
+<input type="hidden" name="_per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
  245
+<input type="hidden" name="_page" value="<?php echo esc_attr($page); ?>" />
246 246
 <?php endif; ?>
247 247
 
248 248
 <div class="alignleft actions">
@@ -259,7 +259,7 @@
259 259
 <?php endif; ?>
260 260
 <option value="delete"><?php _e('Delete'); ?></option>
261 261
 </select>
262  
-<input type="submit" name="doaction" id="doaction" value="<?php _ea('Apply'); ?>" class="button-secondary apply" />
  262
+<input type="submit" name="doaction" id="doaction" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
263 263
 <?php wp_nonce_field('bulk-comments'); ?>
264 264
 
265 265
 <select name="comment_type">
@@ -271,22 +271,22 @@
271 271
 	) );
272 272
 
273 273
 	foreach ( $comment_types as $type => $label ) {
274  
-		echo "	<option value='" . attr($type) . "'";
  274
+		echo "	<option value='" . esc_attr($type) . "'";
275 275
 		selected( $comment_type, $type );
276 276
 		echo ">$label</option>\n";
277 277
 	}
278 278
 ?>
279 279
 </select>
280  
-<input type="submit" id="post-query-submit" value="<?php _ea('Filter'); ?>" class="button-secondary" />
  280
+<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />
281 281
 
282 282
 <?php if ( isset($_GET['apage']) ) { ?>
283  
-	<input type="hidden" name="apage" value="<?php echo attr( absint( $_GET['apage'] ) ); ?>" />
  283
+	<input type="hidden" name="apage" value="<?php echo esc_attr( absint( $_GET['apage'] ) ); ?>" />
284 284
 <?php }
285 285
 
286 286
 if ( 'spam' == $comment_status ) {
287 287
 	wp_nonce_field('bulk-spam-delete', '_spam_nonce');
288 288
         if ( current_user_can ('moderate_comments')) { ?>
289  
-		<input type="submit" name="delete_all_spam" value="<?php _ea('Delete All Spam'); ?>" class="button-secondary apply" />
  289
+		<input type="submit" name="delete_all_spam" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" />
290 290
 <?php	}
291 291
 } ?>
292 292
 <?php do_action('manage_comments_nav', $comment_status); ?>
@@ -346,10 +346,10 @@
346 346
 <?php endif; ?>
347 347
 <option value="delete"><?php _e('Delete'); ?></option>
348 348
 </select>
349  
-<input type="submit" name="doaction2" id="doaction2" value="<?php _ea('Apply'); ?>" class="button-secondary apply" />
  349
+<input type="submit" name="doaction2" id="doaction2" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
350 350
 
351 351
 <?php if ( 'spam' == $comment_status ) { ?>
352  
-<input type="submit" name="delete_all_spam2" value="<?php _ea('Delete All Spam'); ?>" class="button-secondary apply" />
  352
+<input type="submit" name="delete_all_spam2" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" />
353 353
 <?php } ?>
354 354
 <?php do_action('manage_comments_nav', $comment_status); ?>
355 355
 </div>
@@ -360,12 +360,12 @@
360 360
 </form>
361 361
 
362 362
 <form id="get-extra-comments" method="post" action="" class="add:the-extra-comment-list:" style="display: none;">
363  
-	<input type="hidden" name="s" value="<?php echo attr($search); ?>" />
364  
-	<input type="hidden" name="mode" value="<?php echo attr($mode); ?>" />
365  
-	<input type="hidden" name="comment_status" value="<?php echo attr($comment_status); ?>" />
  363
+	<input type="hidden" name="s" value="<?php echo esc_attr($search); ?>" />
  364
+	<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
  365
+	<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
366 366
 	<input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
367  
-	<input type="hidden" name="p" value="<?php echo attr( $post_id ); ?>" />
368  
-	<input type="hidden" name="comment_type" value="<?php echo attr( $comment_type ); ?>" />
  367
+	<input type="hidden" name="p" value="<?php echo esc_attr( $post_id ); ?>" />
  368
+	<input type="hidden" name="comment_type" value="<?php echo esc_attr( $comment_type ); ?>" />
369 369
 	<?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>
370 370
 </form>
371 371
 
66  wp-admin/edit-form-advanced.php
@@ -33,11 +33,11 @@
33 33
 if ( 0 == $post_ID ) {
34 34
 	$form_action = 'post';
35 35
 	$temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post()
36  
-	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . attr($temp_ID) . "' />";
  36
+	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . esc_attr($temp_ID) . "' />";
37 37
 	$autosave = false;
38 38
 } else {
39 39
 	$form_action = 'editpost';
40  
-	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . attr($post_ID) . "' />";
  40
+	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />";
41 41
 	$autosave = wp_get_post_autosave( $post_ID );
42 42
 
43 43
 	// Detect if there exists an autosave newer than the post and if that autosave is different than the post
@@ -72,15 +72,15 @@ function post_submit_meta_box($post) {
72 72
 
73 73
 <?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
74 74
 <div style="display:none;">
75  
-<input type="submit" name="save" value="<?php _ea('Save'); ?>" />
  75
+<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
76 76
 </div>
77 77
 
78 78
 <div id="minor-publishing-actions">
79 79
 <div id="save-action">
80 80
 <?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?>
81  
-<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
  81
+<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
82 82
 <?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
83  
-<input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
  83
+<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
84 84
 <?php } ?>
85 85
 </div>
86 86
 
@@ -129,7 +129,7 @@ function post_submit_meta_box($post) {
129 129
 <a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
130 130
 
131 131
 <div id="post-status-select" class="hide-if-js">
132  
-<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" />
  132
+<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" />
133 133
 <select name='post_status' id='post_status' tabindex='4'>
134 134
 <?php if ( 'publish' == $post->post_status ) : ?>
135 135
 <option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
@@ -169,15 +169,15 @@ function post_submit_meta_box($post) {
169 169
 ?><?php echo wp_specialchars( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
170 170
 
171 171
 <div id="post-visibility-select" class="hide-if-js">
172  
-<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
  172
+<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
173 173
 <input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> />
174  
-<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
  174
+<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />
175 175
 
176 176
 
177 177
 <input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
178 178
 <span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
179 179
 <input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
180  
-<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
  180
+<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
181 181
 <input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
182 182
 
183 183
 <p>
@@ -238,20 +238,20 @@ function post_submit_meta_box($post) {
238 238
 if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) {
239 239
 	if ( current_user_can('publish_posts') ) :
240 240
 		if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
241  
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" />
242  
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" />
  241
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
  242
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
243 243
 <?php	else : ?>
244  
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" />
245  
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" />
  244
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
  245
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
246 246
 <?php	endif;
247 247
 	else : ?>
248  
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" />
249  
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" />
  248
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
  249
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
250 250
 <?php
251 251
 	endif;
252 252
 } else { ?>
253  
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Post') ?>" />
254  
-		<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Post') ?>" />
  253
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Post') ?>" />
  254
+		<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Post') ?>" />
255 255
 <?php
256 256
 } ?>
257 257
 </div>
@@ -271,20 +271,20 @@ function post_submit_meta_box($post) {
271 271
  * @param object $post
272 272
  */
273 273
 function post_tags_meta_box($post, $box) {
274  
-	$tax_name = attr(substr($box['id'], 8));
  274
+	$tax_name = esc_attr(substr($box['id'], 8));
275 275
 	$taxonomy = get_taxonomy($tax_name);
276  
-	$helps = isset($taxonomy->helps) ? attr($taxonomy->helps) : __('Separate tags with commas.');
  276
+	$helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.');
277 277
 ?>
278 278
 <div class="tagsdiv" id="<?php echo $tax_name; ?>">
279 279
 	<div class="jaxtag">
280 280
 	<div class="nojs-tags hide-if-js">
281 281
 	<p><?php _e('Add or remove tags'); ?></p>
282  
-	<textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
  282
+	<textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
283 283
 
284 284
 	<span class="ajaxtag hide-if-no-js">
285 285
 		<label class="invisible" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
286  
-		<input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php _ea('Add new tag'); ?>" />
287  
-		<input type="button" class="button tagadd" value="<?php _ea('Add'); ?>" tabindex="3" />
  286
+		<input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" />
  287
+		<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" />
288 288
 	</span></div>
289 289
 	<p class="howto"><?php echo $helps; ?></p>
290 290
 	<div class="tagchecklist"></div>
@@ -297,7 +297,7 @@ function post_tags_meta_box($post, $box) {
297 297
 foreach ( get_object_taxonomies('post') as $tax_name ) {
298 298
 	if ( !is_taxonomy_hierarchical($tax_name) ) {
299 299
 		$taxonomy = get_taxonomy($tax_name);
300  
-		$label = isset($taxonomy->label) ? attr($taxonomy->label) : $tax_name;
  300
+		$label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name;
301 301
 
302 302
 		add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core');
303 303
 	}
@@ -333,9 +333,9 @@ function post_categories_meta_box($post) {
333 333
 <div id="category-adder" class="wp-hidden-children">
334 334
 	<h4><a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a></h4>
335 335
 	<p id="category-add" class="wp-hidden-child">
336  
-	<label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _ea( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
  336
+	<label class="invisible" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
337 337
 	<label class="invisible" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
338  
-	<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _ea( 'Add' ); ?>" tabindex="3" />
  338
+	<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" />
339 339
 <?php	wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
340 340
 	<span id="category-ajax-response"></span></p>
341 341
 </div>
@@ -385,7 +385,7 @@ function post_excerpt_meta_box($post) {
385 385
  * @param object $post
386 386
  */
387 387
 function post_trackback_meta_box($post) {
388  
-	$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
  388
+	$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. esc_attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
389 389
 	if ('' != $post->pinged) {
390 390
 		$pings = '<p>'. __('Already pinged:') . '</p><ul>';
391 391
 		$already_pinged = explode("\n", trim($post->pinged));
@@ -492,7 +492,7 @@ function post_comment_meta_box($post) {
492 492
  */
493 493
 function post_slug_meta_box($post) {
494 494
 ?>
495  
-<label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
  495
+<label class="invisible" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
496 496
 <?php
497 497
 }
498 498
 if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) )
@@ -567,11 +567,11 @@ function post_revisions_meta_box($post) {
567 567
 ?>
568 568
 
569 569
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
570  
-<input type="hidden" id="hiddenaction" name="action" value="<?php echo attr($form_action) ?>" />
571  
-<input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
572  
-<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
573  
-<input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
574  
-<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
  570
+<input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr($form_action) ?>" />
  571
+<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" />
  572
+<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
  573
+<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
  574
+<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
575 575
 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
576 576
 <?php
577 577
 if ( 'draft' != $post->post_status )
@@ -592,7 +592,7 @@ function post_revisions_meta_box($post) {
592 592
 <div id="titlediv">
593 593
 <div id="titlewrap">
594 594
 	<label class="invisible" for="title"><?php _e('Title') ?></label>
595  
-	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
  595
+	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
596 596
 </div>
597 597
 <div class="inside">
598 598
 <?php
18  wp-admin/edit-form-comment.php
@@ -12,7 +12,7 @@
12 12
 $submitbutton_text = __('Edit Comment');
13 13
 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
14 14
 $form_action = 'editedcomment';
15  
-$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . attr($comment->comment_post_ID);
  15
+$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . esc_attr($comment->comment_post_ID);
16 16
 ?>
17 17
 
18 18
 <form name="post" action="comment.php" method="post" id="post">
@@ -26,8 +26,8 @@
26 26
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
27 27
 <?php
28 28
 
29  
-$email = attr( $comment->comment_author_email );
30  
-$url = attr( $comment->comment_author_url );
  29
+$email = esc_attr( $comment->comment_author_email );
  30
+$url = esc_attr( $comment->comment_author_url );
31 31
 // add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
32 32
 ?>
33 33
 
@@ -72,7 +72,7 @@
72 72
 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
73 73
 </div>
74 74
 <div id="publishing-action">
75  
-<input type="submit" name="save" value="<?php _ea('Update Comment'); ?>" tabindex="4" class="button-primary" />
  75
+<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />
76 76
 </div>
77 77
 <div class="clear"></div>
78 78
 </div>
@@ -90,7 +90,7 @@
90 90
 <tbody>
91 91
 <tr valign="top">
92 92
 	<td class="first"><?php _e( 'Name:' ); ?></td>
93  
-	<td><input type="text" name="newcomment_author" size="30" value="<?php echo attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
  93
+	<td><input type="text" name="newcomment_author" size="30" value="<?php echo esc_attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
94 94
 </tr>
95 95
 <tr valign="top">
96 96
 	<td class="first">
@@ -101,7 +101,7 @@
101 101
 			_e( 'E-mail:' );
102 102
 		}
103 103
 ?></td>
104  
-	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo attr($email); ?>" tabindex="2" id="email" /></td>
  104
+	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
105 105
 </tr>
106 106
 <tr valign="top">
107 107
 	<td class="first">
@@ -113,7 +113,7 @@
113 113
 		} else {
114 114
 			_e( 'URL:' );
115 115
 		} ?></td>
116  
-	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo attr($url); ?>" tabindex="3" /></td>
  116
+	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($url); ?>" tabindex="3" /></td>
117 117
 </tr>
118 118
 </tbody>
119 119
 </table>
@@ -128,8 +128,8 @@
128 128
 
129 129
 <?php do_meta_boxes('comment', 'normal', $comment); ?>
130 130
 
131  
-<input type="hidden" name="c" value="<?php echo attr($comment->comment_ID) ?>" />
132  
-<input type="hidden" name="p" value="<?php echo attr($comment->comment_post_ID) ?>" />
  131
+<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
  132
+<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
133 133
 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
134 134
 <?php wp_original_referer_field(true, 'previous'); ?>
135 135
 <input type="hidden" name="noredir" value="1" />
8  wp-admin/edit-link-categories.php
@@ -75,7 +75,7 @@
@@ -112,7 +112,7 @@
@@ -166,7 +166,7 @@
@@ -211,7 +211,7 @@
10  wp-admin/edit-link-category-form.php
@@ -57,17 +57,17 @@ function _fill_empty_link_category(&$category) {
@@ -75,7 +75,7 @@ function _fill_empty_link_category(&$category) {
26  wp-admin/edit-link-form.php
@@ -60,7 +60,7 @@ function link_submit_meta_box($link) {
@@ -91,9 +91,9 @@ function link_submit_meta_box($link) {
@@ -139,8 +139,8 @@ function link_categories_meta_box($link) { ?>
@@ -185,7 +185,7 @@ function link_xfn_meta_box($link) {
@@ -305,11 +305,11 @@ function link_advanced_meta_box($link) {
@@ -320,7 +320,7 @@ function link_advanced_meta_box($link) {
@@ -374,7 +374,7 @@ function link_advanced_meta_box($link) {
@@ -382,7 +382,7 @@ function link_advanced_meta_box($link) {
@@ -390,7 +390,7 @@ function link_advanced_meta_box($link) {
@@ -404,7 +404,7 @@ function link_advanced_meta_box($link) {
46  wp-admin/edit-page-form.php
@@ -66,15 +66,15 @@ function page_submit_meta_box($post) {
66 66
 
67 67
 <?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
68 68
 <div style="display:none;">
69  
-<input type="submit" name="save" value="<?php _ea('Save'); ?>" />
  69
+<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
70 70
 </div>
71 71
 
72 72
 <div id="minor-publishing-actions">
73 73
 <div id="save-action">
74 74
 <?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?>
75  
-<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php _ea('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
  75
+<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
76 76
 <?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
77  
-<input type="submit" name="save" id="save-post" value="<?php _ea('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
  77
+<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
78 78
 <?php } ?>
79 79
 </div>
80 80
 
@@ -123,7 +123,7 @@ function page_submit_meta_box($post) {
123 123
 <a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
124 124
 
125 125
 <div id="post-status-select" class="hide-if-js">
126  
-<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo attr($post->post_status); ?>" />
  126
+<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" />
127 127
 <select name='post_status' id='post_status' tabindex='4'>
128 128
 <?php if ( 'publish' == $post->post_status ) : ?>
129 129
 <option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
@@ -163,12 +163,12 @@ function page_submit_meta_box($post) {
163 163
 <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
164 164
 
165 165
 <div id="post-visibility-select" class="hide-if-js">
166  
-<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attr($post->post_password); ?>" />
167  
-<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attr( $visibility ); ?>" />
  166
+<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
  167
+<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />
168 168
 
169 169
 <input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
170 170
 <input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
171  
-<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attr($post->post_password); ?>" /><br /></span>
  171
+<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
172 172
 <input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
173 173
 
174 174
 <p><a href="#visibility" class="save-post-visibility hide-if-no-js button"><?php _e('OK'); ?></a>
@@ -226,20 +226,20 @@ function page_submit_meta_box($post) {
226 226
 <?php
227 227
 	if ( $can_publish ) :
228 228
 		if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
229  
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Schedule') ?>" />
230  
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Schedule') ?>" />
  229
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
  230
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
231 231
 <?php	else : ?>
232  
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Publish') ?>" />
233  
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Publish') ?>" />
  232
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
  233
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
234 234
 <?php	endif;
235 235
 	else : ?>
236  
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Submit for Review') ?>" />
237  
-	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Submit for Review') ?>" />
  236
+	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
  237
+	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
238 238
 <?php
239 239
 	endif;
240 240
 } else { ?>
241  
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _ea('Update Page') ?>" />
242  
-	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _ea('Update Page') ?>" />
  241
+	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Page') ?>" />
  242
+	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Page') ?>" />
243 243
 <?php
244 244
 } ?>
245 245
 </div>
@@ -291,7 +291,7 @@ function page_attributes_meta_box($post){
291 291
 <?php
292 292
 	} ?>
293 293
 <h5><?php _e('Order') ?></h5>
294  
-<p><label class="invisible" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo attr($post->menu_order) ?>" /></p>
  294
+<p><label class="invisible" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo esc_attr($post->menu_order) ?>" /></p>
295 295
 <p><?php _e('Pages are usually ordered alphabetically, but you can put a number above to change the order pages appear in. (We know this is a little janky, it&#8217;ll be better in future releases.)'); ?></p>
296 296
 <?php
297 297
 }
@@ -346,7 +346,7 @@ function page_comments_status_meta_box($post){
346 346
  */
347 347
 function page_slug_meta_box($post){
348 348
 ?>
349  
-<label class="invisible" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attr( $post->post_name ); ?>" />
  349
+<label class="invisible" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
350 350
 <?php
351 351
 }
352 352
 add_meta_box('pageslugdiv', __('Page Slug'), 'page_slug_meta_box', 'page', 'normal', 'core');
@@ -414,12 +414,12 @@ function page_revisions_meta_box($post) {
414 414
 	echo '<input type="hidden" name="mode" value="bookmarklet" />';
415 415
 ?>
416 416
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo $user_ID ?>" />
417  
-<input type="hidden" id="hiddenaction" name="action" value='<?php echo attr($form_action) ?>' />
418  
-<input type="hidden" id="originalaction" name="originalaction" value="<?php echo attr($form_action) ?>" />
419  
-<input type="hidden" id="post_author" name="post_author" value="<?php echo attr( $post->post_author ); ?>" />
  417
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo esc_attr($form_action) ?>' />
  418
+<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" />
  419
+<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
420 420
 <?php echo $form_extra ?>
421  
-<input type="hidden" id="post_type" name="post_type" value="<?php echo attr($post->post_type) ?>" />
422  
-<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo attr($post->post_status) ?>" />
  421
+<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
  422
+<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
423 423
 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
424 424
 <?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>
425 425
 
@@ -436,7 +436,7 @@ function page_revisions_meta_box($post) {
436 436
 <div id="titlediv">
437 437
 <div id="titlewrap">
438 438
 	<label class="invisible" for="title"><?php _e('Title') ?></label>
439  
-	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
  439
+	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
440 440
 </div>
441 441
 <div class="inside">
442 442
 <?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
8  wp-admin/edit-pages.php
@@ -171,11 +171,11 @@
171 171
 <p class="search-box">
172 172
 	<label class="invisible" for="page-search-input"><?php _e( 'Search Pages' ); ?>:</label>
173 173
 	<input type="text" id="page-search-input" name="s" value="<?php _admin_search_query(); ?>" />
174  
-	<input type="submit" value="<?php _ea( 'Search Pages' ); ?>" class="button" />
  174
+	<input type="submit" value="<?php esc_attr_e( 'Search Pages' ); ?>" class="button" />
175 175
 </p>
176 176
 
177 177
 <?php if ( isset($_GET['post_status'] ) ) : ?>
178  
-<input type="hidden" name="post_status" value="<?php echo attr($_GET['post_status']) ?>" />
  178
+<input type="hidden" name="post_status" value="<?php echo esc_attr($_GET['post_status']) ?>" />
179 179
 <?php endif; ?>
180 180
 
181 181
 <?php if ($posts) { ?>
@@ -215,7 +215,7 @@
215 215
 <option value="edit"><?php _e('Edit'); ?></option>
216 216
 <option value="delete"><?php _e('Delete'); ?></option>
217 217
 </select>
218  
-<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
  218
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
219 219
 <?php wp_nonce_field('bulk-pages'); ?>
220 220
 </div>
221 221
 
@@ -254,7 +254,7 @@
254 254
 <option value="edit"><?php _e('Edit'); ?></option>
255 255
 <option value="delete"><?php _e('Delete'); ?></option>
256 256
 </select>
257  
-<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
  257
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
258 258
 </div>
259 259
 
260 260
 <br class="clear" />
10  wp-admin/edit-tag-form.php
@@ -20,18 +20,18 @@
20 20
 <div id="ajax-response"></div>
21 21
 <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate">
22 22
 <input type="hidden" name="action" value="editedtag" />
23  
-<input type="hidden" name="tag_ID" value="<?php echo attr($tag->term_id) ?>" />
24  
-<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy) ?>" />
  23
+<input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" />
  24
+<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" />
25 25
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?>
26 26
 	<table class="form-table">
27 27
 		<tr class="form-field form-required">
28 28
 			<th scope="row" valign="top"><label for="name"><?php _e('Tag name') ?></label></th>
29  
-			<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attr($tag->name); ?>" size="40" aria-required="true" />
  29
+			<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo esc_attr($tag->name); ?>" size="40" aria-required="true" />
30 30
             <p><?php _e('The name is how the tag appears on your site.'); ?></p></td>
31 31
 		</tr>
32 32
 		<tr class="form-field">
33 33
 			<th scope="row" valign="top"><label for="slug"><?php _e('Tag slug') ?></label></th>
34  
-			<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
  34
+			<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo esc_attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
35 35
             <p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td>
36 36
 		</tr>
37 37
 		<tr class="form-field">
@@ -40,7 +40,7 @@
40 40
             <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
41 41
 		</tr>
42 42
 	</table>
43  
-<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _ea('Update Tag'); ?>" /></p>
  43
+<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Tag'); ?>" /></p>
44 44
 <?php do_action('edit_tag_form', $tag); ?>
45 45
 </form>
46 46
 </div>
12  wp-admin/edit-tags.php
@@ -160,7 +160,7 @@
160 160
 <p class="search-box">
161 161
 	<label class="invisible" for="tag-search-input"><?php _e( 'Search Tags' ); ?>:</label>
162 162
 	<input type="text" id="tag-search-input" name="s" value="<?php _admin_search_query(); ?>" />
163  
-	<input type="submit" value="<?php _ea( 'Search Tags' ); ?>" class="button" />
  163
+	<input type="submit" value="<?php esc_attr_e( 'Search Tags' ); ?>" class="button" />
164 164
 </p>
165 165
 </form>
166 166
 <br class="clear" />
@@ -170,7 +170,7 @@
170 170
 <div id="col-right">
171 171
 <div class="col-wrap">
172 172
 <form id="posts-filter" action="" method="get">
173  
-<input type="hidden" name="taxonomy" value="<?php echo attr($taxonomy); ?>" />
  173
+<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
174 174
 <div class="tablenav">
175 175
 <?php
176 176
 $pagenum = isset( $_GET['pagenum'] ) ? absint( $_GET['pagenum'] ) : 0;
@@ -201,7 +201,7 @@
201 201
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
202 202
 <option value="delete"><?php _e('Delete'); ?></option>
203 203
 </select>
204  
-<input type="submit" value="<?php _ea('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
  204
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
205 205
 <?php wp_nonce_field('bulk-tags'); ?>
206 206