From 363ea804708ae140fc75f48ae83861b572d14aaf Mon Sep 17 00:00:00 2001
From: jverber <jverber@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 19 Jun 2004 02:13:48 +0000
Subject: [PATCH] Fix for bug #0000092: Special chars were not encoded
 correctly.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/link-categories.php |  6 +++---
 wp-admin/link-manager.php    | 14 +++++++++-----
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/wp-admin/link-categories.php b/wp-admin/link-categories.php
index aa37102474..8159067a8f 100644
--- a/wp-admin/link-categories.php
+++ b/wp-admin/link-categories.php
@@ -121,7 +121,7 @@ switch ($action) {
 </ul>
 
 <div class="wrap">
-  <h2>Edit &#8220;<?php echo $row->cat_name?>&#8221; Category </h2>
+  <h2>Edit &#8220;<?php echo htmlspecialchars($row->cat_name)?>&#8221; Category </h2>
 
   <form name="editcat" method="post">
       <input type="hidden" name="action" value="editedcat" />
@@ -131,7 +131,7 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Name:') ?></th>
-	<td width="67%"><input name="cat_name" type="text" value="<?php echo $row->cat_name?>" size="30" /></td>
+	<td width="67%"><input name="cat_name" type="text" value="<?php echo htmlspecialchars($row->cat_name)?>" size="30" /></td>
 </tr>
 <tr>
 	<th scope="row"><?php _e('Show:') ?></th>
@@ -332,7 +332,7 @@ foreach ($results as $row) {
     $style = ($i % 2) ? ' class="alternate"' : '';
 ?>
               <tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
-                <td><?php echo $row->cat_name?></td>
+                <td><?php echo htmlspecialchars($row->cat_name)?></td>
 				<td ><?php echo $row->cat_id?></td>
                 <td><?php echo $row->auto_toggle?></td>
                 <td><?php echo $row->show_images?></td>
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index e37a2cbc9f..022928f183 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -312,17 +312,17 @@ switch ($action) {
 	WHERE link_id = $link_id");
 
     if ($row) {
-      $link_url = $row->link_url;
-      $link_name = $row->link_name;
+      $link_url = htmlspecialchars($row->link_url);
+      $link_name = htmlspecialchars($row->link_name);
       $link_image = $row->link_image;
       $link_target = $row->link_target;
       $link_category = $row->link_category;
-      $link_description = $row->link_description;
+      $link_description = htmlspecialchars($row->link_description);
       $link_visible = $row->link_visible;
       $link_rating = $row->link_rating;
       $link_rel = $row->link_rel;
-      $link_notes = $row->link_notes;
-	  $link_rss_uri = $row->link_rss;
+      $link_notes = htmlspecialchars($row->link_notes);
+	  $link_rss_uri = htmlspecialchars($row->link_rss);
     }
 
 ?>
@@ -690,6 +690,10 @@ function checkAll(form)
     $links = $wpdb->get_results($sql);
     if ($links) {
         foreach ($links as $link) {
+      	    $link->link_name = htmlspecialchars($link->link_name);
+      	    $link->link_category = htmlspecialchars($link->link_category);
+      	    $link->link_description = htmlspecialchars($link->link_description);
+            $link->link_url = htmlspecialchars($link->link_url);
             $short_url = str_replace('http://', '', $link->link_url);
             $short_url = str_replace('www.', '', $short_url);
             if ('/' == substr($short_url, -1))