From 93ab0818209657febc7b4957f662634286ecc18d Mon Sep 17 00:00:00 2001
From: Kirk Wight <kwight@kwight.ca>
Date: Sat, 3 May 2014 21:46:58 -0400
Subject: [PATCH] Additional escaping and removing of unnecessary title
 attributes.

---
 content-single.php |  6 +++---
 functions.php      |  4 ++--
 header.php         | 10 +++++-----
 image.php          | 14 +++++++-------
 no-results.php     |  6 +++---
 searchform.php     |  2 +-
 sidebar.php        |  4 ++--
 single.php         |  2 +-
 8 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/content-single.php b/content-single.php
index c290fd7f35..cb89ab3638 100644
--- a/content-single.php
+++ b/content-single.php
@@ -17,7 +17,7 @@
 
 	<div class="entry-content">
 		<?php the_content(); ?>
-		<?php wp_link_pages( array( 'before' => '<div class="page-links">' . __( 'Pages:', 'debut' ), 'after' => '</div>' ) ); ?>
+		<?php wp_link_pages( array( 'before' => '<div class="page-links">' . esc_html__( 'Pages:', 'debut' ), 'after' => '</div>' ) ); ?>
 	</div><!-- .entry-content -->
 
 	<footer class="entry-meta">
@@ -50,11 +50,11 @@
 				$meta_text,
 				$category_list,
 				$tag_list,
-				get_permalink(),
+				esc_url( get_permalink() ),
 				the_title_attribute( 'echo=0' )
 			);
 		?>
 
-		<?php edit_post_link( __( 'Edit', 'debut' ), '<span class="edit-link">', '</span>' ); ?>
+		<?php edit_post_link( esc_html__( 'Edit', 'debut' ), '<span class="edit-link">', '</span>' ); ?>
 	</footer><!-- .entry-meta -->
 </article><!-- #post-<?php the_ID(); ?> -->
diff --git a/functions.php b/functions.php
index 23435e58ab..69dd46d86d 100644
--- a/functions.php
+++ b/functions.php
@@ -290,7 +290,7 @@ function debut_comment( $comment, $args, $depth ) {
 		<?php echo get_avatar( $comment, 60 ); ?>
 		<div class="comment-meta">
 			<div class="perma-reply-edit">
-				<a href="<?php echo esc_url( get_comment_link() ); ?>"><?php _e( 'Permalink', 'debut' ); ?></a>
+				<a href="<?php echo esc_url( get_comment_link() ); ?>"><?php esc_html_e( 'Permalink', 'debut' ); ?></a>
 				<?php comment_reply_link( array_merge( $args, array( 'depth' => $depth, 'max_depth' => $args['max_depth'], 'before' => '&nbsp;&sdot;&nbsp;' ) ) );
 				if ( $can_edit_post ) { edit_comment_link( __( 'Edit', 'debut' ), '&nbsp;&sdot;&nbsp;' ); } ?>
 			</div><!-- .perma-reply-edit -->
@@ -460,7 +460,7 @@ function debut_lang_switcher() {
 		$html = '<div class="debut-lang-switcher">';
 		foreach( $lang as $value ) {
 			if ( 0 == $value[ 'active' ] ) {
-				$html .= '<a class="debut-lang" href="' . $value[ 'url' ] . '">' . $value[ 'language_code' ]  . '</a>';
+				$html .= '<a class="debut-lang" href="' . esc_url( $value[ 'url' ] ) . '">' . esc_html( $value[ 'language_code' ] )  . '</a>';
 			}
 		}
 		$html .= '</div><!-- end .debut-lang-switcher -->';
diff --git a/header.php b/header.php
index a7c3dce13b..8b202065da 100644
--- a/header.php
+++ b/header.php
@@ -39,8 +39,8 @@
 		 */
 		?>
 		<nav role="navigation" class="site-navigation small-navigation">
-			<h1 class="assistive-text"><?php _e( 'Menu', 'debut' ); ?></h1>
-			<div class="assistive-text skip-link"><a href="#content" title="<?php esc_attr_e( 'Skip to content', 'debut' ); ?>"><?php _e( 'Skip to content', 'debut' ); ?></a></div>
+			<h1 class="assistive-text"><?php esc_html_e( 'Menu', 'debut' ); ?></h1>
+			<div class="assistive-text skip-link"><a href="#content"><?php esc_html_e( 'Skip to content', 'debut' ); ?></a></div>
 			<button class="menu-button">Menu</button>
 			<?php wp_nav_menu( array( 'theme_location' => 'primary' ) ); ?>
 		</nav>
@@ -53,7 +53,7 @@
 			</div>
 		<?php else : ?>
 			<hgroup class="identity">
-				<h1 class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></h1>
+				<h1 class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></h1>
 				<h2 class="site-description"><?php bloginfo( 'description' ); ?></h2>
 			</hgroup>
 		<?php endif; ?>
@@ -63,8 +63,8 @@
 	</header><!-- #masthead .site-header -->
 	
 	<nav role="navigation" class="site-navigation main-navigation">
-		<h1 class="assistive-text"><?php _e( 'Menu', 'debut' ); ?></h1>
-		<div class="assistive-text skip-link"><a href="#content" title="<?php esc_attr_e( 'Skip to content', 'debut' ); ?>"><?php _e( 'Skip to content', 'debut' ); ?></a></div>
+		<h1 class="assistive-text"><?php esc_html_e( 'Menu', 'debut' ); ?></h1>
+		<div class="assistive-text skip-link"><a href="#content"><?php esc_html_e( 'Skip to content', 'debut' ); ?></a></div>
 
 		<?php wp_nav_menu( array( 'theme_location' => 'primary' ) ); ?>
 	</nav>
diff --git a/image.php b/image.php
index b955ef4b5b..acdf084402 100644
--- a/image.php
+++ b/image.php
@@ -24,14 +24,14 @@
 								printf( __( 'Published <span class="entry-date"><time class="entry-date" datetime="%1$s" pubdate>%2$s</time></span> at <a href="%3$s" title="Link to full-size image">%4$s &times; %5$s</a> in <a href="%6$s" title="Return to %7$s" rel="gallery">%7$s</a>', 'debut' ),
 									esc_attr( get_the_date( 'c' ) ),
 									esc_html( get_the_date() ),
-									wp_get_attachment_url(),
+									esc_url( wp_get_attachment_url() ),
 									$metadata['width'],
 									$metadata['height'],
-									get_permalink( $post->post_parent ),
-									get_the_title( $post->post_parent )
+									esc_url( get_permalink( $post->post_parent ) ),
+									esc_html( get_the_title( $post->post_parent ) )
 								);
 							?>
-							<?php edit_post_link( __( 'Edit', 'debut' ), '<span class="sep">&nbsp&nbsp&bull;&nbsp&nbsp</span> <span class="edit-link">', '</span>' ); ?>
+							<?php edit_post_link( esc_html__( 'Edit', 'debut' ), '<span class="sep">&nbsp&nbsp&bull;&nbsp&nbsp</span> <span class="edit-link">', '</span>' ); ?>
 						</div><!-- .entry-meta -->
 
 						<nav id="image-navigation">
@@ -69,7 +69,7 @@
 									}
 								?>
 
-								<a href="<?php echo $next_attachment_url; ?>" title="<?php echo esc_attr( get_the_title() ); ?>" rel="attachment"><?php
+								<a href="<?php echo esc_url( $next_attachment_url ); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><?php
 									$attachment_size = apply_filters( 'debut_attachment_size', array( 1200, 1200 ) ); // Filterable image size.
 									echo wp_get_attachment_image( $post->ID, $attachment_size );
 								?></a>
@@ -95,9 +95,9 @@
 						<?php elseif ( comments_open() && ! pings_open() ) : // Only comments open ?>
 							<?php _e( 'Trackbacks are closed, but you can <a class="comment-link" href="#respond" title="Post a comment">post a comment</a>.', 'debut' ); ?>
 						<?php elseif ( ! comments_open() && ! pings_open() ) : // Comments and trackbacks closed ?>
-							<?php _e( 'Both comments and trackbacks are currently closed.', 'debut' ); ?>
+							<?php esc_html_e( 'Both comments and trackbacks are currently closed.', 'debut' ); ?>
 						<?php endif; ?>
-						<?php edit_post_link( __( 'Edit', 'debut' ), ' <span class="edit-link">', '</span>' ); ?>
+						<?php edit_post_link( esc_html__( 'Edit', 'debut' ), ' <span class="edit-link">', '</span>' ); ?>
 					</footer><!-- .entry-meta -->
 				</article><!-- #post-<?php the_ID(); ?> -->
 
diff --git a/no-results.php b/no-results.php
index 3dbf4c9a7e..239c5c9d14 100644
--- a/no-results.php
+++ b/no-results.php
@@ -11,7 +11,7 @@
 
 <article id="post-0" class="post no-results not-found">
 	<header class="entry-header">
-		<h1 class="entry-title"><?php _e( 'Nothing Found', 'debut' ); ?></h1>
+		<h1 class="entry-title"><?php esc_html_e( 'Nothing Found', 'debut' ); ?></h1>
 	</header><!-- .entry-header -->
 
 	<div class="entry-content">
@@ -21,11 +21,11 @@
 
 		<?php } elseif ( is_search() ) { ?>
 
-			<p><?php _e( 'Sorry, but nothing matched your search terms. Please try again with some different keywords.', 'debut' ); ?></p>
+			<p><?php esc_html_e( 'Sorry, but nothing matched your search terms. Please try again with some different keywords.', 'debut' ); ?></p>
 
 		<?php } else { ?>
 
-			<p><?php _e( 'It seems we can&rsquo;t find what you&rsquo;re looking for. Perhaps searching can help.', 'debut' ); ?></p>
+			<p><?php esc_html_e( 'It seems we can&rsquo;t find what you&rsquo;re looking for. Perhaps searching can help.', 'debut' ); ?></p>
 
 		<?php } ?>
 	</div><!-- .entry-content -->
diff --git a/searchform.php b/searchform.php
index 1aceff97f4..150153f5e9 100644
--- a/searchform.php
+++ b/searchform.php
@@ -7,7 +7,7 @@
  */
 ?>
 	<form method="get" class="searchform" action="<?php echo esc_url( home_url( '/' ) ); ?>" role="search">
-		<label for="s" class="assistive-text"><?php _e( 'Search', 'debut' ); ?></label>
+		<label for="s" class="assistive-text"><?php esc_html_e( 'Search', 'debut' ); ?></label>
 		<input type="text" class="field" name="s" id="s" placeholder="<?php esc_attr_e( 'Search &hellip;', 'debut' ); ?>" />
 		<input type="submit" class="submit searchsubmit" name="submit" value="<?php esc_attr_e( 'Search', 'debut' ); ?>" />
 	</form>
diff --git a/sidebar.php b/sidebar.php
index 84ba7a424b..763fe114d2 100644
--- a/sidebar.php
+++ b/sidebar.php
@@ -15,14 +15,14 @@
 				</aside>
 
 				<aside id="archives" class="widget">
-					<h1 class="widget-title"><?php _e( 'Archives', 'debut' ); ?></h1>
+					<h1 class="widget-title"><?php esc_html_e( 'Archives', 'debut' ); ?></h1>
 					<ul>
 						<?php wp_get_archives( array( 'type' => 'monthly' ) ); ?>
 					</ul>
 				</aside>
 
 				<aside id="meta" class="widget">
-					<h1 class="widget-title"><?php _e( 'Meta', 'debut' ); ?></h1>
+					<h1 class="widget-title"><?php esc_html_e( 'Meta', 'debut' ); ?></h1>
 					<ul>
 						<?php wp_register(); ?>
 						<li><?php wp_loginout(); ?></li>
diff --git a/single.php b/single.php
index fc0a81d295..5a824882c3 100644
--- a/single.php
+++ b/single.php
@@ -22,7 +22,7 @@
 					if ( comments_open() || '0' != get_comments_number() ) {
 						comments_template( '', true );
 					} elseif ( ! comments_open() ) { ?>
-						<p class="nocomments"><?php _e( 'Comments are closed.', 'debut' ); ?></p>
+						<p class="nocomments"><?php esc_html_e( 'Comments are closed.', 'debut' ); ?></p>
 					<?php } 
 				?>