WordPress.org

Plugin Directory

Changeset 632010 for wordpress-seo


Ignore:
Timestamp:
11/29/12 22:05:48 (17 months ago)
Author:
joostdevalk
Message:

Code cleanup and best practices implementation.

Location:
wordpress-seo/trunk
Files:
29 edited

Legend:

Unmodified
Added
Removed
  • wordpress-seo/trunk/admin/TextStatistics.php

    r564005 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
  • wordpress-seo/trunk/admin/ajax.php

    r590860 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
     
    1217    check_ajax_referer( 'wpseo-setoption' ); 
    1318 
    14     $option = $_POST['option']; 
     19    $option = esc_attr( $_POST['option'] ); 
    1520    if ( $option != 'page_comments' ) 
    1621        die( '-1' ); 
  • wordpress-seo/trunk/admin/class-admin.php

    r594473 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
     
    4550        add_filter( 'user_contactmethods', array( $this, 'update_contactmethods' ), 10, 1 ); 
    4651 
     52        add_action( 'update_option_wpseo_titles', array( $this, 'clear_cache' ) ); 
     53        add_action( 'update_option_wpseo', array( $this, 'clear_cache' ) ); 
     54 
     55        add_action( 'update_option_wpseo_permalinks', array( $this, 'clear_rewrites' ) ); 
     56        add_action( 'update_option_wpseo_xml', array( $this, 'clear_rewrites' ) ); 
     57    } 
     58 
     59    /** 
     60     * Clears the cache 
     61     */ 
     62    function clear_cache() { 
     63        if ( function_exists( 'w3tc_pgcache_flush' ) ) { 
     64            w3tc_pgcache_flush(); 
     65        } else if ( function_exists( 'wp_cache_clear_cache' ) ) { 
     66            wp_cache_clear_cache(); 
     67        } 
     68    } 
     69 
     70    /** 
     71     * Clear rewrites 
     72     */ 
     73    function clear_rewrites() { 
     74        delete_option( 'rewrite_rules' ); 
    4775    } 
    4876 
     
    5987        register_setting( 'yoast_wpseo_social_options', 'wpseo_social' ); 
    6088 
    61         if ( function_exists( 'is_multisite' ) && is_multisite() ) 
     89        if ( function_exists( 'is_multisite' ) && is_multisite() ) { 
     90            if ( get_option('wpseo') == '1pseo_social' ) 
     91                delete_option('wpseo'); 
    6292            register_setting( 'yoast_wpseo_multisite_options', 'wpseo_multisite' ); 
     93        } 
    6394    } 
    6495 
     
    6899            $options = get_site_option( 'wpseo_ms' ); 
    69100            if ( is_array( $options ) && isset( $options['defaultblog'] ) && !empty( $options['defaultblog'] ) && $options['defaultblog'] != 0 ) { 
    70                 foreach ( get_wpseo_options_arr() as $option ) { 
    71                     update_option( $option, get_blog_option( $options['defaultblog'], $option ) ); 
     101                foreach ( get_wpseo_options_arr() as $wpseo_option ) { 
     102                    update_option( $wpseo_option, get_blog_option( $options['defaultblog'], $wpseo_option ) ); 
    72103                } 
    73104            } 
     
    255286     */ 
    256287    function process_user_option_update( $user_id ) { 
    257         update_user_meta( $user_id, 'wpseo_title', ( isset( $_POST['wpseo_author_title'] ) ? $_POST['wpseo_author_title'] : '' ) ); 
    258         update_user_meta( $user_id, 'wpseo_metadesc', ( isset( $_POST['wpseo_author_metadesc'] ) ? $_POST['wpseo_author_metadesc'] : '' ) ); 
    259         update_user_meta( $user_id, 'wpseo_metakey', ( isset( $_POST['wpseo_author_metakey'] ) ? $_POST['wpseo_author_metakey'] : '' ) ); 
     288        if ( check_admin_referer( 'wpseo_user_profile_update', 'wpseo_nonce' ) ) { 
     289            update_user_meta( $user_id, 'wpseo_title', ( isset( $_POST['wpseo_author_title'] ) ? esc_html( $_POST['wpseo_author_title'] ) : '' ) ); 
     290            update_user_meta( $user_id, 'wpseo_metadesc', ( isset( $_POST['wpseo_author_metadesc'] ) ? esc_html( $_POST['wpseo_author_metadesc'] ) : '' ) ); 
     291            update_user_meta( $user_id, 'wpseo_metakey', ( isset( $_POST['wpseo_author_metakey'] ) ? esc_html( $_POST['wpseo_author_metakey'] ) : '' ) ); 
     292        } 
    260293    } 
    261294 
     
    283316     */ 
    284317    function user_profile( $user ) { 
     318 
    285319        if ( !current_user_can( 'edit_users' ) ) 
    286320            return; 
    287321 
    288322        $options = get_wpseo_options(); 
     323 
     324        wp_nonce_field( 'wpseo_user_profile_update', 'wpseo_nonce' ); 
    289325        ?> 
    290     <h3 id="wordpress-seo"><?php _e( "WordPress SEO settings", 'wordpress-seo' ); ?></h3> 
    291     <table class="form-table"> 
    292         <tr> 
    293             <th><?php _e( "Title to use for Author page", 'wordpress-seo' ); ?></th> 
    294             <td><input class="regular-text" type="text" name="wpseo_author_title" 
    295                        value="<?php echo esc_attr( get_the_author_meta( 'wpseo_title', $user->ID ) ); ?>"/></td> 
    296         </tr> 
    297         <tr> 
    298             <th><?php _e( "Meta description to use for Author page", 'wordpress-seo' ); ?></th> 
    299             <td><textarea rows="3" cols="30" 
    300                           name="wpseo_author_metadesc"><?php echo esc_html( get_the_author_meta( 'wpseo_metadesc', $user->ID ) ); ?></textarea> 
    301             </td> 
    302         </tr> 
     326    <h3 id="wordpress-seo"><?php _e( "WordPress SEO settings", 'wordpress-seo' ); ?></h3> 
     327    <table class="form-table"> 
     328        <tr> 
     329            <th><?php _e( "Title to use for Author page", 'wordpress-seo' ); ?></th> 
     330            <td><input class="regular-text" type="text" name="wpseo_author_title" 
     331                       value="<?php echo esc_attr( get_the_author_meta( 'wpseo_title', $user->ID ) ); ?>"/></td> 
     332        </tr> 
     333        <tr> 
     334            <th><?php _e( "Meta description to use for Author page", 'wordpress-seo' ); ?></th> 
     335            <td><textarea rows="3" cols="30" 
     336                          name="wpseo_author_metadesc"><?php echo esc_html( get_the_author_meta( 'wpseo_metadesc', $user->ID ) ); ?></textarea> 
     337            </td> 
     338        </tr> 
    303339        <?php     if ( isset( $options['usemetakeywords'] ) && $options['usemetakeywords'] ) { ?> 
    304         <tr> 
    305             <th><?php _e( "Meta keywords to use for Author page", 'wordpress-seo' ); ?></th> 
    306             <td><input class="regular-text" type="text" name="wpseo_author_metakey" 
    307                        value="<?php echo esc_attr( get_the_author_meta( 'wpseo_metakey', $user->ID ) ); ?>"/></td> 
    308         </tr> 
     340        <tr> 
     341            <th><?php _e( "Meta keywords to use for Author page", 'wordpress-seo' ); ?></th> 
     342            <td><input class="regular-text" type="text" name="wpseo_author_metakey" 
     343                       value="<?php echo esc_attr( get_the_author_meta( 'wpseo_metakey', $user->ID ) ); ?>"/></td> 
     344        </tr> 
    309345        <?php } ?> 
    310     </table> 
    311     <br/><br/> 
     346    </table> 
     347    <br/><br/> 
    312348    <?php 
    313349    } 
     
    428464        if ( version_compare( $current_version, '1.2.4', '<' ) ) { 
    429465            $options = get_option( 'wpseo_titles' ); 
    430             if ( isset( $options['title-home'] ) && $options['title-home'] == '%%sitename%% - %%sitedesc%% - 12345' ) { 
     466            if ( is_array($options) && isset( $options['title-home'] ) && $options['title-home'] == '%%sitename%% - %%sitedesc%% - 12345' ) { 
    431467                $options['title-home'] = '%%sitename%% - %%sitedesc%%'; 
    432468                update_option( 'wpseo_titles', $options ); 
     
    436472        if ( version_compare( $current_version, '1.2.8', '<' ) ) { 
    437473            $options = get_option( 'wpseo' ); 
    438             if ( isset( $options['presstrends'] ) ) { 
     474            if ( is_array($options) && isset( $options['presstrends'] ) ) { 
    439475                $options['yoast_tracking'] = 'on'; 
    440476                unset( $options['presstrends'] ); 
     
    445481        if ( version_compare( $current_version, '1.2.8.2', '<' ) ) { 
    446482            $options = get_option( 'wpseo' ); 
    447             if ( isset( $options['presstrends'] ) ) { 
     483            if ( is_array($options) && isset( $options['presstrends'] ) ) { 
    448484                $options['yoast_tracking'] = 'on'; 
    449485                unset( $options['presstrends'] ); 
    450486            } 
    451             if ( isset( $options['presstrends_popup'] ) ) { 
     487            if ( is_array($options) && isset( $options['presstrends_popup'] ) ) { 
    452488                $options['tracking_popup'] = 'on'; 
    453489                unset( $options['presstrends_popup'] ); 
  • wordpress-seo/trunk/admin/class-config.php

    r595859 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
     
    102107            $msg = __( 'Settings updated', 'wordpress-seo' ); 
    103108 
    104             if ( function_exists( 'w3tc_pgcache_flush' ) ) { 
    105                 w3tc_pgcache_flush(); 
    106                 $msg .= __( ' &amp; W3 Total Cache Page Cache flushed', 'wordpress-seo' ); 
    107             } else if ( function_exists( 'wp_cache_clear_cache' ) ) { 
    108                 wp_cache_clear_cache(); 
    109                 $msg .= __( ' &amp; WP Super Cache flushed', 'wordpress-seo' ); 
    110             } 
    111  
    112             // flush rewrite rules if XML sitemap settings have been updated. 
    113             if ( isset( $_GET['page'] ) && 'wpseo_xml' == $_GET['page'] ) 
    114                 flush_rewrite_rules(); 
    115  
    116             echo '<div id="message" style="width:94%;" class="message updated"><p><strong>' . $msg . '.</strong></p></div>'; 
     109            echo '<div id="message" style="width:94%;" class="message updated"><p><strong>' . esc_html( $msg ) . '.</strong></p></div>'; 
    117110        } 
    118111        ?> 
     
    283276            if ( !empty( $label_left ) ) 
    284277                $label_left .= ':'; 
    285             $output_label = '<label class="checkbox" for="' . $var . '">' . $label_left . '</label>'; 
     278            $output_label = '<label class="checkbox" for="' . esc_attr( $var ) . '">' . esc_html( $label_left ) . '</label>'; 
    286279            $class        = 'checkbox'; 
    287280        } else { 
    288             $output_label = '<label for="' . $var . '">' . $label . '</label>'; 
     281            $output_label = '<label for="' . esc_attr( $var ) . '">' . esc_html( $label ) . '</label>'; 
    289282            $class        = 'checkbox double'; 
    290283        } 
    291284 
    292         $output_input = "<input class='$class' type='checkbox' id='${var}' name='${option}[${var}]' " . checked( $options[$var], 'on', false ) . '/>'; 
     285        $output_input = "<input class='$class' type='checkbox' id='".esc_attr( $var )."' name='" . esc_attr( $option ) . "[" . esc_attr( $var ) ."]' " . checked( $options[$var], 'on', false ) . '/>'; 
    293286 
    294287        if ( $label_left !== false ) { 
    295             $output = $output_label . $output_input . '<label class="checkbox" for="' . $var . '">' . $label . '</label>'; 
     288            $output = $output_label . $output_input . '<label class="checkbox" for="' . esc_attr( $var ) . '">' . esc_html( $label ) . '</label>'; 
    296289        } else { 
    297290            $output = $output_input . $output_label; 
     
    318311            $val = esc_attr( $options[$var] ); 
    319312 
    320         return '<label class="textinput" for="' . $var . '">' . $label . ':</label><input class="textinput" type="text" id="' . $var . '" name="' . $option . '[' . $var . ']" value="' . $val . '"/>' . '<br class="clear" />'; 
     313        return '<label class="textinput" for="' . esc_attr( $var ) . '">' . esc_html( $label ) . ':</label><input class="textinput" type="text" id="' . esc_attr( $var ) . '" name="' . $option . '[' . esc_attr( $var ) . ']" value="' . $val . '"/>' . '<br class="clear" />'; 
    321314    } 
    322315 
     
    340333            $val = esc_attr( $options[$var] ); 
    341334 
    342         return '<label class="textinput" for="' . $var . '">' . $label . ':</label><textarea class="textinput ' . $class . '" id="' . $var . '" name="' . $option . '[' . $var . ']">' . $val . '</textarea>' . '<br class="clear" />'; 
     335 
     336        return '<label class="textinput" for="' . esc_attr( $var ) . '">' . esc_html( $label ) . ':</label><textarea class="textinput ' . $class . '" id="' . esc_attr( $var ) . '" name="' . $option . '[' . esc_attr( $var ) . ']">' . $val . '</textarea>' . '<br class="clear" />'; 
    343337    } 
    344338 
     
    360354            $val = esc_attr( $options[$var] ); 
    361355 
    362         return '<input type="hidden" id="hidden_' . $var . '" name="' . $option . '[' . $var . ']" value="' . $val . '"/>'; 
     356        return '<input type="hidden" id="hidden_' . esc_attr( $var ) . '" name="' . $option . '[' . esc_attr( $var ) . ']" value="' . $val . '"/>'; 
    363357    } 
    364358 
     
    378372        $options = $this->get_option( $option ); 
    379373 
    380         $output = '<label class="select" for="' . $var . '">' . $label . ':</label>'; 
    381         $output .= '<select class="select" name="' . $option . '[' . $var . ']" id="' . $var . '">'; 
     374        $var_esc = esc_attr( $var ); 
     375        $output = '<label class="select" for="' . $var_esc . '">' . $label . ':</label>'; 
     376        $output .= '<select class="select" name="' . $option . '[' . $var_esc . ']" id="' . $var_esc . '">'; 
    382377 
    383378        foreach ( $values as $value => $label ) { 
     
    411406            $val = $options[$var]['url']; 
    412407        } 
    413         $output = '<label class="select" for="' . $var . '">' . $label . ':</label>'; 
    414         $output .= '<input type="file" value="' . $val . '" class="textinput" name="' . $option . '[' . $var . ']" id="' . $var . '"/>'; 
     408 
     409        $var_esc = esc_attr( $var ); 
     410        $output = '<label class="select" for="' . $var_esc . '">' . esc_html( $label ) . ':</label>'; 
     411        $output .= '<input type="file" value="' . $val . '" class="textinput" name="' . esc_attr( $option ) . '[' . $var_esc . ']" id="' . $var_esc . '"/>'; 
    415412 
    416413        // Need to save separate array items in hidden inputs, because empty file inputs type will be deleted by settings API. 
    417414        if ( !empty( $options[$var] ) ) { 
    418             $output .= '<input class="hidden" type="hidden" id="' . $var . '_file" name="wpseo_local[' . $var . '][file]" value="' . esc_attr( $options[$var]['file'] ) . '"/>'; 
    419             $output .= '<input class="hidden" type="hidden" id="' . $var . '_url" name="wpseo_local[' . $var . '][url]" value="' . esc_attr( $options[$var]['url'] ) . '"/>'; 
    420             $output .= '<input class="hidden" type="hidden" id="' . $var . '_type" name="wpseo_local[' . $var . '][type]" value="' . esc_attr( $options[$var]['type'] ) . '"/>'; 
     415            $output .= '<input class="hidden" type="hidden" id="' . $var_esc . '_file" name="wpseo_local[' . $var_esc . '][file]" value="' . esc_attr( $options[$var]['file'] ) . '"/>'; 
     416            $output .= '<input class="hidden" type="hidden" id="' . $var_esc . '_url" name="wpseo_local[' . $var_esc . '][url]" value="' . esc_attr( $options[$var]['url'] ) . '"/>'; 
     417            $output .= '<input class="hidden" type="hidden" id="' . $var_esc . '_type" name="wpseo_local[' . $var_esc . '][type]" value="' . esc_attr( $options[$var]['type'] ) . '"/>'; 
    421418        } 
    422419        $output .= '<br class="clear"/>'; 
     
    443440            $options[$var] = false; 
    444441 
     442        $var_esc = esc_attr( $var ); 
     443 
    445444        $output = '<br/><label class="select">' . $label . ':</label>'; 
    446445        foreach ( $values as $key => $value ) { 
    447             $output .= '<input type="radio" class="radio" id="' . $var . '-' . $key . '" name="' . $option . '[' . $var . ']" value="' . $key . '" ' . ( $options[$var] == $key ? ' checked="checked"' : '' ) . ' /> <label class="radio" for="' . $var . '-' . $key . '">' . $value . '</label>'; 
     446            $key = esc_attr( $key ); 
     447            $output .= '<input type="radio" class="radio" id="' . $var_esc . '-' . $key . '" name="' . esc_attr( $option ) . '[' . $var_esc . ']" value="' . $key . '" ' . ( $options[$var] == $key ? ' checked="checked"' : '' ) . ' /> <label class="radio" for="' . $var_esc . '-' . $key . '">' . esc_attr( $value ) . '</label>'; 
    448448        } 
    449449        $output .= '<br/>'; 
     
    453453 
    454454    /** 
    455      * Create a potbox widget. 
     455     * Create a postbox widget. 
    456456     * 
    457457     * @param string $id      ID of the postbox. 
     
    461461    function postbox( $id, $title, $content ) { 
    462462        ?> 
    463     <div id="<?php echo $id; ?>" class="yoastbox"> 
    464         <h2><?php echo $title; ?></h2> 
     463    <div id="<?php echo esc_attr( $id ); ?>" class="yoastbox"> 
     464        <h2><?php echo esc_html( $title ); ?></h2> 
    465465        <?php echo $content; ?> 
    466466    </div> 
     
    480480            $content .= '<tr><th valign="top" scrope="row">'; 
    481481            if ( isset( $row['id'] ) && $row['id'] != '' ) 
    482                 $content .= '<label for="' . $row['id'] . '">' . $row['label'] . ':</label>'; 
     482                $content .= '<label for="' . esc_attr( $row['id'] ) . '">' . esc_html( $row['label'] ) . ':</label>'; 
    483483            else 
    484                 $content .= $row['label']; 
     484                $content .= esc_html( $row['label'] ); 
    485485            if ( isset( $row['desc'] ) && $row['desc'] != '' ) 
    486                 $content .= '<br/><small>' . $row['desc'] . '</small>'; 
     486                $content .= '<br/><small>' . esc_html( $row['desc'] ) . '</small>'; 
    487487            $content .= '</th><td valign="top">'; 
    488488            $content .= $row['content']; 
     
    510510    function fetch_rss_items( $num, $feed ) { 
    511511        include_once( ABSPATH . WPINC . '/feed.php' ); 
    512         $rss = fetch_feed( $feed ); 
     512        $rss = fetch_feed( esc_url( $feed ) ); 
    513513 
    514514        // Bail if feed doesn't work 
     
    523523            delete_transient( 'feed_' . $md5 ); 
    524524            delete_transient( 'feed_mod_' . $md5 ); 
    525             $rss       = fetch_feed( $feed ); 
     525            $rss       = fetch_feed( esc_url( $feed ) ); 
    526526            $rss_items = $rss->get_items( 0, $rss->get_item_quantity( $num ) ); 
    527527        } 
  • wordpress-seo/trunk/admin/class-metabox.php

    r609769 r632010  
    55 * This code generates the metabox on the edit post / page as well as contains all page analysis functionality. 
    66 */ 
     7 
     8if ( !defined('WPSEO_VERSION') ) { 
     9    header('HTTP/1.0 403 Forbidden'); 
     10    die; 
     11} 
    712 
    813/** 
     
    126131        if ( !isset( $title ) ) 
    127132            $title = ucfirst( $score ); 
    128         $result = '<div title="' . $title . '" alt="' . $title . '" class="wpseo_score_img ' . $score . '"></div>'; 
     133        $result = '<div title="' . esc_attr( $title ) . '" alt="' . esc_attr( $title ) . '" class="wpseo_score_img ' . $score . '"></div>'; 
    129134 
    130135        echo 'SEO: ' . $result . ' <a class="wpseo_tablink scroll" href="#wpseo_linkdex">Check</a>'; 
     
    198203        var wpseo_title_template = '<?php echo esc_attr( $title_template ); ?>'; 
    199204        var wpseo_metadesc_template = '<?php echo esc_attr( $metadesc_template ); ?>'; 
    200         var wpseo_permalink_template = '<?php echo $sample_permalink; ?>'; 
     205        var wpseo_permalink_template = '<?php echo esc_url( $sample_permalink ); ?>'; 
    201206        var wpseo_keyword_suggest_nonce = '<?php echo wp_create_nonce( 'wpseo-get-suggest' ); ?>'; 
    202207    </script> 
     
    222227     * @param string $id      CSS ID of the tab. 
    223228     * @param string $heading Heading for the tab. 
    224      * @param string $content Content of the tab. 
     229     * @param string $content Content of the tab. This content should be escaped. 
    225230     */ 
    226231    public function do_tab( $id, $heading, $content ) { 
    227232        ?> 
    228     <div class="wpseotab <?php echo $id ?>"> 
    229         <h4 class="wpseo-heading"><?php echo $heading ?></h4> 
     233    <div class="wpseotab <?php echo esc_attr( $id ) ?>"> 
     234        <h4 class="wpseo-heading"><?php echo esc_html( $heading ); ?></h4> 
    230235        <table class="form-table"> 
    231236            <?php echo $content ?> 
     
    267272            "description" => '<div class="alignright" style="padding:5px;"><a class="button" href="#snippetpreview" id="wpseo_regen_title">' . __( 'Generate SEO title', 'wordpress-seo' ) . '</a></div><p>' 
    268273                . sprintf( __( "Title display in search engines is limited to 70 chars, %s chars left.", 'wordpress-seo' ), "<span id='yoast_wpseo_title-length'></span>" ) . "<br/>" 
    269                 . sprintf( __( "If the SEO Title is empty, the preview shows what the plugin generates based on your %stitle template%s.", 'wordpress-seo' ), "<a target='_blank' href='" . admin_url( 'admin.php?page=wpseo_titles#' . $post_type ) . "'>", "</a>" ) . '</p>', 
     274                . sprintf( __( "If the SEO Title is empty, the preview shows what the plugin generates based on your %stitle template%s.", 'wordpress-seo' ), "<a target='_blank' href='" . admin_url( 'admin.php?page=wpseo_titles#' . esc_url( $post_type ) ) . "'>", "</a>" ) . '</p>', 
    270275        ); 
    271276        $mbs['metadesc']       = array( 
     
    277282            "rows"        => 2, 
    278283            "richedit"    => false, 
    279             "description" => sprintf( __( "The <code>meta</code> description will be limited to %s chars%s, %s chars left.", 'wordpress-seo' ), $this->meta_length, $this->meta_length_reason, "<span id='yoast_wpseo_metadesc-length'></span>" ) . " <div id='yoast_wpseo_metadesc_notice'></div><p>" . sprintf( __( "If the meta description is empty, the preview shows what the plugin generates based on your %smeta description template%s.", 'wordpress-seo' ), "<a target='_blank' href='" . admin_url( 'admin.php?page=wpseo_titles#' . $post_type ) . "'>", "</a>" ) . "</p>" 
     284            "description" => sprintf( __( "The <code>meta</code> description will be limited to %s chars%s, %s chars left.", 'wordpress-seo' ), $this->meta_length, $this->meta_length_reason, "<span id='yoast_wpseo_metadesc-length'></span>" ) . " <div id='yoast_wpseo_metadesc_notice'></div><p>" . sprintf( __( "If the meta description is empty, the preview shows what the plugin generates based on your %smeta description template%s.", 'wordpress-seo' ), "<a target='_blank' href='" . admin_url( 'admin.php?page=wpseo_titles#' . esc_url( $post_type ) ) . "'>", "</a>" ) . "</p>" 
    280285        ); 
    281286        if ( isset( $options['usemetakeywords'] ) && $options['usemetakeywords'] ) { 
     
    286291                "type"        => "text", 
    287292                "title"       => __( "Meta Keywords", 'wordpress-seo' ), 
    288                 "description" => sprintf( __( "If you type something above it will override your %smeta keywords template%s.", 'wordpress-seo' ), "<a target='_blank' href='" . admin_url( 'admin.php?page=wpseo_titles#' . $post_type ) . "'>", "</a>" ) 
     293                "description" => sprintf( __( "If you type something above it will override your %smeta keywords template%s.", 'wordpress-seo' ), "<a target='_blank' href='" . admin_url( 'admin.php?page=wpseo_titles#' . esc_url( $post_type ) ) . "'>", "</a>" ) 
    289294            ); 
    290295        } 
     
    428433    <div class="wpseo-metabox-tabs-div"> 
    429434        <ul class="wpseo-metabox-tabs" id="wpseo-metabox-tabs"> 
    430             <li class="general"><a class="wpseo_tablink" 
    431                                    href="#wpseo_general"><?php _e( "General", 'wordpress-seo' ); ?></a></li> 
    432             <li id="linkdex" class="linkdex"><a class="wpseo_tablink" 
    433                                                 href="#wpseo_linkdex"><?php _e( "Page Analysis", 'wordpress-seo' ); ?></a> 
    434             </li> 
    435             <li class="advanced"><a class="wpseo_tablink" 
    436                                     href="#wpseo_advanced"><?php _e( "Advanced", 'wordpress-seo' ); ?></a></li> 
     435            <li class="general"><a class="wpseo_tablink" href="#wpseo_general"><?php _e( "General", 'wordpress-seo' ); ?></a></li> 
     436            <li id="linkdex" class="linkdex"><a class="wpseo_tablink" href="#wpseo_linkdex"><?php _e( "Page Analysis", 'wordpress-seo' ); ?></a></li> 
     437            <li class="advanced"><a class="wpseo_tablink" href="#wpseo_advanced"><?php _e( "Advanced", 'wordpress-seo' ); ?></a></li> 
    437438            <?php do_action( 'wpseo_tab_header' ); ?> 
    438439        </ul> 
     
    472473        } else { 
    473474            $meta_box_value = wpseo_get_value( $meta_box['name'] ); 
     475            $meta_box['name'] = esc_attr( $meta_box['name'] ); 
    474476        } 
    475477 
     
    497499                if ( isset( $meta_box['autocomplete'] ) && $meta_box['autocomplete'] == 'off' ) 
    498500                    $ac = 'autocomplete="off" '; 
    499                 $content .= '<input type="text" placeholder="' . $placeholder . '" id="yoast_wpseo_' . $meta_box['name'] . '" ' . $ac . 'name="yoast_wpseo_' . $meta_box['name'] . '" value="' . esc_attr( $meta_box_value ) . '" class="large-text"/><br />'; 
     501                $content .= '<input type="text" placeholder="' . esc_attr( $placeholder ) . '" id="yoast_wpseo_' . $meta_box['name'] . '" ' . $ac . 'name="yoast_wpseo_' . $meta_box['name'] . '" value="' . esc_attr( $meta_box_value ) . '" class="large-text"/><br />'; 
    500502                break; 
    501503            case "textarea": 
    502                 $content .= '<textarea class="large-text" rows="3" id="yoast_wpseo_' . $meta_box['name'] . '" name="yoast_wpseo_' . $meta_box['name'] . '">' . esc_html( $meta_box_value ) . '</textarea>'; 
     504                $content .= '<textarea class="large-text" rows="3" id="yoast_wpseo_' . $meta_box['name'] . '" name="yoast_wpseo_' . $meta_box['name'] . '">' . esc_textarea( $meta_box_value ) . '</textarea>'; 
    503505                break; 
    504506            case "select": 
     
    508510                    if ( $meta_box_value == $val ) 
    509511                        $selected = 'selected="selected"'; 
    510                     $content .= '<option ' . $selected . ' value="' . esc_attr( $val ) . '">' . $option . '</option>'; 
     512                    $content .= '<option ' . $selected . ' value="' . esc_attr( $val ) . '">' . esc_html( $option ) . '</option>'; 
    511513                } 
    512514                $content .= '</select>'; 
     
    520522                    if ( in_array( $val, $selectedarr ) ) 
    521523                        $selected = 'selected="selected"'; 
    522                     $content .= '<option ' . $selected . ' value="' . esc_attr( $val ) . '">' . $option . '</option>'; 
     524                    $content .= '<option ' . $selected . ' value="' . esc_attr( $val ) . '">' . esc_html( $option ) . '</option>'; 
    523525                } 
    524526                $content .= '</select>'; 
     
    538540                    if ( $meta_box_value == $val ) 
    539541                        $selected = 'checked="checked"'; 
    540                     $content .= '<input type="radio" ' . $selected . ' id="yoast_wpseo_' . $meta_box['name'] . '_' . $val . '" name="yoast_wpseo_' . $meta_box['name'] . '" value="' . esc_attr( $val ) . '"/> <label for="yoast_wpseo_' . $meta_box['name'] . '_' . $val . '">' . $option . '</label> '; 
     542                    $content .= '<input type="radio" ' . $selected . ' id="yoast_wpseo_' . $meta_box['name'] . '_' . esc_attr( $val ) . '" name="yoast_wpseo_' . $meta_box['name'] . '" value="' . esc_attr( $val ) . '"/> <label for="yoast_wpseo_' . $meta_box['name'] . '_' . $val . '">' . $option . '</label> '; 
    541543                } 
    542544                break; 
     
    599601            $datestr = ''; 
    600602        $content = '<div id="wpseosnippet"> 
    601             <a class="title" href="#">' . $title . '</a><br/>'; 
     603            <a class="title" href="#">' . esc_html( $title ) . '</a><br/>'; 
    602604 
    603605//      if ( isset( $options['breadcrumbs-enable'] ) && $options['breadcrumbs-enable'] == 'on' ) { 
     
    605607//          $content .= '<span href="#" style="font-size: 13px; color: #282; line-height: 15px;" class="breadcrumb">' . yoast_breadcrumb('','',false) . '</span>'; 
    606608//      } else { 
    607             $content .= '<a href="#" style="font-size: 13px; color: #282; line-height: 15px;" class="url">' . str_replace( 'http://', '', get_bloginfo( 'url' ) ) . '/' . $slug . '/</a>'; 
     609            $content .= '<a href="#" style="font-size: 13px; color: #282; line-height: 15px;" class="url">' . str_replace( 'http://', '', get_bloginfo( 'url' ) ) . '/' . esc_html( $slug ) . '/</a>'; 
    608610//      } 
    609611//      if ( $gplus = $this->get_gplus_data( $post->post_author ) ) { 
     
    620622// 
    621623//      } else { 
    622             $content .= '<p class="desc" style="font-size: 13px; color: #000; line-height: 15px;">' . $datestr . '<span class="content">' . $desc . '</span></p>'; 
     624            $content .= '<p class="desc" style="font-size: 13px; color: #000; line-height: 15px;">' . $datestr . '<span class="content">' . esc_html( $desc ) . '</span></p>'; 
    623625//      } 
    624626        $content .= '</div>'; 
     
    720722            } 
    721723 
    722             wpseo_set_value( $meta_box['name'], $data, $post_id ); 
     724            wpseo_set_value( $meta_box['name'], sanitize_text_field( $data ), $post_id ); 
    723725        } 
    724726 
     
    741743        } else { 
    742744            wp_enqueue_style( 'metabox-tabs', WPSEO_URL . 'css/metabox-tabs.css', WPSEO_VERSION ); 
    743             wp_enqueue_style( "metabox-$color", WPSEO_URL . 'css/metabox-' . $color . '.css', WPSEO_VERSION ); 
     745            wp_enqueue_style( "metabox-$color", WPSEO_URL . 'css/metabox-' . esc_attr( $color ) . '.css', WPSEO_VERSION ); 
    744746 
    745747            wp_enqueue_script( 'jquery-ui-autocomplete', WPSEO_URL . 'js/jquery-ui-autocomplete.min.js', array( 'jquery', 'jquery-ui-core' ), WPSEO_VERSION, true ); 
     
    814816            } 
    815817 
    816             echo '<div title="' . $title . '" alt="' . $title . '" class="wpseo_score_img ' . $score . '"></div>'; 
     818            echo '<div title="' . $title . '" alt="' . $title . '" class="wpseo_score_img ' . esc_attr( $score ) . '"></div>'; 
    817819        } 
    818820        if ( $column_name == 'wpseo-title' ) { 
    819             echo $this->page_title( $post_id ); 
     821            echo esc_html( $this->page_title( $post_id ) ); 
    820822        } 
    821823        if ( $column_name == 'wpseo-metadesc' ) { 
    822             echo wpseo_get_value( 'metadesc', $post_id ); 
     824            echo esc_html( wpseo_get_value( 'metadesc', $post_id ) ); 
    823825        } 
    824826        if ( $column_name == 'wpseo-focuskw' ) { 
    825827            $focuskw = wpseo_get_value( 'focuskw', $post_id ); 
    826             echo $focuskw; 
     828            echo esc_html( $focuskw ); 
    827829        } 
    828830    } 
     
    991993        if ( is_wp_error( $results ) ) { 
    992994            $error = $results->get_error_messages(); 
    993             return '<div class="wpseo_msg"><p><strong>' . $error[0] . '</strong></p></div>'; 
     995            return '<div class="wpseo_msg"><p><strong>' . esc_html( $error[0] ) . '</strong></p></div>'; 
    994996        } 
    995997 
    996998        $output = '<table class="wpseoanalysis">'; 
    997999 
    998         $perc_score = wpseo_get_value( 'linkdex' ); 
     1000        $perc_score = absint( wpseo_get_value( 'linkdex' ) ); 
    9991001 
    10001002        foreach ( $results as $result ) { 
    10011003            $score = wpseo_translate_score( $result['val'] ); 
    1002             $output .= '<tr><td class="score"><div class="wpseo_score_img ' . $score . '"></div></td><td>' . $result['msg'] . '</td></tr>'; 
     1004            $output .= '<tr><td class="score"><div class="wpseo_score_img ' . esc_attr( $score ) . '"></div></td><td>' . esc_html( $result['msg'] ) . '</td></tr>'; 
    10031005        } 
    10041006        $output .= '</table>'; 
     
    10601062        // Title 
    10611063        if ( wpseo_get_value( 'title' ) ) { 
    1062             $title = wpseo_get_value( 'title' ); 
     1064            $job['title'] = wpseo_get_value( 'title' ); 
    10631065        } else { 
    10641066            if ( isset( $options['title-' . $post->post_type] ) && $options['title-' . $post->post_type] != '' ) 
     
    10661068            else 
    10671069                $title_template = '%%title%% - %%sitename%%'; 
    1068             $title = wpseo_replace_vars( $title_template, (array) $post ); 
    1069         } 
    1070         $this->score_title( $job, $results, $title, $statistics ); 
    1071         unset( $title ); 
     1070            $job['title'] = wpseo_replace_vars( $title_template, (array) $post ); 
     1071        } 
     1072        $this->score_title( $job, $results, $statistics ); 
    10721073 
    10731074        // Meta description 
     
    11131114        unset( $anchors, $count, $dom ); 
    11141115 
     1116        $results = apply_filters( 'wpseo_linkdex_results', $results, $job, $post ); 
     1117 
    11151118        $this->aasort( $results, 'val' ); 
    11161119 
     
    11271130        $score = round( ( $overall / $overall_max ) * 100 ); 
    11281131 
    1129         wpseo_set_value( 'linkdex', $score, $post->ID ); 
     1132        wpseo_set_value( 'linkdex', absint( $score ), $post->ID ); 
    11301133 
    11311134        return $results; 
     
    11381141     * @param int    $scoreValue   The score value. 
    11391142     * @param string $scoreMessage The score message. 
    1140      */ 
    1141     function save_score_result( &$results, $scoreValue, $scoreMessage ) { 
     1143     * @param string $scoreLabel   The label of the score to use in the results array. 
     1144     * @param string $rawScore     The raw score, to be used by other filters. 
     1145     */ 
     1146    function save_score_result( &$results, $scoreValue, $scoreMessage, $scoreLabel, $rawScore = null ) { 
    11421147        $score     = array( 
    11431148            'val' => $scoreValue, 
    1144             'msg' => $scoreMessage 
     1149            'msg' => $scoreMessage, 
     1150            'raw' => $rawScore 
    11451151        ); 
    1146         $results[] = $score; 
     1152        $results[ $scoreLabel ] = $score; 
    11471153    } 
    11481154 
     
    11961202 
    11971203        if ( $wpseo_admin->stopwords_check( $keyword ) !== false ) 
    1198             $this->save_score_result( $results, 5, sprintf( $keywordStopWord, "<a href=\"http://en.wikipedia.org/wiki/Stop_words\">", "</a>", $wpseo_admin->stopwords_check( $keyword ) ) ); 
     1204            $this->save_score_result( $results, 5, sprintf( $keywordStopWord, "<a href=\"http://en.wikipedia.org/wiki/Stop_words\">", "</a>", $wpseo_admin->stopwords_check( $keyword ) ), 'keyword_stopwords' ); 
    11991205    } 
    12001206 
     
    12191225 
    12201226        if ( stripos( $haystack1, $needle ) || stripos( $haystack2, $needle ) ) 
    1221             $this->save_score_result( $results, 9, $urlGood ); 
     1227            $this->save_score_result( $results, 9, $urlGood, 'url_keyword' ); 
    12221228        else 
    1223             $this->save_score_result( $results, 6, $urlMedium ); 
     1229            $this->save_score_result( $results, 6, $urlMedium, 'url_keyword' ); 
    12241230 
    12251231        // Check for Stop Words in the slug 
    12261232        if ( $wpseo_admin->stopwords_check( $job["pageSlug"], true ) !== false ) 
    1227             $this->save_score_result( $results, 5, $urlStopWords ); 
     1233            $this->save_score_result( $results, 5, $urlStopWords, 'url_stopword' ); 
    12281234 
    12291235        // Check if the slug isn't too long relative to the length of the keyword 
    12301236        if ( ( $statistics->text_length( $job["keyword"] ) + 20 ) < $statistics->text_length( $job["pageSlug"] ) && 40 < $statistics->text_length( $job["pageSlug"] ) ) 
    1231             $this->save_score_result( $results, 5, $longSlug ); 
     1237            $this->save_score_result( $results, 5, $longSlug, 'url_length' ); 
    12321238    } 
    12331239 
     
    12371243     * @param array  $job        The job array holding both the keyword versions. 
    12381244     * @param array  $results    The results array. 
    1239      * @param string $title      The title to check against keywords. 
    12401245     * @param object $statistics Object of class Yoast_TextStatistics used to calculate lengths. 
    12411246     */ 
    1242     function score_title( $job, &$results, $title, $statistics ) { 
     1247    function score_title( $job, &$results, $statistics ) { 
    12431248        $scoreTitleMinLength    = 40; 
    12441249        $scoreTitleMaxLength    = 70; 
     
    12531258        $scoreTitleKeywordEnd       = __( "The page title contains keyword / phrase, but it does not appear at the beginning; try and move it to the beginning.", 'wordpress-seo' ); 
    12541259 
    1255         if ( $title == "" ) { 
    1256             $this->save_score_result( $results, 1, $scoreTitleMissing ); 
     1260        if ( $job['title'] == "" ) { 
     1261            $this->save_score_result( $results, 1, $scoreTitleMissing, 'title' ); 
    12571262        } else { 
    1258             $length = $statistics->text_length( $title ); 
     1263            $length = $statistics->text_length( $job['title'] ); 
    12591264            if ( $length < $scoreTitleMinLength ) 
    1260                 $this->save_score_result( $results, 6, sprintf( $scoreTitleTooShort, $length ) ); 
     1265                $this->save_score_result( $results, 6, sprintf( $scoreTitleTooShort, $length ), 'title_length' ); 
    12611266            else if ( $length > $scoreTitleMaxLength ) 
    1262                 $this->save_score_result( $results, 6, sprintf( $scoreTitleTooLong, $length ) ); 
     1267                $this->save_score_result( $results, 6, sprintf( $scoreTitleTooLong, $length ), 'title_length' ); 
    12631268            else 
    1264                 $this->save_score_result( $results, 9, $scoreTitleCorrectLength ); 
     1269                $this->save_score_result( $results, 9, $scoreTitleCorrectLength, 'title_length' ); 
    12651270 
    12661271            // TODO MA Keyword/Title matching is exact match with separators removed, but should extend to distributed match 
    1267             $needle_position = stripos( $title, $job["keyword_folded"] ); 
     1272            $needle_position = stripos( $job['title'], $job["keyword_folded"] ); 
    12681273 
    12691274            if ( $needle_position === false ) { 
    1270                 $needle_position = stripos( $title, $job["keyword"] ); 
     1275                $needle_position = stripos( $job['title'], $job["keyword"] ); 
    12711276            } 
    12721277 
    12731278            if ( $needle_position === false ) 
    1274                 $this->save_score_result( $results, 2, sprintf( $scoreTitleKeywordMissing, $job["keyword_folded"] ) ); 
     1279                $this->save_score_result( $results, 2, sprintf( $scoreTitleKeywordMissing, $job["keyword_folded"] ), 'title_keyword' ); 
    12751280            else if ( $needle_position <= $scoreTitleKeywordLimit ) 
    1276                 $this->save_score_result( $results, 9, $scoreTitleKeywordBeginning ); 
     1281                $this->save_score_result( $results, 9, $scoreTitleKeywordBeginning, 'title_keyword' ); 
    12771282            else 
    1278                 $this->save_score_result( $results, 6, $scoreTitleKeywordEnd ); 
     1283                $this->save_score_result( $results, 6, $scoreTitleKeywordEnd, 'title_keyword' ); 
    12791284        } 
    12801285    } 
     
    12971302 
    12981303        if ( $count['external']['nofollow'] == 0 && $count['external']['dofollow'] == 0 ) { 
    1299             $this->save_score_result( $results, 6, $scoreNoLinks ); 
     1304            $this->save_score_result( $results, 6, $scoreNoLinks, 'links' ); 
    13001305        } else { 
    13011306            $found = false; 
     
    13051310            } 
    13061311            if ( $found ) 
    1307                 $this->save_score_result( $results, 2, $scoreKeywordInOutboundLink ); 
     1312                $this->save_score_result( $results, 2, $scoreKeywordInOutboundLink, 'links_focus_keyword' ); 
    13081313 
    13091314            if ( $count['external']['nofollow'] == 0 && $count['external']['dofollow'] > 0 ) { 
    1310                 $this->save_score_result( $results, 9, sprintf( $scoreLinksDofollow, $count['external']['dofollow'] ) ); 
     1315                $this->save_score_result( $results, 9, sprintf( $scoreLinksDofollow, $count['external']['dofollow'] ), 'links_number' ); 
    13111316            } else if ( $count['external']['nofollow'] > 0 && $count['external']['dofollow'] == 0 ) { 
    1312                 $this->save_score_result( $results, 7, sprintf( $scoreLinksNofollow, $count['external']['nofollow'] ) ); 
     1317                $this->save_score_result( $results, 7, sprintf( $scoreLinksNofollow, $count['external']['nofollow'] ), 'links_number' ); 
    13131318            } else { 
    1314                 $this->save_score_result( $results, 8, sprintf( $scoreLinks, $count['external']['nofollow'], $count['external']['dofollow'] ) ); 
     1319                $this->save_score_result( $results, 8, sprintf( $scoreLinks, $count['external']['nofollow'], $count['external']['dofollow'] ), 'links_number' ); 
    13151320            } 
    13161321        } 
     
    13941399 
    13951400        if ( $imgs['count'] == 0 ) { 
    1396             $this->save_score_result( $results, 3, $scoreImagesNoImages ); 
     1401            $this->save_score_result( $results, 3, $scoreImagesNoImages, 'images_alt' ); 
    13971402        } else if ( count( $imgs['alts'] ) == 0 && $imgs['count'] != 0 ) { 
    1398             $this->save_score_result( $results, 5, $scoreImagesNoAlt ); 
     1403            $this->save_score_result( $results, 5, $scoreImagesNoAlt, 'images_alt' ); 
    13991404        } else { 
    14001405            $found = false; 
     
    14081413            } 
    14091414            if ( $found ) 
    1410                 $this->save_score_result( $results, 9, $scoreImagesAltKeywordIn ); 
     1415                $this->save_score_result( $results, 9, $scoreImagesAltKeywordIn, 'images_alt' ); 
    14111416            else 
    1412                 $this->save_score_result( $results, 5, $scoreImagesAltKeywordMissing ); 
     1417                $this->save_score_result( $results, 5, $scoreImagesAltKeywordMissing, 'images_alt' ); 
    14131418        } 
    14141419 
     
    14671472        $headingCount = count( $headings ); 
    14681473        if ( $headingCount == 0 ) 
    1469             $this->save_score_result( $results, 7, $scoreHeadingsNone ); 
     1474            $this->save_score_result( $results, 7, $scoreHeadingsNone, 'headings' ); 
    14701475        else { 
    14711476            $found = 0; 
     
    14801485            } 
    14811486            if ( $found ) 
    1482                 $this->save_score_result( $results, 9, sprintf( $scoreHeadingsKeywordIn, $found, $headingCount ) ); 
     1487                $this->save_score_result( $results, 9, sprintf( $scoreHeadingsKeywordIn, $found, $headingCount ), 'headings' ); 
    14831488            else 
    1484                 $this->save_score_result( $results, 3, $scoreHeadingsKeywordMissing ); 
     1489                $this->save_score_result( $results, 3, $scoreHeadingsKeywordMissing, 'headings' ); 
    14851490        } 
    14861491    } 
     
    15241529 
    15251530        if ( $description == "" ) { 
    1526             $this->save_score_result( $results, 1, $scoreDescriptionMissing ); 
     1531            $this->save_score_result( $results, 1, $scoreDescriptionMissing, 'description_length' ); 
    15271532        } else { 
    15281533            $length = $statistics->text_length( $description ); 
    15291534 
    15301535            if ( $length < $scoreDescriptionMinLength ) 
    1531                 $this->save_score_result( $results, 6, sprintf( $scoreDescriptionTooShort, $maxlength, $metaShorter ) ); 
     1536                $this->save_score_result( $results, 6, sprintf( $scoreDescriptionTooShort, $maxlength, $metaShorter ), 'description_length' ); 
    15321537            else if ( $length <= $maxlength ) 
    1533                 $this->save_score_result( $results, 9, $scoreDescriptionCorrectLength ); 
     1538                $this->save_score_result( $results, 9, $scoreDescriptionCorrectLength, 'description_length' ); 
    15341539            else 
    1535                 $this->save_score_result( $results, 6, sprintf( $scoreDescriptionTooLong, $maxlength, $metaShorter ) ); 
     1540                $this->save_score_result( $results, 6, sprintf( $scoreDescriptionTooLong, $maxlength, $metaShorter ), 'description_length' ); 
    15361541 
    15371542            // TODO MA Keyword/Title matching is exact match with separators removed, but should extend to distributed match 
     
    15391544            $haystack2 = $this->strip_separators_and_fold( $description, false ); 
    15401545            if ( strrpos( $haystack1, $job["keyword_folded"] ) === false && strrpos( $haystack2, $job["keyword_folded"] ) === false ) 
    1541                 $this->save_score_result( $results, 3, $scoreDescriptionKeywordMissing ); 
     1546                $this->save_score_result( $results, 3, $scoreDescriptionKeywordMissing, 'description_keyword' ); 
    15421547            else 
    1543                 $this->save_score_result( $results, 9, $scoreDescriptionKeywordIn ); 
     1548                $this->save_score_result( $results, 9, $scoreDescriptionKeywordIn, 'description_keyword' ); 
    15441549        } 
    15451550    } 
     
    15831588 
    15841589        if ( $wordCount < $scoreBodyBadLimit ) 
    1585             $this->save_score_result( $results, -20, sprintf( $scoreBodyBadLength, $wordCount ) ); 
     1590            $this->save_score_result( $results, -20, sprintf( $scoreBodyBadLength, $wordCount ), 'body_length', $wordCount ); 
    15861591        else if ( $wordCount < $scoreBodyPoorLimit ) 
    1587             $this->save_score_result( $results, -10, sprintf( $scoreBodyPoorLength, $wordCount ) ); 
     1592            $this->save_score_result( $results, -10, sprintf( $scoreBodyPoorLength, $wordCount ), 'body_length', $wordCount ); 
    15881593        else if ( $wordCount < $scoreBodyOKLimit ) 
    1589             $this->save_score_result( $results, 5, sprintf( $scoreBodyPoorLength, $wordCount ) ); 
     1594            $this->save_score_result( $results, 5, sprintf( $scoreBodyPoorLength, $wordCount ), 'body_length', $wordCount ); 
    15901595        else if ( $wordCount < $scoreBodyGoodLimit ) 
    1591             $this->save_score_result( $results, 7, sprintf( $scoreBodyOKLength, $wordCount ) ); 
     1596            $this->save_score_result( $results, 7, sprintf( $scoreBodyOKLength, $wordCount ), 'body_length', $wordCount ); 
    15921597        else 
    1593             $this->save_score_result( $results, 9, sprintf( $scoreBodyGoodLength, $wordCount ) ); 
     1598            $this->save_score_result( $results, 9, sprintf( $scoreBodyGoodLength, $wordCount ), 'body_length', $wordCount ); 
    15941599 
    15951600        $body = $this->strtolower_utf8( $body ); 
     
    15971602        $keywordWordCount = str_word_count( $job["keyword"] ); 
    15981603        if ( $keywordWordCount > 10 ) { 
    1599             $this->save_score_result( $results, 0, __( 'Your keyphrase is over 10 words, a keyphrase should be shorter and there can be only one keyphrase.', 'wordpress-seo' ) ); 
     1604            $this->save_score_result( $results, 0, __( 'Your keyphrase is over 10 words, a keyphrase should be shorter and there can be only one keyphrase.', 'wordpress-seo' ), 'focus_keyword_length' ); 
    16001605        } else { 
    16011606            // Keyword Density check 
     
    16061611                    $keywordDensity = number_format( ( ( $keywordCount / ( $wordCount - ( ( $keywordWordCount - 1 ) * $keywordWordCount ) ) ) * 100 ), 2 ); 
    16071612                if ( $keywordDensity < 1 ) { 
    1608                     $this->save_score_result( $results, 4, sprintf( $scoreKeywordDensityLow, $keywordDensity, $keywordCount ) ); 
     1613                    $this->save_score_result( $results, 4, sprintf( $scoreKeywordDensityLow, $keywordDensity, $keywordCount ), 'keyword_density' ); 
    16091614                } else if ( $keywordDensity > 4.5 ) { 
    1610                     $this->save_score_result( $results, -50, sprintf( $scoreKeywordDensityHigh, $keywordDensity, $keywordCount ) ); 
     1615                    $this->save_score_result( $results, -50, sprintf( $scoreKeywordDensityHigh, $keywordDensity, $keywordCount ), 'keyword_density' ); 
    16111616                } else { 
    1612                     $this->save_score_result( $results, 9, sprintf( $scoreKeywordDensityGood, $keywordDensity, $keywordCount ) ); 
     1617                    $this->save_score_result( $results, 9, sprintf( $scoreKeywordDensityGood, $keywordDensity, $keywordCount ), 'keyword_density' ); 
    16131618                } 
    16141619            } 
     
    16191624        // First Paragraph Test 
    16201625        if ( stripos( $firstp, $job["keyword"] ) === false && stripos( $firstp, $job["keyword_folded"] ) === false ) { 
    1621             $this->save_score_result( $results, 3, $scoreFirstParagraphLow ); 
     1626            $this->save_score_result( $results, 3, $scoreFirstParagraphLow, 'keyword_first_paragraph' ); 
    16221627        } else { 
    1623             $this->save_score_result( $results, 9, $scoreFirstParagraphHigh ); 
     1628            $this->save_score_result( $results, 9, $scoreFirstParagraphHigh, 'keyword_first_paragraph' ); 
    16241629        } 
    16251630 
     
    16571662                $score = 4; 
    16581663            } 
    1659             $this->save_score_result( $results, $score, sprintf( $scoreFlesch, $flesch, $fleschurl, $level, $note ) ); 
     1664            $this->save_score_result( $results, $score, sprintf( $scoreFlesch, $flesch, $fleschurl, $level, $note ), 'flesch_kincaid' ); 
    16601665        } 
    16611666    } 
  • wordpress-seo/trunk/admin/class-opengraph-admin.php

    r564005 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
  • wordpress-seo/trunk/admin/class-pointers.php

    r594473 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
     
    1520     */ 
    1621    function __construct() { 
     22        global $wp_version; 
     23        if ( version_compare($wp_version, '3.4', '<') ) 
     24            return false; 
     25 
    1726        add_action( 'admin_enqueue_scripts', array( $this, 'enqueue' ) ); 
    1827    } 
     
    7786                    '<form action="http://yoast.us1.list-manage.com/subscribe/post?u=ffa93edfe21752c921f860358&amp;id=972f1c9122" method="post" id="newsletter-form">' . 
    7887                    '<p>' . 
    79                     '<label for="newsletter-name">' . __( 'Name', 'wordpress-seo' ) . ':</label><input style="color:#666" name="MMERGE9" value="' . $current_user->display_name . '" id="newsletter-name" placeholder="' . __( 'Name', 'wordpress-seo' ) . '"/><br/>' . 
    80                     '<label for="newsletter-email">' . __( 'Email', 'wordpress-seo' ) . ':</label><input style="color:#666" name="EMAIL" value="' . $current_user->user_email . '" id="newsletter-email" placeholder="' . __( 'Email', 'wordpress-seo' ) . '"/><br/>' . 
     88                    '<label for="newsletter-name">' . __( 'Name', 'wordpress-seo' ) . ':</label><input style="color:#666" name="MMERGE9" value="' . esc_attr( $current_user->display_name ) . '" id="newsletter-name" placeholder="' . __( 'Name', 'wordpress-seo' ) . '"/><br/>' . 
     89                    '<label for="newsletter-email">' . __( 'Email', 'wordpress-seo' ) . ':</label><input style="color:#666" name="EMAIL" value="' . esc_attr( $current_user->user_email ) . '" id="newsletter-email" placeholder="' . __( 'Email', 'wordpress-seo' ) . '"/><br/>' . 
    8190                    '<input type="hidden" name="group" value="2"/>' . 
    8291                    '<button type="submit" class="button-primary">' . __( 'Subscribe', 'wordpress-seo' ) . '</button>' . 
     
    207216            wpseo_pointer_options = $.extend(wpseo_pointer_options, { 
    208217                buttons:function (event, t) { 
    209                     button = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">' + '<?php echo $button1; ?>' + '</a>'); 
     218                    button = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">' + '<?php echo esc_html( $button1 ); ?>' + '</a>'); 
    210219                    button.bind('click.pointer', function () { 
    211220                        t.element.pointer('close'); 
     
    220229                $('<?php echo $selector; ?>').pointer(wpseo_pointer_options).pointer('open'); 
    221230                <?php if ( $button2 ) { ?> 
    222                     jQuery('#pointer-close').after('<a id="pointer-primary" class="button-primary">' + '<?php echo $button2; ?>' + '</a>'); 
     231                    jQuery('#pointer-close').after('<a id="pointer-primary" class="button-primary">' + '<?php echo esc_html( $button2 ); ?>' + '</a>'); 
    223232                    jQuery('#pointer-primary').click(function () { 
    224                         <?php echo $button2_function; ?> 
     233                        <?php echo esc_js( $button2_function ); ?> 
    225234                    }); 
    226235                    jQuery('#pointer-close').click(function () { 
     
    228237                            wpseo_setIgnore("tour", "wp-pointer-0", "<?php echo wp_create_nonce( 'wpseo-ignore' ); ?>"); 
    229238                            <?php } else { ?> 
    230                             <?php echo $button1_function; ?> 
     239                            <?php echo esc_js( $button1_function ); ?> 
    231240                            <?php } ?> 
    232241                    }); 
  • wordpress-seo/trunk/admin/class-sitemaps-admin.php

    r586171 r632010  
    33 * @package XML_Sitemaps 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
     
    5661 
    5762        if ( WP_CACHE ) 
    58             wp_schedule_single_event( time(), 'wpseo_hit_sitemap_index' ); 
     63            wp_schedule_single_event( time() + 300, 'wpseo_hit_sitemap_index' ); 
    5964 
    6065        // Allow the pinging to happen slightly after the hit sitemap index so the sitemap is fully regenerated when the ping happens. 
    6166        if ( wpseo_get_value( 'sitemap-include', $post->ID ) != 'never' ) 
    62             wp_schedule_single_event( ( time() + 60 ), 'wpseo_ping_search_engines' ); 
     67            wp_schedule_single_event( ( time() + 300 ), 'wpseo_ping_search_engines' ); 
    6368    } 
    6469} 
  • wordpress-seo/trunk/admin/class-taxonomy.php

    r564005 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined( 'WPSEO_VERSION' ) ) { 
     7    header( 'HTTP/1.0 403 Forbidden' ); 
     8    die; 
     9} 
    510 
    611/** 
     
    2025            add_action( $_GET['taxonomy'] . '_edit_form', array( $this, 'term_seo_form' ), 10, 1 ); 
    2126 
    22         add_action( 'edit_term', array( $this, 'update_term' ), 10, 3 ); 
     27        add_action( 'edit_term', array( $this, 'update_term' ), 99, 3 ); 
    2328 
    2429        add_action( 'init', array( $this, 'custom_category_descriptions_allow_html' ) ); 
     
    3843    function form_row( $var, $label, $desc, $tax_meta, $type = 'text', $options = array() ) { 
    3944        $val = ''; 
    40         if ( isset( $tax_meta[$var] ) ) 
     45        if ( isset( $tax_meta[$var] ) && !empty( $tax_meta[$var] ) ) 
    4146            $val = stripslashes( $tax_meta[$var] ); 
    4247 
     
    4651        if ( $type == 'text' ) { 
    4752            ?> 
    48         <input name="<?php echo $var; ?>" id="<?php echo $var; ?>" type="text" value="<?php echo $val; ?>" size="40"/> 
    49         <p class="description"><?php echo $desc; ?></p> 
     53        <input name="<?php echo $var; ?>" id="<?php echo $var; ?>" type="text" value="<?php echo $val; ?>" size="40"/> 
     54        <p class="description"><?php echo $desc; ?></p> 
    5055        <?php 
    5156        } else if ( $type == 'checkbox' ) { 
    5257            ?> 
    53         <input name="<?php echo $var; ?>" id="<?php echo $var; ?>" type="checkbox" <?php checked( $val ); ?>/> 
     58        <input name="<?php echo $var; ?>" id="<?php echo $var; ?>" type="checkbox" <?php checked( $val ); ?>/> 
    5459        <?php 
    5560        } else if ( $type == 'select' ) { 
    5661            ?> 
    57         <select name="<?php echo $var; ?>" id="<?php echo $var; ?>"> 
     62        <select name="<?php echo $var; ?>" id="<?php echo $var; ?>"> 
    5863            <?php foreach ( $options as $option => $label ) { 
    5964            $sel = ''; 
     
    6267            echo "<option" . $sel . " value='" . $option . "'>" . $label . "</option>"; 
    6368        }?> 
    64         </select> 
     69        </select> 
    6570        <?php 
    6671        } 
     
    120125        $tax_meta = get_option( 'wpseo_taxonomy_meta' ); 
    121126 
     127        if ( !is_array( $tax_meta[$taxonomy][$term_id] ) ) 
     128            $tax_meta[$taxonomy][$term_id] = array(); 
     129 
    122130        foreach ( array( 'title', 'desc', 'metakey', 'bctitle', 'canonical', 'noindex', 'sitemap_include' ) as $key ) { 
    123             if ( isset( $_POST['wpseo_' . $key] ) ) 
    124                 $tax_meta[$taxonomy][$term_id]['wpseo_' . $key] = $_POST['wpseo_' . $key]; 
     131            if ( isset( $_POST['wpseo_' . $key] ) && !empty( $_POST['wpseo_' . $key] ) ) { 
     132                $val = trim( $_POST['wpseo_' . $key] ); 
     133 
     134                if ( $key == 'canonical' ) 
     135                    $val = esc_url( $val ); 
     136                else 
     137                    $val = sanitize_text_field( $val ); 
     138 
     139                $tax_meta[$taxonomy][$term_id]['wpseo_' . $key] = $val; 
     140            } else { 
     141                if ( isset( $tax_meta[$taxonomy][$term_id]['wpseo_' . $key] ) ) 
     142                    unset( $tax_meta[$taxonomy][$term_id]['wpseo_' . $key] ); 
     143            } 
    125144        } 
    126145 
    127         update_option( 'wpseo_taxonomy_meta', $tax_meta ); 
     146        update_option( 'wpseo_taxonomy_meta', $tax_meta, 99 ); 
    128147 
    129148        if ( defined( 'W3TC_DIR' ) && class_exists( 'W3_ObjectCache' ) ) { 
    130149            require_once W3TC_DIR . '/lib/W3/ObjectCache.php'; 
    131             $w3_objectcache = &W3_ObjectCache::instance(); 
     150            $w3_objectcache = & W3_ObjectCache::instance(); 
    132151 
    133152            $w3_objectcache->flush(); 
  • wordpress-seo/trunk/admin/class-tracking.php

    r609769 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
  • wordpress-seo/trunk/admin/pages/dashboard.php

    r594473 r632010  
    44 */ 
    55 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
     10 
    611global $wpseo_admin_pages; 
    712 
    813$options = get_option( 'wpseo' ); 
    914 
    10 if ( isset( $_GET['allow_tracking'] ) ) { 
     15if ( isset( $_GET['allow_tracking'] ) && check_admin_referer( 'wpseo_activate_tracking', 'nonce' ) ) { 
    1116    $options['tracking_popup'] = 'done'; 
    1217    if ( $_GET['allow_tracking'] == 'yes' ) 
     
    3944} 
    4045 
    41 if ( isset( $_GET['fixmetadesc'] ) && isset( $options['theme_check'] ) && isset( $options['theme_check']['description_found'] ) && $options['theme_check']['description_found'] ) { 
     46if ( isset( $_GET['fixmetadesc'] ) && check_admin_referer( 'wpseo-fix-metadesc', 'nonce' ) && isset( $options['theme_check'] ) && isset( $options['theme_check']['description_found'] ) && $options['theme_check']['description_found'] ) { 
    4247    $fcontent = file_get_contents( TEMPLATEPATH . '/header.php' ); 
    4348    $msg      = ''; 
     
    8388    if ( isset( $options['theme_check'] ) && isset( $options['theme_check']['description_found'] ) && $options['theme_check']['description_found'] ) { 
    8489        echo '<p id="metadesc_found notice" class="wrong settings_error">' 
    85             . '<a href="' . admin_url( 'admin.php?page=wpseo_dashboard&fixmetadesc' ) . '" class="button fixit">' . __( 'Fix it.', 'wordpress-seo' ) . '</a>' 
     90            . '<a href="' . admin_url( 'admin.php?page=wpseo_dashboard&fixmetadesc&nonce=' . wp_create_nonce( 'wpseo-fix-metadesc' ) ) . '" class="button fixit">' . __( 'Fix it.', 'wordpress-seo' ) . '</a>' 
    8691            . __( 'Your theme contains a meta description, which blocks WordPress SEO from working properly, please delete the following line, or press fix it:', 'wordpress-seo' ) . '<br />'; 
    8792        echo '<code>' . htmlentities( $options['theme_check']['description_found'] ) . '</code>'; 
  • wordpress-seo/trunk/admin/pages/files.php

    r587971 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611global $wpseo_admin_pages; 
     
    4146$wpseo_admin_pages->admin_header( 'Files', false ); 
    4247if ( isset( $msg ) && !empty( $msg ) ) { 
    43     echo '<div id="message" style="width:94%;" class="updated fade"><p>' . $msg . '</p></div>'; 
     48    echo '<div id="message" style="width:94%;" class="updated fade"><p>' . esc_html( $msg ) . '</p></div>'; 
    4449} 
    4550 
     
    5156    else 
    5257        $content = ''; 
    53     $robotstxtcontent = htmlspecialchars( $content ); 
     58    $robotstxtcontent = esc_textarea( $content ); 
    5459 
    5560    if ( !is_writable( $robots_file ) ) { 
     
    7176    $f             = fopen( $htaccess_file, 'r' ); 
    7277    $contentht     = fread( $f, filesize( $htaccess_file ) ); 
    73     $contentht     = htmlspecialchars( $contentht ); 
     78    $contentht     = esc_textarea( $contentht ); 
    7479 
    7580    if ( !is_writable( $htaccess_file ) ) { 
  • wordpress-seo/trunk/admin/pages/import.php

    r596608 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611global $wpseo_admin_pages; 
     
    1520function replace_meta( $old_metakey, $new_metakey, $replace = false ) { 
    1621    global $wpdb; 
    17     $oldies = $wpdb->get_results( "SELECT * FROM $wpdb->postmeta WHERE meta_key = '$old_metakey'" ); 
     22    $oldies = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->postmeta WHERE meta_key = '$old_metakey'" ) ); 
    1823    foreach ( $oldies as $old ) { 
    1924        // Prevent inserting new meta values for posts that already have a value for that new meta key 
     
    2126        if ( !$check || empty($check) ) 
    2227            update_post_meta( $old->post_id, $new_metakey, $old->meta_value ); 
    23     } 
    24  
    25     if ( $replace ) 
    26         delete_post_meta( $old->post_id, $old_metakey ); 
     28 
     29        if ( $replace ) 
     30            delete_post_meta( $old->post_id, $old_metakey ); 
     31    } 
    2732} 
    2833 
    2934$msg = ''; 
    30 if ( isset( $_POST['import'] ) ) { 
     35if ( check_admin_referer( 'wpseo-import' ) && isset( $_POST['import'] ) ) { 
    3136    global $wpdb; 
    3237    $msg      = ''; 
     
    249254$wpseo_admin_pages->admin_header( 'Import', false ); 
    250255if ( $msg != '' ) 
    251     echo '<div id="message" class="message updated" style="width:94%;"><p>' . $msg . '</p></div>'; 
     256    echo '<div id="message" class="message updated" style="width:94%;"><p>' . esc_html( $msg ) . '</p></div>'; 
    252257 
    253258$content = "<p>" . __( "No doubt you've used an SEO plugin before if this site isn't new. Let's make it easy on you, you can import the data below. If you want, you can import first, check if it was imported correctly, and then import &amp; delete. No duplicate data will be imported.", 'wordpress-seo' ) . "</p>"; 
    254259$content .= '<p>' . sprintf( __( "If you've used another SEO plugin, try the %sSEO Data Transporter%s plugin to move your data into this plugin, it rocks!", 'wordpress-seo' ), "<a href='http://wordpress.org/extend/plugins/seo-data-transporter/'>", "</a>" ) . '</p>'; 
    255260$content .= '<form action="" method="post">'; 
     261$content .= wp_nonce_field( 'wpseo-import', '_wpnonce', true, false ); 
    256262$content .= $wpseo_admin_pages->checkbox( 'importheadspace', __( 'Import from HeadSpace2?', 'wordpress-seo' ) ); 
    257263$content .= $wpseo_admin_pages->checkbox( 'importaioseo', __( 'Import from All-in-One SEO?', 'wordpress-seo' ) ); 
     
    262268$content .= '<input type="submit" class="button-primary" name="import" value="' . __( 'Import', 'wordpress-seo' ) . '" />'; 
    263269$content .= '<br/><br/>'; 
    264 $content .= '<form action="" method="post">'; 
    265270$content .= '<h2>' . __( 'Import settings from other plugins', 'wordpress-seo' ) . '</h2>'; 
    266271$content .= $wpseo_admin_pages->checkbox( 'importrobotsmeta', __( 'Import from Robots Meta (by Yoast)?', 'wordpress-seo' ) ); 
     
    274279do_action( 'wpseo_import', $this ); 
    275280 
    276 $content = '</form>'; 
    277281$content .= '<strong>' . __( 'Export', 'wordpress-seo' ) . '</strong><br/>'; 
    278282$content .= '<form method="post">'; 
     283$content .= wp_nonce_field( 'wpseo-export', '_wpnonce', true, false ); 
    279284$content .= '<p>' . __( 'Export your WordPress SEO settings here, to import them again later or to import them on another site.', 'wordpress-seo' ) . '</p>'; 
    280285if ( phpversion() > 5.2 ) 
     
    282287$content .= '<input type="submit" class="button" name="wpseo_export" value="' . __( 'Export settings', 'wordpress-seo' ) . '"/>'; 
    283288$content .= '</form>'; 
    284 if ( isset( $_POST['wpseo_export'] ) ) { 
     289if ( check_admin_referer( 'wpseo-export' ) && isset( $_POST['wpseo_export'] ) ) { 
    285290    $include_taxonomy = false; 
    286291    if ( isset( $_POST['wpseo']['include_taxonomy_meta'] ) ) 
     
    300305    $content .= '<p>' . __( 'Import settings by locating <em>settings.zip</em> and clicking', 'wordpress-seo' ) . ' "' . __( 'Import settings', 'wordpress-seo' ) . '":</p>'; 
    301306    $content .= '<form method="post" enctype="multipart/form-data">'; 
     307    $content .= wp_nonce_field( 'wpseo-import-file', '_wpnonce', true, false ); 
    302308    $content .= '<input type="file" name="settings_import_file"/>'; 
    303309    $content .= '<input type="hidden" name="action" value="wp_handle_upload"/>'; 
    304310    $content .= '<input type="submit" class="button" value="' . __( 'Import settings', 'wordpress-seo' ) . '"/>'; 
    305311    $content .= '</form>'; 
    306 } else { 
     312} else if ( check_admin_referer( 'wpseo-import-file' ) ) { 
    307313    $file = wp_handle_upload( $_FILES['settings_import_file'] ); 
    308314 
     
    321327            } 
    322328            @unlink( WP_CONTENT_DIR . '/wpseo-import/' ); 
     329            @unlink( $file['file'] ); 
    323330 
    324331            $content .= '<p><strong>' . __( 'Settings successfully imported.', 'wordpress-seo' ) . '</strong></p>'; 
  • wordpress-seo/trunk/admin/pages/internal-links.php

    r563579 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611global $wpseo_admin_pages; 
  • wordpress-seo/trunk/admin/pages/metas.php

    r587971 r632010  
    44 */ 
    55 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
     10 
    611global $wpseo_admin_pages; 
    712 
     
    1419if ( ( isset( $_GET[ 'updated' ] ) && $_GET[ 'updated' ] == 'true' ) || ( isset( $_GET[ 'settings-updated' ] ) && $_GET[ 'settings-updated' ] == 'true' ) ) { 
    1520    $msg = __( 'Settings updated', 'wordpress-seo' ); 
    16  
    17     if ( function_exists( 'w3tc_pgcache_flush' ) ) { 
    18         w3tc_pgcache_flush(); 
    19         $msg .= __( ' &amp; W3 Total Cache Page Cache flushed', 'wordpress-seo' ); 
    20     } else if ( function_exists( 'wp_cache_clear_cache' ) ) { 
    21         wp_cache_clear_cache(); 
    22         $msg .= __( ' &amp; WP Super Cache flushed', 'wordpress-seo' ); 
    23     } 
    2421 
    2522    echo '<div id="message" style="width:94%;" class="message updated"><p><strong>' . $msg . '.</strong></p></div>'; 
     
    106103            continue; 
    107104        $name = $posttype->name; 
    108         echo '<h4 id="' . $name . '">' . ucfirst( $posttype->labels->name ) . '</h4>'; 
     105        echo '<h4 id="' . esc_attr( $name ) . '">' . esc_html( ucfirst( $posttype->labels->name ) ) . '</h4>'; 
    109106        echo $wpseo_admin_pages->textinput( 'title-' . $name, __( 'Title template', 'wordpress-seo' ) ); 
    110107        echo $wpseo_admin_pages->textarea( 'metadesc-' . $name, __( 'Meta description template', 'wordpress-seo' ), '', 'metadesc' ); 
     
    126123        $name = $pt->name; 
    127124 
    128         echo '<h4>' . ucfirst( $pt->labels->name ) . '</h4>'; 
     125        echo '<h4>' . esc_html( ucfirst( $pt->labels->name ) ) . '</h4>'; 
    129126        echo $wpseo_admin_pages->textinput( 'title-ptarchive-' . $name, __( 'Title', 'wordpress-seo' ) ); 
    130127        echo $wpseo_admin_pages->textarea( 'metadesc-ptarchive-' . $name, __( 'Meta description', 'wordpress-seo' ), '', 'metadesc' ); 
     
    140137    <?php 
    141138    foreach ( get_taxonomies( array( 'public' => true ), 'objects' ) as $tax ) { 
    142         echo '<h4>' . $tax->labels->name . '</h4>'; 
     139        echo '<h4>' . esc_html( ucfirst( $tax->labels->name ) ). '</h4>'; 
    143140        echo $wpseo_admin_pages->textinput( 'title-' . $tax->name, __( 'Title template', 'wordpress-seo' ) ); 
    144141        echo $wpseo_admin_pages->textarea( 'metadesc-' . $tax->name, __( 'Meta description template', 'wordpress-seo' ), '', 'metadesc' ); 
  • wordpress-seo/trunk/admin/pages/network.php

    r563579 r632010  
    44 */ 
    55 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
     10 
    611global $wpseo_admin_pages; 
    712 
    813$options = get_site_option( 'wpseo_ms' ); 
    914 
    10 if ( isset( $_POST[ 'wpseo_submit' ] ) ) { 
     15if ( check_admin_referer( 'wpseo-network-settings' ) && isset( $_POST[ 'wpseo_submit' ] ) ) { 
    1116    foreach ( array( 'access', 'defaultblog' ) as $opt ) { 
    1217        $options[ $opt ] = $_POST[ 'wpseo_ms' ][ $opt ]; 
     
    1621} 
    1722 
    18 if ( isset( $_POST[ 'wpseo_restore_blog' ] ) ) { 
     23if ( check_admin_referer( 'wpseo-network-restore' ) && isset( $_POST[ 'wpseo_restore_blog' ] ) ) { 
    1924    if ( isset( $_POST[ 'wpseo_ms' ][ 'restoreblog' ] ) && is_numeric( $_POST[ 'wpseo_ms' ][ 'restoreblog' ] ) ) { 
    2025        $blog = get_blog_details( $_POST[ 'wpseo_ms' ][ 'restoreblog' ] ); 
     
    3338 
    3439$content = '<form method="post">'; 
     40$content .= wp_nonce_field( 'wpseo-network-settings', '_wpnonce', true, false ); 
    3541$content .= $wpseo_admin_pages->select( 'access', __( 'Who should have access to the WordPress SEO settings', 'wordpress-seo' ), 
    3642    array( 
     
    4753 
    4854$content = '<form method="post">'; 
     55$content .= wp_nonce_field( 'wpseo-network-restore', '_wpnonce', true, false ); 
    4956$content .= '<p>' . __( 'Using this form you can reset a site to the default SEO settings.', 'wordpress-seo' ) . '</p>'; 
    5057$content .= $wpseo_admin_pages->textinput( 'restoreblog', __( 'Blog ID', 'wordpress-seo' ), 'wpseo_ms' ); 
  • wordpress-seo/trunk/admin/pages/permalinks.php

    r563579 r632010  
    44 */ 
    55 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
     10 
    611global $wpseo_admin_pages; 
    7  
    8 if ( isset( $_GET[ 'settings-updated' ] ) ) { 
    9     delete_option( 'rewrite_rules' ); 
    10 } 
    1112 
    1213$wpseo_admin_pages->admin_header( __( 'Permalinks', 'wordpress-seo' ), true, 'yoast_wpseo_permalinks_options', 'wpseo_permalinks' ); 
  • wordpress-seo/trunk/admin/pages/rss.php

    r563579 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611global $wpseo_admin_pages; 
  • wordpress-seo/trunk/admin/pages/social.php

    r563579 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined( 'WPSEO_VERSION' ) ) { 
     7    header( 'HTTP/1.0 403 Forbidden' ); 
     8    die; 
     9} 
    510 
    611global $wpseo_admin_pages; 
     
    1419$clearall = false; 
    1520 
    16 if ( isset( $_GET[ 'delfbadmin' ] ) ) { 
    17     if ( wp_verify_nonce( $_GET[ 'nonce' ], 'delfbadmin' ) != 1 ) 
     21if ( isset( $_GET['delfbadmin'] ) ) { 
     22    if ( wp_verify_nonce( $_GET['nonce'], 'delfbadmin' ) != 1 ) 
    1823        die( "I don't think that's really nice of you!." ); 
    19     $id = $_GET[ 'delfbadmin' ]; 
    20     if ( isset( $options[ 'fb_admins' ][ $id ] ) ) { 
    21         $fbadmin = $options[ 'fb_admins' ][ $id ][ 'name' ]; 
    22         unset( $options[ 'fb_admins' ][ $id ] ); 
     24    $id = $_GET['delfbadmin']; 
     25    if ( isset( $options['fb_admins'][$id] ) ) { 
     26        $fbadmin = $options['fb_admins'][$id]['name']; 
     27        unset( $options['fb_admins'][$id] ); 
    2328        update_option( 'wpseo_social', $options ); 
    2429        add_settings_error( 'yoast_wpseo_social_options', 'success', sprintf( __( 'Successfully removed admin %s', 'wordpress-seo' ), $fbadmin ), 'updated' ); 
     
    2732} 
    2833 
    29 if ( isset( $_GET[ 'fbclearall' ] ) ) { 
    30     if ( wp_verify_nonce( $_GET[ 'nonce' ], 'fbclearall' ) != 1 ) 
     34if ( isset( $_GET['fbclearall'] ) ) { 
     35    if ( wp_verify_nonce( $_GET['nonce'], 'fbclearall' ) != 1 ) 
    3136        die( "I don't think that's really nice of you!." ); 
    32     unset( $options[ 'fb_admins' ], $options[ 'fbapps' ], $options[ 'fbadminapp' ], $options[ 'fbadminpage' ] ); 
     37    unset( $options['fb_admins'], $options['fbapps'], $options['fbadminapp'], $options['fbadminpage'] ); 
    3338    update_option( 'wpseo_social', $options ); 
    3439    add_settings_error( 'yoast_wpseo_social_options', 'success', __( 'Successfully cleared all Facebook Data', 'wordpress-seo' ), 'updated' ); 
    3540} 
    3641 
    37 if ( !isset( $options[ 'fbconnectkey' ] ) || empty( $options[ 'fbconnectkey' ] ) ) { 
    38     $options[ 'fbconnectkey' ] = md5( get_bloginfo( 'url' ) . rand() ); 
     42if ( !isset( $options['fbconnectkey'] ) || empty( $options['fbconnectkey'] ) ) { 
     43    $options['fbconnectkey'] = md5( get_bloginfo( 'url' ) . rand() ); 
    3944    update_option( 'wpseo_social', $options ); 
    4045} 
    4146 
    42 if ( isset( $_GET[ 'key' ] ) && $_GET[ 'key' ] == $options[ 'fbconnectkey' ] ) { 
    43     if ( isset( $_GET[ 'userid' ] ) ) { 
    44         if ( !is_array( $options[ 'fb_admins' ] ) ) 
    45             $options[ 'fb_admins' ] = array(); 
    46         $id                                      = $_GET[ 'userid' ]; 
    47         $options[ 'fb_admins' ][ $id ][ 'name' ] = urldecode( $_GET[ 'userrealname' ] ); 
    48         $options[ 'fb_admins' ][ $id ][ 'link' ] = urldecode( $_GET[ 'link' ] ); 
     47if ( isset( $_GET['key'] ) && $_GET['key'] == $options['fbconnectkey'] ) { 
     48    if ( isset( $_GET['userid'] ) ) { 
     49        if ( !is_array( $options['fb_admins'] ) ) 
     50            $options['fb_admins'] = array(); 
     51        $user_id                                = $_GET['userid']; 
     52        $options['fb_admins'][$user_id]['name'] = urldecode( $_GET['userrealname'] ); 
     53        $options['fb_admins'][$user_id]['link'] = urldecode( $_GET['link'] ); 
    4954        update_option( 'wpseo_social', $options ); 
    50         add_settings_error( 'yoast_wpseo_social_options', 'success', sprintf( __( 'Successfully added %s as a Facebook Admin!', 'wordpress-seo' ), '<a href="' . $options[ 'fb_admins' ][ $id ][ 'link' ] . '">' . $options[ 'fb_admins' ][ $id ][ 'name' ] . '</a>' ), 'updated' ); 
    51     } else if ( isset( $_GET[ 'apps' ] ) ) { 
    52         $apps                = json_decode( stripslashes( $_GET[ 'apps' ] ) ); 
    53         $options[ 'fbapps' ] = array( '0' => __( 'Do not use a Facebook App as Admin', 'wordpress-seo' ) ); 
     55        add_settings_error( 'yoast_wpseo_social_options', 'success', sprintf( __( 'Successfully added %s as a Facebook Admin!', 'wordpress-seo' ), '<a href="' . esc_url( $options['fb_admins'][$user_id]['link'] ) . '">' . esc_html( $options['fb_admins'][$user_id]['name'] ) . '</a>' ), 'updated' ); 
     56    } else if ( isset( $_GET['apps'] ) ) { 
     57        $apps              = json_decode( stripslashes( $_GET['apps'] ) ); 
     58        $options['fbapps'] = array( '0' => __( 'Do not use a Facebook App as Admin', 'wordpress-seo' ) ); 
    5459        foreach ( $apps as $app ) { 
    55             $options[ 'fbapps' ][ $app->app_id ] = $app->display_name; 
     60            $options['fbapps'][$app->app_id] = $app->display_name; 
    5661        } 
    5762        update_option( 'wpseo_social', $options ); 
     
    6368$options = get_option( 'wpseo_social' ); 
    6469 
    65 if ( isset( $options[ 'fb_admins' ] ) && is_array( $options[ 'fb_admins' ] ) ) { 
    66     foreach ( $options[ 'fb_admins' ] as $id => $admin ) { 
    67         $fbconnect .= '<input type="hidden" name="wpseo_social[fb_admins][' . $id . ']" value="' . $admin . '"/>'; 
     70if ( isset( $options['fb_admins'] ) && is_array( $options['fb_admins'] ) ) { 
     71    foreach ( $options['fb_admins'] as $id => $admin ) { 
     72        $fbconnect .= '<input type="hidden" name="wpseo_social[fb_admins][' . esc_attr( $id ) . ']" value="' . esc_attr( $admin ) . '"/>'; 
    6873    } 
    6974    $clearall = true; 
    7075} 
    7176 
    72 if ( isset( $options[ 'fbapps' ] ) && is_array( $options[ 'fbapps' ] ) ) { 
    73     foreach ( $options[ 'fbapps' ] as $id => $page ) { 
    74         $fbconnect .= '<input type="hidden" name="wpseo_social[fbapps][' . $id . ']" value="' . $page . '"/>'; 
     77if ( isset( $options['fbapps'] ) && is_array( $options['fbapps'] ) ) { 
     78    foreach ( $options['fbapps'] as $id => $page ) { 
     79        $fbconnect .= '<input type="hidden" name="wpseo_social[fbapps][' . esc_attr( $id ) . ']" value="' . esc_attr( $page ) . '"/>'; 
    7580    } 
    7681    $clearall = true; 
     
    7883 
    7984$app_button_text = __( 'Use a Facebook App as Admin', 'wordpress-seo' ); 
    80 if ( isset( $options[ 'fbapps' ] ) && is_array( $options[ 'fbapps' ] ) ) { 
     85if ( isset( $options['fbapps'] ) && is_array( $options['fbapps'] ) ) { 
    8186    $fbconnect .= '<p>' . __( 'Select an app to use as Facebook admin:', 'wordpress-seo' ) . '</p>'; 
    8287    $fbconnect .= '<select name="wpseo_social[fbadminapp]" id="fbadminapp">'; 
    8388 
    84     if ( !isset( $options[ 'fbadminapp' ] ) ) 
    85         $options[ 'fbadminapp' ] = 0; 
     89    if ( !isset( $options['fbadminapp'] ) ) 
     90        $options['fbadminapp'] = 0; 
    8691 
    87     foreach ( $options[ 'fbapps' ] as $id => $app ) { 
     92    foreach ( $options['fbapps'] as $id => $app ) { 
    8893        $sel = ''; 
    8994 
    90         if ( $id == $options[ 'fbadminapp' ] ) 
     95        if ( $id == $options['fbadminapp'] ) 
    9196            $sel = 'selected="selected"'; 
    92         $fbconnect .= '<option ' . $sel . ' value="' . $id . '">' . $app . '</option>'; 
     97        $fbconnect .= '<option ' . $sel . ' value="' . esc_attr( $id ) . '">' . esc_attr( $app ) . '</option>'; 
    9398    } 
    9499    $fbconnect .= '</select><div class="clear"></div><br/>'; 
     
    96101} 
    97102 
    98 if ( !isset( $options[ 'fbadminapp' ] ) || $options[ 'fbadminapp' ] == 0 ) { 
     103if ( !isset( $options['fbadminapp'] ) || $options['fbadminapp'] == 0 ) { 
    99104    $button_text = __( 'Add Facebook Admin', 'wordpress-seo' ); 
    100105    $primary     = true; 
    101     if ( isset( $options[ 'fb_admins' ] ) && is_array( $options[ 'fb_admins' ] ) && count( $options[ 'fb_admins' ] ) > 0 ) { 
     106    if ( isset( $options['fb_admins'] ) && is_array( $options['fb_admins'] ) && count( $options['fb_admins'] ) > 0 ) { 
    102107        $fbconnect .= '<p>' . __( 'Currently connected Facebook admins:', 'wordpress-seo' ) . '</p>'; 
    103108        $fbconnect .= '<ul>'; 
    104109        $nonce = wp_create_nonce( 'delfbadmin' ); 
    105110 
    106         foreach ( $options[ 'fb_admins' ] as $admin_id => $admin ) { 
    107             $fbconnect .= '<li><a href="' . $admin[ 'link' ] . '">' . $admin[ 'name' ] . '</a> - <strong><a  href="' . admin_url( 'admin.php?page=wpseo_social&delfbadmin=' . $admin_id . '&nonce=' . $nonce ) . '">X</a></strong></li>'; 
    108             $fbconnect .= '<input type="hidden" name="wpseo_social[fb_admins][' . $admin_id . '][link]" value="' . $admin[ 'link' ] . '"/>'; 
    109             $fbconnect .= '<input type="hidden" name="wpseo_social[fb_admins][' . $admin_id . '][name]" value="' . $admin[ 'name' ] . '"/>'; 
     111        foreach ( $options['fb_admins'] as $admin_id => $admin ) { 
     112            $admin_id = esc_attr( $admin_id ); 
     113            $fbconnect .= '<li><a href="' . esc_url( $admin['link'] ) . '">' . esc_html( $admin['name'] ) . '</a> - <strong><a  href="' . admin_url( 'admin.php?page=wpseo_social&delfbadmin=' . $admin_id . '&nonce=' . $nonce ) . '">X</a></strong></li>'; 
     114            $fbconnect .= '<input type="hidden" name="wpseo_social[fb_admins][' . $admin_id . '][link]" value="' . esc_attr( $admin['link'] ) . '"/>'; 
     115            $fbconnect .= '<input type="hidden" name="wpseo_social[fb_admins][' . $admin_id . '][name]" value="' . esc_attr( $admin['name'] ) . '"/>'; 
    110116        } 
    111117        $fbconnect .= '</ul>'; 
     
    116122    if ( $primary ) 
    117123        $but_primary = '-primary'; 
    118     $fbconnect .= '<p><a class="button' . $but_primary . '" href="https://yoast.com/fb-connect/?key=' . $options[ 'fbconnectkey' ] . '&redirect=' . urlencode( admin_url( 'admin.php?page=wpseo_social' ) ) . '">' . $button_text . '</a></p>'; 
     124    $fbconnect .= '<p><a class="button' . esc_attr( $but_primary ) . '" href="https://yoast.com/fb-connect/?key=' . $options['fbconnectkey'] . '&redirect=' . urlencode( admin_url( 'admin.php?page=wpseo_social' ) ) . '">' . $button_text . '</a></p>'; 
    119125} 
    120126 
    121 $fbconnect .= '<a class="button" href="https://yoast.com/fb-connect/?key=' . $options[ 'fbconnectkey' ] . '&type=app&redirect=' . urlencode( admin_url( 'admin.php?page=wpseo_social' ) ) . '">' . $app_button_text . '</a> '; 
     127$fbconnect .= '<a class="button" href="https://yoast.com/fb-connect/?key=' . esc_url( $options['fbconnectkey'] ) . '&type=app&redirect=' . urlencode( admin_url( 'admin.php?page=wpseo_social' ) ) . '">' . esc_html( $app_button_text ) . '</a> '; 
    122128if ( $clearall ) { 
    123129    $fbconnect .= '<a class="button" href="' . admin_url( 'admin.php?page=wpseo_social&nonce=' . wp_create_nonce( 'fbclearall' ) . '&fbclearall=true' ) . '">' . __( 'Clear all Facebook Data', 'wordpress-seo' ) . '</a> '; 
  • wordpress-seo/trunk/admin/pages/xml-sitemaps.php

    r587971 r632010  
    33 * @package Admin 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611global $wpseo_admin_pages; 
  • wordpress-seo/trunk/frontend/class-breadcrumbs.php

    r566410 r632010  
    33 * @package Frontend 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
     
    8287                    $main_tax = $options['post_types-' . $post->post_type . '-maintax']; 
    8388                    $terms    = wp_get_object_terms( $post->ID, $main_tax ); 
     89 
    8490                    if ( count( $terms ) > 0 ) { 
    85                         if ( is_taxonomy_hierarchical( $main_tax ) && $terms[0]->parent != 0 ) { 
    86                             foreach ( $this->get_term_parents( $terms[0] ) as $parent_term ) { 
     91                        // Let's find the deepest term in this array, by looping through and then unsetting every term that is used as a parent by another one in the array. 
     92                        $terms_by_id = array(); 
     93                        foreach ( $terms as $term ) { 
     94                            $terms_by_id[$term->term_id] = $term; 
     95                        } 
     96                        foreach ( $terms as $term ) { 
     97                            unset( $terms_by_id[$term->parent] ); 
     98                        } 
     99 
     100                        // As we could still have two subcategories, from different parent categories, let's pick the first. 
     101                        reset( $terms_by_id ); 
     102                        $deepest_term = current( $terms_by_id ); 
     103 
     104                        if ( is_taxonomy_hierarchical( $main_tax ) && $deepest_term->parent != 0 ) { 
     105                            foreach ( $this->get_term_parents( $deepest_term ) as $parent_term ) { 
    87106                                $links[] = array( 'term' => $parent_term ); 
    88107                            } 
    89108                        } 
    90                         $links[] = array( 'term' => $terms[0] ); 
     109                        $links[] = array( 'term' => $deepest_term ); 
    91110                    } 
     111 
    92112                } 
    93113            } else { 
     
    134154            } else if ( is_date() ) { 
    135155                if ( isset( $options['breadcrumbs-archiveprefix'] ) ) 
    136                     $bc = $options['breadcrumbs-archiveprefix']; 
     156                    $bc = esc_html( $options['breadcrumbs-archiveprefix'] ); 
    137157                else 
    138158                    $bc = __( 'Archives for', 'wordpress-seo' ); 
     
    151171            } elseif ( is_author() ) { 
    152172                if ( isset( $options['breadcrumbs-archiveprefix'] ) ) 
    153                     $bc = $options['breadcrumbs-archiveprefix']; 
     173                    $bc = esc_html( $options['breadcrumbs-archiveprefix'] ); 
    154174                else 
    155175                    $bc = __( 'Archives for', 'wordpress-seo' ); 
    156176                $user    = $wp_query->get_queried_object(); 
    157                 $links[] = array( 'text' => $bc . " " . $user->display_name ); 
     177                $links[] = array( 'text' => $bc . " " . esc_html( $user->display_name ) ); 
    158178            } elseif ( is_search() ) { 
    159179                if ( isset( $options['breadcrumbs-searchprefix'] ) && $options['breadcrumbs-searchprefix'] != '' ) 
    160                     $bc = $options['breadcrumbs-searchprefix']; 
     180                    $bc = esc_html( $options['breadcrumbs-searchprefix'] ); 
    161181                else 
    162182                    $bc = __( 'You searched for', 'wordpress-seo' ); 
     
    207227        $opt    = get_wpseo_options(); 
    208228        $sep    = ( isset( $opt['breadcrumbs-sep'] ) && $opt['breadcrumbs-sep'] != '' ) ? $opt['breadcrumbs-sep'] : '&raquo;'; 
     229        $sep    = esc_html( $sep ); 
    209230        $output = ''; 
    210231 
     
    240261            } 
    241262 
    242             $element     = apply_filters( 'wpseo_breadcrumb_single_link_wrapper', $element ); 
     263            $element     = esc_attr( apply_filters( 'wpseo_breadcrumb_single_link_wrapper', $element ) ); 
    243264            $link_output = '<' . $element . ' typeof="v:Breadcrumb">'; 
    244265            if ( isset( $link['url'] ) && ( $i < ( count( $links ) - 1 ) || $paged ) ) { 
    245                 $link_output .= '<a href="' . esc_attr( $link['url'] ) . '" rel="v:url" property="v:title">' . $link['text'] . '</a>'; 
     266                $link_output .= '<a href="' . esc_url( $link['url'] ) . '" rel="v:url" property="v:title">' . esc_html( $link['text'] ) . '</a>'; 
    246267            } else { 
    247268                if ( isset( $opt['breadcrumbs-boldlast'] ) && $opt['breadcrumbs-boldlast'] ) { 
    248                     $link_output .= '<strong class="breadcrumb_last" property="v:title">' . $link['text'] . '</strong>'; 
     269                    $link_output .= '<strong class="breadcrumb_last" property="v:title">' . esc_html( $link['text'] ) . '</strong>'; 
    249270                } else { 
    250                     $link_output .= '<span class="breadcrumb_last" property="v:title">' . $link['text'] . '</span>'; 
     271                    $link_output .= '<span class="breadcrumb_last" property="v:title">' . esc_html( $link['text'] ) . '</span>'; 
    251272                } 
    252273            } 
     
    258279        $id = apply_filters( 'wpseo_breadcrumb_output_id', false ); 
    259280        if ( !empty( $id ) ) 
    260             $id = ' id="' . $id . '"'; 
     281            $id = ' id="' . esc_attr( $id ) . '"'; 
    261282 
    262283        $class = apply_filters( 'wpseo_breadcrumb_output_class', false ); 
    263284        if ( !empty( $class ) ) 
    264             $class = ' class="' . $class . '"'; 
     285            $class = ' class="' . esc_attr( $class ) . '"'; 
    265286 
    266287        $wrapper = apply_filters( 'wpseo_breadcrumb_output_wrapper', $wrapper ); 
  • wordpress-seo/trunk/frontend/class-frontend.php

    r597485 r632010  
    55 * Main frontend code. 
    66 */ 
     7 
     8if ( !defined('WPSEO_VERSION') ) { 
     9    header('HTTP/1.0 403 Forbidden'); 
     10    die; 
     11} 
    712 
    813/** 
     
    909914            ( isset( $options['disable-post_formats'] ) && $options['disable-post_formats'] && $wp_query->is_tax( 'post_format' ) ) 
    910915        ) { 
    911             wp_redirect( get_bloginfo( 'url' ), 301 ); 
     916            wp_safe_redirect( get_bloginfo( 'url' ), 301 ); 
    912917            exit; 
    913918        } 
     
    922927        global $post; 
    923928        if ( is_attachment() && isset( $post->post_parent ) && is_numeric( $post->post_parent ) && $post->post_parent != 0 ) { 
    924             wp_redirect( get_permalink( $post->post_parent ), 301 ); 
     929            wp_safe_redirect( get_permalink( $post->post_parent ), 301 ); 
    925930            exit; 
    926931        } 
     
    10691074 
    10701075        if ( !empty( $properurl ) && $cururl != $properurl ) { 
    1071             wp_redirect( $properurl, 301 ); 
     1076            wp_safe_redirect( $properurl, 301 ); 
    10721077            exit; 
    10731078        } 
  • wordpress-seo/trunk/frontend/class-opengraph.php

    r609769 r632010  
    66 */ 
    77 
     8if ( !defined('WPSEO_VERSION') ) { 
     9    header('HTTP/1.0 403 Forbidden'); 
     10    die; 
     11} 
     12 
    813/** 
    914 * Adds the OpenGraph output 
     
    2227        $this->options = get_option( 'wpseo_social' ); 
    2328 
    24         add_filter( 'language_attributes', array( $this, 'add_opengraph_namespace' ) ); 
    25  
    2629        global $fb_ver; 
    2730        if ( isset( $fb_ver ) ) { 
    2831            add_filter( 'fb_meta_tags', array( $this, 'facebook_filter' ), 10, 1 ); 
    2932        } else { 
     33            add_filter( 'language_attributes', array( $this, 'add_opengraph_namespace' ) ); 
    3034            add_action( 'wpseo_head', array( $this, 'opengraph' ) ); 
    3135        } 
     
    8488     */ 
    8589    public function add_opengraph_namespace( $input ) { 
    86         return $input . ' xmlns:og="http://opengraphprotocol.org/schema/"'; 
     90        return $input . ' prefix="og: http://ogp.me/ns#' . ( ( isset( $this->options['fbadminapp'] ) || isset( $this->options['fb_admins'] ) ) ? ' fb: http://ogp.me/ns/fb#' : '' ) . '"'; 
    8791    } 
    8892 
  • wordpress-seo/trunk/frontend/class-twitter.php

    r600054 r632010  
    33 * @package Frontend 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
  • wordpress-seo/trunk/inc/class-rewrite.php

    r590860 r632010  
    33 * @package Frontend 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
  • wordpress-seo/trunk/inc/class-sitemaps.php

    r600054 r632010  
    33 * @package XML_Sitemaps 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611class WPSEO_Sitemaps { 
  • wordpress-seo/trunk/inc/wpseo-functions.php

    r611283 r632010  
    33 * @package Internals 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
     
    1217 */ 
    1318function wpseo_get_value( $val, $postid = 0 ) { 
     19    $postid = absint( $postid ); 
    1420    if ( $postid === 0 ) { 
    1521        global $post; 
  • wordpress-seo/trunk/inc/wpseo-non-ajax-functions.php

    r597069 r632010  
    33 * @package Internals 
    44 */ 
     5 
     6if ( !defined('WPSEO_VERSION') ) { 
     7    header('HTTP/1.0 403 Forbidden'); 
     8    die; 
     9} 
    510 
    611/** 
  • wordpress-seo/trunk/wp-seo.php

    r611283 r632010  
    2828 * @package Main 
    2929 */ 
     30 
     31if ( !defined('DB_NAME') ) { 
     32    header('HTTP/1.0 403 Forbidden'); 
     33    die; 
     34} 
    3035 
    3136if ( !defined('WPSEO_URL') ) 
Note: See TracChangeset for help on using the changeset viewer.