WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure post titles are correctly escaped on the Dashboard. Merge of [32175] to the 4.0 branch. 

Props helen, ocean90, dd32, pento.


Built from https://develop.svn.wordpress.org/branches/4.0@32203


git-svn-id: http://core.svn.wordpress.org/branches/4.0@32176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Gary Pendergast 2015-04-20 13:36:34 +00:00
parent 2af7429643
commit 26e7a95cf3
5 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/includes/class-wp-comments-list-table.php
View File

@ -552,9 +552,9 @@ class WP_Comments_List_Table extends WP_List_Table {
if ( current_user_can( 'edit_post', $post->ID ) ) { if ( current_user_can( 'edit_post', $post->ID ) ) {
$post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>"; $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
$post_link .= get_the_title( $post->ID ) . '</a>'; $post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
} else { } else {
$post_link = get_the_title( $post->ID ); $post_link = esc_html( get_the_title( $post->ID ) );
} }
echo '<div class="response-links"><span class="post-com-count-wrapper">'; echo '<div class="response-links"><span class="post-com-count-wrapper">';

2
wp-admin/includes/dashboard.php
View File

@ -518,7 +518,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) { function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
$GLOBALS['comment'] =& $comment; $GLOBALS['comment'] =& $comment;
$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); $comment_post_title = _draft_or_post_title( $comment->comment_post_ID );
if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) { if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
$comment_post_url = get_edit_post_link( $comment->comment_post_ID ); $comment_post_url = get_edit_post_link( $comment->comment_post_ID );

2
wp-admin/includes/template.php
View File

@ -1492,7 +1492,7 @@ function _draft_or_post_title( $post = 0 ) {
$title = get_the_title( $post ); $title = get_the_title( $post );
if ( empty( $title ) ) if ( empty( $title ) )
$title = __( '(no title)' ); $title = __( '(no title)' );
return $title; return esc_html( $title );
} }
/** /**

6
wp-admin/js/nav-menu.js
View File

@ -453,14 +453,14 @@ var wpNavMenu;
if ( ! isPrimaryMenuItem ) { if ( ! isPrimaryMenuItem ) {
thisLink = menuItem.find( '.menus-move-left' ), thisLink = menuItem.find( '.menus-move-left' ),
thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft ); thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft );
thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).html( thisLinkText ).css( 'display', 'inline' ); thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).text( thisLinkText ).css( 'display', 'inline' );
} }
if ( 0 !== position ) { if ( 0 !== position ) {
if ( menuItem.find( '.menu-item-data-parent-id' ).val() !== menuItem.prev().find( '.menu-item-data-db-id' ).val() ) { if ( menuItem.find( '.menu-item-data-parent-id' ).val() !== menuItem.prev().find( '.menu-item-data-db-id' ).val() ) {
thisLink = menuItem.find( '.menus-move-right' ), thisLink = menuItem.find( '.menus-move-right' ),
thisLinkText = menus.under.replace( '%s', prevItemNameRight ); thisLinkText = menus.under.replace( '%s', prevItemNameRight );
thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).html( thisLinkText ).css( 'display', 'inline' ); thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).text( thisLinkText ).css( 'display', 'inline' );
} }
} }
@ -482,7 +482,7 @@ var wpNavMenu;
title = menus.subMenuFocus.replace( '%1$s', itemName ).replace( '%2$d', itemPosition ).replace( '%3$s', parentItemName ); title = menus.subMenuFocus.replace( '%1$s', itemName ).replace( '%2$d', itemPosition ).replace( '%3$s', parentItemName );
} }
$this.prop('title', title).html( title ); $this.prop('title', title).text( title );
}); });
}, },

2
wp-admin/js/nav-menu.min.js vendored
View File

File diff suppressed because one or more lines are too long