WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Always escape the output of get_pagenum_link(). fixes #14556. 

git-svn-id: http://core.svn.wordpress.org/trunk@20685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2012-05-02 16:29:39 +00:00
parent a5a40528c2
commit 4c7a3a6492
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
wp-includes/link-template.php
View File

@ -1372,9 +1372,11 @@ function adjacent_post_link($format, $link, $in_same_cat = false, $excluded_cate
* @since 1.5.0 * @since 1.5.0
* *
* @param int $pagenum Optional. Page ID. * @param int $pagenum Optional. Page ID.
* @param bool $escape Optional. Whether to escape the URL for display, with esc_url(). Defaults to true.
* Otherwise, prepares the URL with esc_url_raw().
* @return string * @return string
*/ */
function get_pagenum_link($pagenum = 1) { function get_pagenum_link($pagenum = 1, $escape = true ) {
global $wp_rewrite; global $wp_rewrite;
$pagenum = (int) $pagenum; $pagenum = (int) $pagenum;
@ -1425,7 +1427,10 @@ function get_pagenum_link($pagenum = 1) {
$result = apply_filters('get_pagenum_link', $result); $result = apply_filters('get_pagenum_link', $result);
return $result; if ( $escape )
return esc_url( $result );
else
return esc_url_raw( $result );
} }
/** /**