diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index 79442a6ec2..19c10806b4 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -167,7 +167,7 @@ else
' . __('Search results for “%s”') . '', esc_html( get_search_query() ) ); ?>
+ printf( '' . __('Search results for “%s”') . '', get_search_query() ); ?>
' . __('Search results for “%s”') . '', esc_html( get_search_query() ) ); ?>
+ printf( '' . __('Search results for “%s”') . '', get_search_query() ); ?>
'
if ( is_singular() )
printf(ent2ncr(__('Comments on %s')), get_the_title_rss());
elseif ( is_search() )
- printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), esc_attr(get_search_query()));
+ printf(ent2ncr(__('Comments for %1$s searching on %2$s')), get_bloginfo_rss( 'name' ), get_search_query() );
else
printf(ent2ncr(__('Comments for %s')), get_bloginfo_rss( 'name' ) . get_wp_title_rss());
?>
@@ -31,7 +31,7 @@ echo ''
-
+
diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php
index 29e38b63b1..57759d7ba7 100644
--- a/wp-includes/general-template.php
+++ b/wp-includes/general-template.php
@@ -156,7 +156,7 @@ function get_search_form($echo = true) {
$form = '';
@@ -1642,7 +1642,7 @@ function feed_links_extra( $args = array() ) {
$title = esc_attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) ));
$href = get_author_feed_link( $author_id );
} elseif ( is_search() ) {
- $title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
+ $title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) ));
$href = get_search_feed_link();
}
@@ -1825,12 +1825,21 @@ function the_editor($content, $id = 'content', $prev_id = 'title', $media_button
/**
* Retrieve the contents of the search WordPress query variable.
*
- * @since 2.3.0
+ * The search query string is passed through {@link esc_attr()}
+ * to ensure that it is safe for placing in an html attribute.
*
+ * @since 2.3.0
+ * @uses esc_attr()
+ *
+ * @param bool $escaped Whether the result is escaped. Default true.
+ * Only use when you are later escaping it. Do not use unescaped.
* @return string
*/
-function get_search_query() {
- return apply_filters( 'get_search_query', get_query_var( 's' ) );
+function get_search_query( $escaped = true ) {
+ $query = apply_filters( 'get_search_query', get_query_var( 's' ) );
+ if ( $escaped )
+ $query = esc_attr( $query );
+ return $query;
}
/**
@@ -1839,11 +1848,11 @@ function get_search_query() {
* The search query string is passed through {@link esc_attr()}
* to ensure that it is safe for placing in an html attribute.
*
- * @uses attr
+ * @uses esc_attr()
* @since 2.1.0
*/
function the_search_query() {
- echo esc_attr( apply_filters( 'the_search_query', get_search_query() ) );
+ echo esc_attr( apply_filters( 'the_search_query', get_search_query( false ) ) );
}
/**
diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php
index f4d9da273e..66b51ba2ec 100644
--- a/wp-includes/link-template.php
+++ b/wp-includes/link-template.php
@@ -686,7 +686,7 @@ function get_search_link( $query = '' ) {
global $wp_rewrite;
if ( empty($query) )
- $search = get_search_query();
+ $search = get_search_query( false );
else
$search = stripslashes($query);