From 8b02ba1d76bcdc23b0c6d50b4fa22b4236abe7c1 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Wed, 6 Aug 2014 07:51:32 +0000
Subject: [PATCH] Escape late in get_avatar().

Merges [29397] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@29400


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 0e18b48523..18b7815f57 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1709,7 +1709,8 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
 		$out = str_replace( '&#038;', '&amp;', esc_url( $out ) );
 		$avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
 	} else {
-		$avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
+		$out = esc_url( $default );
+		$avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
 	}
 
 	return apply_filters('get_avatar', $avatar, $id_or_email, $size, $default, $alt);