Admin: escape URL-encoded permalinks

Merge of [37801] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@37820


git-svn-id: http://core.svn.wordpress.org/branches/3.9@37785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Nikolay Bachiyski 2016-06-21 14:58:32 +00:00
parent 5d8157a774
commit 9858249ed9
1 changed files with 7 additions and 7 deletions

View File

@ -1213,11 +1213,11 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
} }
if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) { if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) {
$return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . $permalink . "</span>\n"; $return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . esc_html( $permalink ) . "</span>\n";
if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) ) if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) )
$return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small" target="_blank">' . __('Change Permalinks') . "</a></span>\n"; $return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small" target="_blank">' . __('Change Permalinks') . "</a></span>\n";
if ( isset( $view_post ) ) if ( isset( $view_post ) )
$return .= "<span id='view-post-btn'><a href='$permalink' class='button button-small'>$view_post</a></span>\n"; $return .= "<span id='view-post-btn'><a href='" . esc_url( $permalink ) . "' class='button button-small'>$view_post</a></span>\n";
/** /**
* Filter the sample permalink HTML markup. * Filter the sample permalink HTML markup.
@ -1248,17 +1248,17 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
} }
} }
$post_name_html = '<span id="editable-post-name" title="' . $title . '">' . $post_name_abridged . '</span>'; $post_name_html = '<span id="editable-post-name" title="' . $title . '">' . esc_html( $post_name_abridged ) . '</span>';
$display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, $permalink); $display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, esc_html( $permalink ) );
$view_link = str_replace(array('%pagename%','%postname%'), $post_name, $permalink); $view_link = str_replace(array('%pagename%','%postname%'), $post_name, esc_html( $permalink ) );
$return = '<strong>' . __('Permalink:') . "</strong>\n"; $return = '<strong>' . __('Permalink:') . "</strong>\n";
$return .= '<span id="sample-permalink" tabindex="-1">' . $display_link . "</span>\n"; $return .= '<span id="sample-permalink" tabindex="-1">' . $display_link . "</span>\n";
$return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages. $return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages.
$return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button button-small hide-if-no-js" onclick="editPermalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n"; $return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button button-small hide-if-no-js" onclick="editPermalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n";
$return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n"; $return .= '<span id="editable-post-name-full">' . esc_html( $post_name ) . "</span>\n";
if ( isset( $view_post ) ) { if ( isset( $view_post ) ) {
$return .= "<span id='view-post-btn'><a href='" . get_permalink( $post ) . "' class='button button-small'>$view_post</a></span>\n"; $return .= "<span id='view-post-btn'><a href='" . esc_url( get_permalink( $post ) ) . "' class='button button-small'>$view_post</a></span>\n";
} }
/** This filter is documented in wp-admin/includes/post.php */ /** This filter is documented in wp-admin/includes/post.php */