Escape term links output in category-template.php functions. Props SergeyBiryukov, solarissmoke, alex-ye. fixes #20106
git-svn-id: http://svn.automattic.com/wordpress/trunk@20656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
659bcd078e
commit
d744cbfb0c
|
|
@ -56,7 +56,7 @@ function get_category_parents( $id, $link = false, $separator = '/', $nicename =
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $link )
|
if ( $link )
|
||||||
$chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->name ) ) . '">'.$name.'</a>' . $separator;
|
$chain .= '<a href="' . esc_url( get_category_link( $parent->term_id ) ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->name ) ) . '">'.$name.'</a>' . $separator;
|
||||||
else
|
else
|
||||||
$chain .= $name.$separator;
|
$chain .= $name.$separator;
|
||||||
return $chain;
|
return $chain;
|
||||||
|
|
@ -171,17 +171,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
|
||||||
case 'multiple':
|
case 'multiple':
|
||||||
if ( $category->parent )
|
if ( $category->parent )
|
||||||
$thelist .= get_category_parents( $category->parent, true, $separator );
|
$thelist .= get_category_parents( $category->parent, true, $separator );
|
||||||
$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
|
$thelist .= '<a href="' . esc_url( get_category_link( $category->term_id ) ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
|
||||||
break;
|
break;
|
||||||
case 'single':
|
case 'single':
|
||||||
$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
|
$thelist .= '<a href="' . esc_url( get_category_link( $category->term_id ) ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
|
||||||
if ( $category->parent )
|
if ( $category->parent )
|
||||||
$thelist .= get_category_parents( $category->parent, false, $separator );
|
$thelist .= get_category_parents( $category->parent, false, $separator );
|
||||||
$thelist .= $category->name.'</a></li>';
|
$thelist .= $category->name.'</a></li>';
|
||||||
break;
|
break;
|
||||||
case '':
|
case '':
|
||||||
default:
|
default:
|
||||||
$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
|
$thelist .= '<a href="' . esc_url( get_category_link( $category->term_id ) ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$thelist .= '</ul>';
|
$thelist .= '</ul>';
|
||||||
|
|
@ -194,17 +194,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
|
||||||
case 'multiple':
|
case 'multiple':
|
||||||
if ( $category->parent )
|
if ( $category->parent )
|
||||||
$thelist .= get_category_parents( $category->parent, true, $separator );
|
$thelist .= get_category_parents( $category->parent, true, $separator );
|
||||||
$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
|
$thelist .= '<a href="' . esc_url( get_category_link( $category->term_id ) ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
|
||||||
break;
|
break;
|
||||||
case 'single':
|
case 'single':
|
||||||
$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
|
$thelist .= '<a href="' . esc_url( get_category_link( $category->term_id ) ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
|
||||||
if ( $category->parent )
|
if ( $category->parent )
|
||||||
$thelist .= get_category_parents( $category->parent, false, $separator );
|
$thelist .= get_category_parents( $category->parent, false, $separator );
|
||||||
$thelist .= "$category->name</a>";
|
$thelist .= "$category->name</a>";
|
||||||
break;
|
break;
|
||||||
case '':
|
case '':
|
||||||
default:
|
default:
|
||||||
$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
|
$thelist .= '<a href="' . esc_url( get_category_link( $category->term_id ) ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
|
||||||
}
|
}
|
||||||
++$i;
|
++$i;
|
||||||
}
|
}
|
||||||
|
|
@ -825,7 +825,7 @@ class Walker_Category extends Walker {
|
||||||
|
|
||||||
$cat_name = esc_attr( $category->name );
|
$cat_name = esc_attr( $category->name );
|
||||||
$cat_name = apply_filters( 'list_cats', $cat_name, $category );
|
$cat_name = apply_filters( 'list_cats', $cat_name, $category );
|
||||||
$link = '<a href="' . esc_attr( get_term_link($category) ) . '" ';
|
$link = '<a href="' . esc_url( get_term_link($category) ) . '" ';
|
||||||
if ( $use_desc_for_title == 0 || empty($category->description) )
|
if ( $use_desc_for_title == 0 || empty($category->description) )
|
||||||
$link .= 'title="' . esc_attr( sprintf(__( 'View all posts filed under %s' ), $cat_name) ) . '"';
|
$link .= 'title="' . esc_attr( sprintf(__( 'View all posts filed under %s' ), $cat_name) ) . '"';
|
||||||
else
|
else
|
||||||
|
|
@ -839,7 +839,7 @@ class Walker_Category extends Walker {
|
||||||
if ( empty($feed_image) )
|
if ( empty($feed_image) )
|
||||||
$link .= '(';
|
$link .= '(';
|
||||||
|
|
||||||
$link .= '<a href="' . get_term_feed_link( $category->term_id, $category->taxonomy, $feed_type ) . '"';
|
$link .= '<a href="' . esc_url( get_term_feed_link( $category->term_id, $category->taxonomy, $feed_type ) ) . '"';
|
||||||
|
|
||||||
if ( empty($feed) ) {
|
if ( empty($feed) ) {
|
||||||
$alt = ' alt="' . sprintf(__( 'Feed for all posts filed under %s' ), $cat_name ) . '"';
|
$alt = ' alt="' . sprintf(__( 'Feed for all posts filed under %s' ), $cat_name ) . '"';
|
||||||
|
|
@ -1109,7 +1109,7 @@ function get_the_term_list( $id, $taxonomy, $before = '', $sep = '', $after = ''
|
||||||
$link = get_term_link( $term, $taxonomy );
|
$link = get_term_link( $term, $taxonomy );
|
||||||
if ( is_wp_error( $link ) )
|
if ( is_wp_error( $link ) )
|
||||||
return $link;
|
return $link;
|
||||||
$term_links[] = '<a href="' . $link . '" rel="tag">' . $term->name . '</a>';
|
$term_links[] = '<a href="' . esc_url( $link ) . '" rel="tag">' . $term->name . '</a>';
|
||||||
}
|
}
|
||||||
|
|
||||||
$term_links = apply_filters( "term_links-$taxonomy", $term_links );
|
$term_links = apply_filters( "term_links-$taxonomy", $term_links );
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue