WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

esc_url() when printing a URL into an attribute, even when it is known to be safe. (see #17562) 

git-svn-id: http://core.svn.wordpress.org/trunk@23528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-02-28 18:58:52 +00:00
parent 48f23ba3a5
commit e09a4c5a79
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/author-template.php
View File

@ -134,7 +134,7 @@ function the_author_meta($field = '', $user_id = false) {
*/ */
function get_the_author_link() { function get_the_author_link() {
if ( get_the_author_meta('url') ) { if ( get_the_author_meta('url') ) {
return '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="author external">' . get_the_author() . '</a>'; return '<a href="' . esc_url( get_the_author_meta('url') ) . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="author external">' . get_the_author() . '</a>';
} else { } else {
return get_the_author(); return get_the_author();
} }
@ -200,7 +200,7 @@ function the_author_posts_link($deprecated = '') {
return false; return false;
$link = sprintf( $link = sprintf(
'<a href="%1$s" title="%2$s" rel="author">%3$s</a>', '<a href="%1$s" title="%2$s" rel="author">%3$s</a>',
get_author_posts_url( $authordata->ID, $authordata->user_nicename ), esc_url( get_author_posts_url( $authordata->ID, $authordata->user_nicename ) ),
esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ), esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
get_the_author() get_the_author()
); );