Added escaping to wp_shortlink_wp_head() too. See #10640 props sirzooro.

git-svn-id: http://svn.automattic.com/wordpress/trunk@14207 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/link-template.php

@@ -2199,12 +2199,12 @@ function wp_get_shortlink($id = 0, $context = 'post', $allow_slugs = true) {
  * @uses wp_get_shortlink()
  */
 function wp_shortlink_wp_head() {
-	$shortlink = wp_get_shortlink(0, 'query');
+	$shortlink = wp_get_shortlink( 0, 'query' );
 
-	if ( empty($shortlink) )
+	if ( empty( $shortlink ) )
 		return;
 
-	echo "<link rel='shortlink' href='" . $shortlink . "' />\n";
+	echo "<link rel='shortlink' href='" . esc_attr( $shortlink ) . "' />\n";
 }
 
 /**
@@ -2242,19 +2242,22 @@ function wp_shortlink_header() {
  * @param string $before Optional HTML to display before the link.
  * @param string $before Optional HTML to display after the link.
  */
-function the_shortlink($text = '', $title = '', $before = '', $after = '') {
+function the_shortlink( $text = '', $title = '', $before = '', $after = '' ) {
 	global $post;
 
-	if ( empty($text) )
+	if ( empty( $text ) )
 		$text = __('This is the short link.');
 
-	if ( empty($title) )
-		$title = the_title_attribute( array('echo' => FALSE) );
+	if ( empty( $title ) )
+		$title = the_title_attribute( array( 'echo' => FALSE ) );
 
-	$shortlink = wp_get_shortlink($post->ID);
+	$shortlink = wp_get_shortlink( $post->ID );
 
-	if ( !empty($shortlink) )
-		echo "$before<a rel='shortlink' href='$shortlink' title='$title'>$text</a>$after";
+	if ( !empty( $shortlink ) ) {
+		$link = '<a rel="shortlink" href="' . esc_attr( $shortlink ) . '" title="' . $title . '">' . $text . '</a>';
+		$link = apply_filters( 'the_shortlink', $link, $shortlink, $text, $title );
+		echo $before, $link, $after;
+	}
 }
 
 ?>