From f0a9c50f18629eccbe8f0ee8b93531ad2a8e0128 Mon Sep 17 00:00:00 2001 From: nacin Date: Sun, 18 Apr 2010 06:01:19 +0000 Subject: [PATCH] Escape some permalinks. add_query_arg will &, not &, so we need to use esc_url those when used in an attribute. fixes #12126. git-svn-id: http://svn.automattic.com/wordpress/trunk@14137 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/edit-form-advanced.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index b0a71ca91a..a617ee4330 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -36,32 +36,32 @@ $action = isset($action) ? $action : ''; $messages = array(); $messages['post'] = array( '', - sprintf( __('Post updated. View post'), get_permalink($post_ID) ), + sprintf( __('Post updated. View post'), esc_url( get_permalink($post_ID) ) ), __('Custom field updated.'), __('Custom field deleted.'), __('Post updated.'), /* translators: %s: date and time of the revision */ isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, - sprintf( __('Post published. View post'), get_permalink($post_ID) ), + sprintf( __('Post published. View post'), esc_url( get_permalink($post_ID) ) ), __('Post saved.'), - sprintf( __('Post submitted. Preview post'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ), + sprintf( __('Post submitted. Preview post'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), sprintf( __('Post scheduled for: %1$s. Preview post'), // translators: Publish box date format, see http://php.net/date - date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ), - sprintf( __('Post draft updated. Preview post'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) + date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), + sprintf( __('Post draft updated. Preview post'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), ); $messages['page'] = array( '', - sprintf( __('Page updated. View page'), get_permalink($post_ID) ), + sprintf( __('Page updated. View page'), esc_url( get_permalink($post_ID) ) ), __('Custom field updated.'), __('Custom field deleted.'), __('Page updated.'), isset($_GET['revision']) ? sprintf( __('Page restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, - sprintf( __('Page published. View page'), get_permalink($post_ID) ), + sprintf( __('Page published. View page'), esc_url( get_permalink($post_ID) ) ), __('Page saved.'), - sprintf( __('Page submitted. Preview page'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ), - sprintf( __('Page scheduled for: %1$s. Preview page'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ), - sprintf( __('Page draft updated. Preview page'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) + sprintf( __('Page submitted. Preview page'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), + sprintf( __('Page scheduled for: %1$s. Preview page'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ), + sprintf( __('Page draft updated. Preview page'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ), ); $message = false;