sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

attribute_escape() in nonce AYS 

git-svn-id: https://develop.svn.wordpress.org/trunk@4951 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2007-02-27 07:15:47 +00:00
parent 34bb20f39c
commit b3fa98f0d1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/functions.php
View File

@ -1270,7 +1270,7 @@ function wp_nonce_ays($action) {
$adminurl = get_option('siteurl') . '/wp-admin';
if ( wp_get_referer() )
$adminurl = wp_get_referer();
$adminurl = attribute_escape(wp_get_referer());
$title = __('WordPress Confirmation');
// Remove extra layer of slashes.
@ -1287,7 +1287,7 @@ function wp_nonce_ays($action) {
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
} else {
$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
}
$html .= "</body>\n</html>";
wp_die($html, $title);