sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sanitize Theme URI and Author URI in WP_Theme with esc_url_raw. Escape with esc_url on display. see #20103.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@20233 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2012-03-21 14:51:10 +00:00
parent c6043b2fa2
commit cfb4179f87
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-includes/class-wp-theme.php
View File

@ -579,7 +579,7 @@ final class WP_Theme implements ArrayAccess {
break;
case 'ThemeURI' :
case 'AuthorURI' :
$value = esc_url( $value );
$value = esc_url_raw( $value );
break;
case 'Tags' :
$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
@ -627,6 +627,10 @@ final class WP_Theme implements ArrayAccess {
}
$value = implode( $comma, $value );
break;
case 'ThemeURI' :
case 'AuthorURI' :
$value = esc_url( $value );
break;
}
return $value;