Sanitize output of previous_posts() and next_posts(). Props Alex Concha for the report.

git-svn-id: https://develop.svn.wordpress.org/trunk@5045 602fd350-edb4-49c9-b593-d223f7449a82

wp-includes/link-template.php

@@ -422,7 +422,7 @@ function next_post_link($format='%link »', $link='%title', $in_same_cat =
 function get_pagenum_link($pagenum = 1) {
 	global $wp_rewrite;
 
-	$qstr = wp_specialchars($_SERVER['REQUEST_URI']);
+	$qstr = $_SERVER['REQUEST_URI'];
 
 	$page_querystring = "paged";
 	$page_modstring = "page/";
@@ -490,7 +490,7 @@ function get_pagenum_link($pagenum = 1) {
 	return $qstr;
 }
 
-function next_posts($max_page = 0) { // original by cfactor at cooltux.org
+function get_next_posts_page_link($max_page = 0) {
 	global $paged, $pagenow;
 
 	if ( !is_single() ) {
@@ -498,10 +498,14 @@ function next_posts($max_page = 0) { // original by cfactor at cooltux.org
 			$paged = 1;
 		$nextpage = intval($paged) + 1;
 		if ( !$max_page || $max_page >= $nextpage )
-			echo get_pagenum_link($nextpage);
+			return get_pagenum_link($nextpage);
 	}
 }
 
+function next_posts($max_page = 0) {
+	echo attribute_escape(get_next_posts_page_link($max_page));
+}
+
 function next_posts_link($label='Next Page »', $max_page=0) {
 	global $paged, $wpdb, $wp_query;
 	if ( !$max_page ) {
@@ -517,18 +521,20 @@ function next_posts_link($label='Next Page »', $max_page=0) {
 	}
 }
 
-
-function previous_posts() { // original by cfactor at cooltux.org
+function get_previous_posts_page_link() {
 	global $paged, $pagenow;
 
 	if ( !is_single() ) {
 		$nextpage = intval($paged) - 1;
 		if ( $nextpage < 1 )
 			$nextpage = 1;
-		echo get_pagenum_link($nextpage);
+		return get_pagenum_link($nextpage);
 	}
 }
 
+function previous_posts() {
+	echo attribute_escape(get_previous_posts_page_link());
+}
 
 function previous_posts_link($label='&laquo; Previous Page') {
 	global $paged;