sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

esc_url() when printing a URL into an attribute, even when it is known to be safe. (see #17562) 

git-svn-id: https://develop.svn.wordpress.org/trunk@23528 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2013-02-28 18:58:52 +00:00
parent 48ddbda8f8
commit f6450ab8ce
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/author-template.php
View File

@ -134,7 +134,7 @@ function the_author_meta($field = '', $user_id = false) {
*/
function get_the_author_link() {
if ( get_the_author_meta('url') ) {
return '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="author external">' . get_the_author() . '</a>';
return '<a href="' . esc_url( get_the_author_meta('url') ) . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="author external">' . get_the_author() . '</a>';
} else {
return get_the_author();
}
@ -200,7 +200,7 @@ function the_author_posts_link($deprecated = '') {
return false;
$link = sprintf(
'<a href="%1$s" title="%2$s" rel="author">%3$s</a>',
get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
esc_url( get_author_posts_url( $authordata->ID, $authordata->user_nicename ) ),
esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
get_the_author()
);