Index: link-template.php =================================================================== --- link-template.php (revision 5053) +++ link-template.php (working copy) @@ -503,7 +503,7 @@ } function next_posts($max_page = 0) { - echo attribute_escape(get_next_posts_page_link($max_page)); + echo clean_url(get_next_posts_page_link($max_page)); } function next_posts_link($label='Next Page »', $max_page=0) { @@ -533,7 +533,7 @@ } function previous_posts() { - echo attribute_escape(get_previous_posts_page_link()); + echo clean_url(get_previous_posts_page_link()); } function previous_posts_link($label='« Previous Page') { Index: general-template.php =================================================================== --- general-template.php (revision 5053) +++ general-template.php (working copy) @@ -297,6 +297,7 @@ function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { $text = wptexturize($text); $title_text = attribute_escape($text); + $url = clean_url($url); if ('link' == $format) return "\t\n"; @@ -985,7 +986,7 @@ $link = str_replace('%#%', $current - 1, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = ""; + $page_links[] = ""; endif; for ( $n = 1; $n <= $total; $n++ ) : if ( $n == $current ) : @@ -997,7 +998,7 @@ $link = str_replace('%#%', $n, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = "$n"; + $page_links[] = "$n"; $dots = true; elseif ( $dots && !$show_all ) : $page_links[] = "..."; @@ -1010,7 +1011,7 @@ $link = str_replace('%#%', $current + 1, $link); if ( $add_args ) $link = add_query_arg( $add_args, $link ); - $page_links[] = ""; + $page_links[] = ""; endif; switch ( $type ) : case 'array' : Index: comment.php =================================================================== --- comment.php (revision 5053) +++ comment.php (working copy) @@ -169,7 +169,7 @@ if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); $comment_author_url = stripslashes($comment_author_url); - $comment_author_url = attribute_escape($comment_author_url); + $comment_author_url = clean_url($comment_author_url); $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; } } Index: functions.php =================================================================== --- functions.php (revision 5053) +++ functions.php (working copy) @@ -1272,7 +1272,7 @@ $adminurl = get_option('siteurl') . '/wp-admin'; if ( wp_get_referer() ) - $adminurl = attribute_escape(wp_get_referer()); + $adminurl = clean_url(wp_get_referer()); $title = __('WordPress Confirmation'); // Remove extra layer of slashes. @@ -1289,7 +1289,7 @@ $html .= "\t\t\n"; $html .= "\t\t
\n\t\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t\t

" . __('No') . "

\n\t\t
\n\t\n"; } else { - $html .= "\t
\n\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; + $html .= "\t
\n\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; } $html .= "\n"; wp_die($html, $title); Index: bookmark-template.php =================================================================== --- bookmark-template.php (revision 5053) +++ bookmark-template.php (working copy) @@ -96,7 +96,7 @@ $output .= get_option('links_recently_updated_prepend'); $the_link = '#'; if ( !empty($row->link_url) ) - $the_link = wp_specialchars($row->link_url); + $the_link = clean_url($row->link_url); $rel = $row->link_rel; if ( '' != $rel ) $rel = ' rel="' . $rel . '"'; @@ -260,7 +260,7 @@ $the_link = '#'; if ( !empty($bookmark->link_url) ) - $the_link = wp_specialchars($bookmark->link_url); + $the_link = clean_url($bookmark->link_url); $rel = $bookmark->link_rel; if ( '' != $rel )