Ticket #2358 (closed defect (bug): duplicate)

Opened 6 years ago

Last modified 5 years ago

Transform HTML Special Chars in comment-functions.php:comments_popup_link()

Reported by: tsaiid Owned by: anonymous
Priority: low Milestone:
Component: General Version: 2.0
Severity: minor Keywords: validation bg|has-patch
Cc:

Description

Because the post title may contain some html special chars, I recommend that use htmlspecialchars() in comments_popup_link() to make the page validated. Thx. 

--- comment-functions.php.old   Sun Jan 29 23:17:21 2006
+++ comment-functions.php       Sun Jan 29 23:08:08 2006
@@ -310,7 +310,7 @@
                if (!empty($CSSclass)) {
                        echo ' class="'.$CSSclass.'"';
                }
-               echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+               echo ' title="' . sprintf( __('Comment on %s'), htmlspecialchars($post->post_title) ) .'">';
                comments_number($zero, $one, $more, $number);
                echo '</a>';
        }

Change History

comment:1   davidhouse6 years ago

  • Keywords bg|has-patch added

comment:2   mdawaffe5 years ago

  • Status changed from new to closed
  • Resolution set to duplicate

[3874] [3995]

#2625 #2915

Fixed.

Note: See TracTickets for help on using tickets.