WordPress.org

Make WordPress Core

Ticket #10640: 13693.3.diff

File 13693.3.diff, 1.6 KB (added by sirzooro, 4 years ago)

Added escaping to wp_shortlink_wp_head() too

  • wp-includes/link-template.php

     
    21002100 * @uses wp_get_shortlink() 
    21012101 */ 
    21022102function wp_shortlink_wp_head() { 
    2103         $shortlink = wp_get_shortlink(0, 'query'); 
     2103        $shortlink = wp_get_shortlink( 0, 'query' ); 
    21042104 
    2105         if ( empty($shortlink) ) 
     2105        if ( empty( $shortlink ) ) 
    21062106                return; 
    21072107 
    2108         echo "<link rel='shortlink' href='" . $shortlink . "' />\n"; 
     2108        echo "<link rel='shortlink' href='" . esc_attr( $shortlink ) . "' />\n"; 
    21092109} 
    21102110 
    21112111/** 
     
    21432143 * @param string $before Optional HTML to display before the link. 
    21442144 * @param string $before Optional HTML to display after the link. 
    21452145 */ 
    2146 function the_shortlink($text = '', $title = '', $before = '', $after = '') { 
     2146function the_shortlink( $text = '', $title = '', $before = '', $after = '' ) { 
    21472147        global $post; 
    21482148 
    2149         if ( empty($text) ) 
     2149        if ( empty( $text ) ) 
    21502150                $text = __('This is the short link.'); 
    21512151 
    2152         if ( empty($title) ) 
    2153                 $title = the_title_attribute( array('echo' => FALSE) ); 
     2152        if ( empty( $title ) ) 
     2153                $title = the_title_attribute( array( 'echo' => FALSE ) ); 
    21542154 
    2155         $shortlink = wp_get_shortlink($post->ID); 
     2155        $shortlink = wp_get_shortlink( $post->ID ); 
    21562156 
    2157         if ( !empty($shortlink) ) 
    2158                 echo "$before<a rel='shortlink' href='$shortlink' title='$title'>$text</a>$after"; 
     2157        if ( !empty( $shortlink ) ) { 
     2158                $link = '<a rel="shortlink" href="' . esc_attr( $shortlink ) . '" title="' . $title . '">' . $text . '</a>'; 
     2159                $link = apply_filters( 'the_shortlink', $link, $shortlink, $text, $title ); 
     2160                echo $before, $link, $after; 
     2161        } 
    21592162} 
    21602163 
    21612164?>