WordPress.org

Make WordPress Core

Ticket #10640: 13693.3.diff

File 13693.3.diff, 1.6 KB (added by sirzooro, 8 years ago)

Added escaping to wp_shortlink_wp_head() too

  • wp-includes/link-template.php

     
    21002100 * @uses wp_get_shortlink()
    21012101 */
    21022102function wp_shortlink_wp_head() {
    2103         $shortlink = wp_get_shortlink(0, 'query');
     2103        $shortlink = wp_get_shortlink( 0, 'query' );
    21042104
    2105         if ( empty($shortlink) )
     2105        if ( empty( $shortlink ) )
    21062106                return;
    21072107
    2108         echo "<link rel='shortlink' href='" . $shortlink . "' />\n";
     2108        echo "<link rel='shortlink' href='" . esc_attr( $shortlink ) . "' />\n";
    21092109}
    21102110
    21112111/**
     
    21432143 * @param string $before Optional HTML to display before the link.
    21442144 * @param string $before Optional HTML to display after the link.
    21452145 */
    2146 function the_shortlink($text = '', $title = '', $before = '', $after = '') {
     2146function the_shortlink( $text = '', $title = '', $before = '', $after = '' ) {
    21472147        global $post;
    21482148
    2149         if ( empty($text) )
     2149        if ( empty( $text ) )
    21502150                $text = __('This is the short link.');
    21512151
    2152         if ( empty($title) )
    2153                 $title = the_title_attribute( array('echo' => FALSE) );
     2152        if ( empty( $title ) )
     2153                $title = the_title_attribute( array( 'echo' => FALSE ) );
    21542154
    2155         $shortlink = wp_get_shortlink($post->ID);
     2155        $shortlink = wp_get_shortlink( $post->ID );
    21562156
    2157         if ( !empty($shortlink) )
    2158                 echo "$before<a rel='shortlink' href='$shortlink' title='$title'>$text</a>$after";
     2157        if ( !empty( $shortlink ) ) {
     2158                $link = '<a rel="shortlink" href="' . esc_attr( $shortlink ) . '" title="' . $title . '">' . $text . '</a>';
     2159                $link = apply_filters( 'the_shortlink', $link, $shortlink, $text, $title );
     2160                echo $before, $link, $after;
     2161        }
    21592162}
    21602163
    21612164?>