Ticket #13383: 13383-escape-preview.diff
File 13383-escape-preview.diff, 1.9 KB (added by , 14 years ago) |
---|
-
wp-admin/includes/template.php
1361 1361 } 1362 1362 if ( in_array($post->post_status, array('pending', 'draft')) ) { 1363 1363 if ( current_user_can($post_type_object->cap->edit_post, $post->ID) ) 1364 $actions['view'] = '<a href="' . add_query_arg( 'preview', 'true', get_permalink($post->ID) ) . '" title="' . esc_attr(sprintf(__('Preview “%s”'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';1364 $actions['view'] = '<a href="' . esc_url( add_query_arg( 'preview', 'true', get_permalink($post->ID) ) ) . '" title="' . esc_attr(sprintf(__('Preview “%s”'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 1365 1365 } elseif ( 'trash' != $post->post_status ) { 1366 1366 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View “%s”'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 1367 1367 } … … 1583 1583 } 1584 1584 if ( in_array($post->post_status, array('pending', 'draft')) ) { 1585 1585 if ( current_user_can($post_type_object->cap->edit_post, $page->ID) ) 1586 $actions['view'] = '<a href="' . add_query_arg( 'preview', 'true', get_permalink($page->ID) ) . '" title="' . esc_attr(sprintf(__('Preview “%s”'), $title)) . '" rel="permalink">' . __('Preview') . '</a>';1586 $actions['view'] = '<a href="' . esc_url( add_query_arg( 'preview', 'true', get_permalink($page->ID) ) ) . '" title="' . esc_attr(sprintf(__('Preview “%s”'), $title)) . '" rel="permalink">' . __('Preview') . '</a>'; 1587 1587 } elseif ( $post->post_status != 'trash' ) { 1588 1588 $actions['view'] = '<a href="' . get_permalink($page->ID) . '" title="' . esc_attr(sprintf(__('View “%s”'), $title)) . '" rel="permalink">' . __('View') . '</a>'; 1589 1589 }