WordPress.org

Make WordPress Core

Ticket #15609: 15609.alt.diff

File 15609.alt.diff, 1.9 KB (added by scribu, 3 years ago)

Don't strip_tags() on $title global. Could cause other problems

  • wp-admin/edit-comments.php

     
    103103enqueue_comment_hotkeys_js(); 
    104104 
    105105if ( $post_id ) 
    106         $title = sprintf(__('Comments on “%s”'), wp_html_excerpt(_draft_or_post_title($post_id), 50)); 
     106        $title = sprintf(__('Comments on “%s”'),  
     107                sprintf('<a href="%s">%s</a>',  
     108                        get_edit_post_link($post_id),  
     109                        wp_html_excerpt(_draft_or_post_title($post_id), 50) 
     110                ) 
     111        ); 
    107112else 
    108113        $title = __('Comments'); 
    109114 
     
    126131 
    127132<div class="wrap"> 
    128133<?php screen_icon(); ?> 
    129 <h2><?php echo esc_html( $title ); 
     134<h2><?php echo $title; 
     135 
    130136if ( isset($_REQUEST['s']) && $_REQUEST['s'] ) 
    131137        printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?> 
    132138</h2> 
  • wp-admin/admin-header.php

     
    1111        require_once( './admin.php' ); 
    1212 
    1313get_admin_page_title(); 
    14 $title = esc_html( strip_tags( $title ) ); 
     14$_title = esc_html( strip_tags( $title ) ); 
    1515 
    1616if ( is_network_admin() ) 
    1717        $admin_title = __( 'Network Admin' ); 
     
    2020else 
    2121        $admin_title = get_bloginfo( 'name' ); 
    2222 
    23 if ( $admin_title == $title ) 
    24         $admin_title = sprintf( __( '%1$s &#8212; WordPress' ), $title ); 
     23if ( $admin_title == $_title ) 
     24        $admin_title = sprintf( __( '%1$s &#8212; WordPress' ), $_title ); 
    2525else 
    26         $admin_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $title, $admin_title ); 
     26        $admin_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $_title, $admin_title ); 
    2727 
     28unset( $_title ); 
     29 
    2830$admin_title = apply_filters( 'admin_title', $admin_title, $title ); 
    2931 
    3032wp_user_settings();