WordPress.org

Make WordPress Core

Ticket #15609: 15609.alt.diff

File 15609.alt.diff, 1.9 KB (added by scribu, 7 years ago)

Don't strip_tags() on $title global. Could cause other problems

  • wp-admin/edit-comments.php

     
    103103enqueue_comment_hotkeys_js();
    104104
    105105if ( $post_id )
    106         $title = sprintf(__('Comments on “%s”'), wp_html_excerpt(_draft_or_post_title($post_id), 50));
     106        $title = sprintf(__('Comments on “%s”'),
     107                sprintf('<a href="%s">%s</a>',
     108                        get_edit_post_link($post_id),
     109                        wp_html_excerpt(_draft_or_post_title($post_id), 50)
     110                )
     111        );
    107112else
    108113        $title = __('Comments');
    109114
     
    126131
    127132<div class="wrap">
    128133<?php screen_icon(); ?>
    129 <h2><?php echo esc_html( $title );
     134<h2><?php echo $title;
     135
    130136if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
    131137        printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
    132138</h2>
  • wp-admin/admin-header.php

     
    1111        require_once( './admin.php' );
    1212
    1313get_admin_page_title();
    14 $title = esc_html( strip_tags( $title ) );
     14$_title = esc_html( strip_tags( $title ) );
    1515
    1616if ( is_network_admin() )
    1717        $admin_title = __( 'Network Admin' );
     
    2020else
    2121        $admin_title = get_bloginfo( 'name' );
    2222
    23 if ( $admin_title == $title )
    24         $admin_title = sprintf( __( '%1$s &#8212; WordPress' ), $title );
     23if ( $admin_title == $_title )
     24        $admin_title = sprintf( __( '%1$s &#8212; WordPress' ), $_title );
    2525else
    26         $admin_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $title, $admin_title );
     26        $admin_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $_title, $admin_title );
    2727
     28unset( $_title );
     29
    2830$admin_title = apply_filters( 'admin_title', $admin_title, $title );
    2931
    3032wp_user_settings();