WordPress.org
Get WordPress

Make WordPress Core

Ticket #17408: 17408.diff

File 17408.diff, 2.3 KB (added by solarissmoke, 15 years ago)

Escape href before outputting. Also, there is no need to escape the title in each if{} block, just do it at the end.

  • wp-includes/general-template.php

     
    16431643                $post = &get_post( $id = 0 );
    16441644
    16451645                if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
    1646                         $title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) ));
     1646                        $title = sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) );
    16471647                        $href = get_post_comments_feed_link( $post->ID );
    16481648                }
    16491649        } elseif ( is_category() ) {
    16501650                $term = get_queried_object();
    16511651
    1652                 $title = esc_attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], $term->name ));
     1652                $title = sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], $term->name );
    16531653                $href = get_category_feed_link( $term->term_id );
    16541654        } elseif ( is_tag() ) {
    16551655                $term = get_queried_object();
    16561656
    1657                 $title = esc_attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $term->name ));
     1657                $title = sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $term->name );
    16581658                $href = get_tag_feed_link( $term->term_id );
    16591659        } elseif ( is_author() ) {
    16601660                $author_id = intval( get_query_var('author') );
    16611661
    1662                 $title = esc_attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) ));
     1662                $title = sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) );
    16631663                $href = get_author_feed_link( $author_id );
    16641664        } elseif ( is_search() ) {
    1665                 $title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) ));
     1665                $title = sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) );
    16661666                $href = get_search_feed_link();
    16671667        }
    16681668
    16691669        if ( isset($title) && isset($href) )
    1670                 echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . $title . '" href="' . $href . '" />' . "\n";
     1670                echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . esc_attr( $title ) . '" href="' . esc_url( $href ) . '" />' . "\n";
    16711671}
    16721672
    16731673/**