WordPress.org

Make WordPress Core

Ticket #17408: 17408.diff

File 17408.diff, 2.3 KB (added by solarissmoke, 3 years ago)

Escape href before outputting. Also, there is no need to escape the title in each if{} block, just do it at the end.

  • wp-includes/general-template.php

     
    16431643                $post = &get_post( $id = 0 ); 
    16441644 
    16451645                if ( comments_open() || pings_open() || $post->comment_count > 0 ) { 
    1646                         $title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) )); 
     1646                        $title = sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) ); 
    16471647                        $href = get_post_comments_feed_link( $post->ID ); 
    16481648                } 
    16491649        } elseif ( is_category() ) { 
    16501650                $term = get_queried_object(); 
    16511651 
    1652                 $title = esc_attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], $term->name )); 
     1652                $title = sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], $term->name ); 
    16531653                $href = get_category_feed_link( $term->term_id ); 
    16541654        } elseif ( is_tag() ) { 
    16551655                $term = get_queried_object(); 
    16561656 
    1657                 $title = esc_attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $term->name )); 
     1657                $title = sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $term->name ); 
    16581658                $href = get_tag_feed_link( $term->term_id ); 
    16591659        } elseif ( is_author() ) { 
    16601660                $author_id = intval( get_query_var('author') ); 
    16611661 
    1662                 $title = esc_attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) )); 
     1662                $title = sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) ); 
    16631663                $href = get_author_feed_link( $author_id ); 
    16641664        } elseif ( is_search() ) { 
    1665                 $title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) )); 
     1665                $title = sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) ); 
    16661666                $href = get_search_feed_link(); 
    16671667        } 
    16681668 
    16691669        if ( isset($title) && isset($href) ) 
    1670                 echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . $title . '" href="' . $href . '" />' . "\n"; 
     1670                echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . esc_attr( $title ) . '" href="' . esc_url( $href ) . '" />' . "\n"; 
    16711671} 
    16721672 
    16731673/**