WordPress.org

Make WordPress Core

Ticket #25529: 25529.diff

File 25529.diff, 653 bytes (added by simonwheatley, 8 years ago)

Move esc_attr on $smiley closer to the output, use esc_url on the URL used for the src.

  • src/wp-includes/formatting.php

     
    17621762
    17631763        $smiley = trim( reset( $matches ) );
    17641764        $img = $wpsmiliestrans[ $smiley ];
    1765         $smiley_masked = esc_attr( $smiley );
    17661765
    17671766        $src_url = apply_filters( 'smilies_src', includes_url( "images/smilies/$img" ), $img, site_url() );
    17681767
    1769         return " <img src='$src_url' alt='$smiley_masked' class='wp-smiley' /> ";
     1768        return sprintf( ' <img src="%s" alt="%s" class="wp-smiley" /> ', esc_url( $src_url ), esc_attr( $smiley ) );
    17701769}
    17711770
    17721771/**