WordPress.org

Make WordPress Core

Ticket #2625: TRUNK_escape_title.diff

File TRUNK_escape_title.diff, 544 bytes (added by markjaquith, 12 years ago)
  • comment-template.php

     
    366366        if (!empty($CSSclass)) {
    367367                echo ' class="'.$CSSclass.'"';
    368368        }
    369         echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
     369        $title = wp_specialchars(apply_filters('the_title', get_the_title()));
     370        echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
    370371        comments_number($zero, $one, $more, $number);
    371372        echo '</a>';
    372373}