WordPress.org

Make WordPress Core

Ticket #2625: TRUNK_escape_title.diff

File TRUNK_escape_title.diff, 544 bytes (added by markjaquith, 8 years ago)
  • comment-template.php

     
    366366        if (!empty($CSSclass)) { 
    367367                echo ' class="'.$CSSclass.'"'; 
    368368        } 
    369         echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">'; 
     369        $title = wp_specialchars(apply_filters('the_title', get_the_title())); 
     370        echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">'; 
    370371        comments_number($zero, $one, $more, $number); 
    371372        echo '</a>'; 
    372373}