WordPress.org

Make WordPress Core

Ticket #2625: escape_title.diff

File escape_title.diff, 592 bytes (added by markjaquith, 12 years ago)

patch for /branches/2.0/

  • wp-includes/comment-functions.php

     
    328328                if (!empty($CSSclass)) {
    329329                        echo ' class="'.$CSSclass.'"';
    330330                }
    331                 echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
     331                $title = wp_specialchars(apply_filters('the_title', get_the_title()));
     332                echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
    332333                comments_number($zero, $one, $more, $number);
    333334                echo '</a>';
    334335        }