WordPress.org
Get WordPress

Make WordPress Core

Ticket #28251: 28251.2.diff

File 28251.2.diff, 1.3 KB (added by philiparthurmoore, 12 years ago)

This new patch for Twenty Fourteen adds in proper escaping for the parent post link and attachment link in the image template.

  • src/wp-content/themes/twentyfourteen/image.php

     
    2828
    2929                                                <span class="entry-date"><time class="entry-date" datetime="<?php echo esc_attr( get_the_date( 'c' ) ); ?>"><?php echo esc_html( get_the_date() ); ?></time></span>
    3030
    31                                                 <span class="full-size-link"><a href="<?php echo wp_get_attachment_url(); ?>"><?php echo $metadata['width']; ?> &times; <?php echo $metadata['height']; ?></a></span>
     31                                                <span class="full-size-link"><a href="<?php echo esc_url( wp_get_attachment_url() ); ?>"><?php echo $metadata['width']; ?> &times; <?php echo $metadata['height']; ?></a></span>
    3232
    33                                                 <span class="parent-post-link"><a href="<?php echo get_permalink( $post->post_parent ); ?>" rel="gallery"><?php echo get_the_title( $post->post_parent ); ?></a></span>
     33                                                <span class="parent-post-link"><a href="<?php echo esc_url( get_permalink( $post->post_parent ) ); ?>" rel="gallery"><?php echo get_the_title( $post->post_parent ); ?></a></span>
    3434                                                <?php edit_post_link( __( 'Edit', 'twentyfourteen' ), '<span class="edit-link">', '</span>' ); ?>
    3535                                        </div><!-- .entry-meta -->
    3636                                </header><!-- .entry-header -->