Ticket #28251: 28251.3.diff

src/wp-content/themes/twentyten/loop-attachment.php

@@ -18 +18 @@
 <?php if ( have_posts() ) while ( have_posts() ) : the_post(); ?>
 
                                 <?php if ( ! empty( $post->post_parent ) ) : ?>
-                                        <p class="page-title"><a href="<?php echo get_permalink( $post->post_parent ); ?>" title="<?php echo esc_attr( sprintf( __( 'Return to %s', 'twentyten' ), strip_tags( get_the_title( $post->post_parent ) ) ) ); ?>" rel="gallery"><?php
+                                        <p class="page-title"><a href="<?php echo esc_url( get_permalink( $post->post_parent ) ); ?>" title="<?php echo esc_attr( sprintf( __( 'Return to %s', 'twentyten' ), strip_tags( get_the_title( $post->post_parent ) ) ) ); ?>" rel="gallery"><?php
                                                 /* translators: %s - title of parent post */
                                                 printf( __( '<span class="meta-nav">&larr;</span> %s', 'twentyten' ), get_the_title( $post->post_parent ) );
                                         ?></a></p>
@@ -110 +110 @@
                                                         <div class="nav-next"><?php next_image_link( false ); ?></div>
                                                 </div><!-- #nav-below -->
 <?php else : ?>
-                                                <a href="<?php echo wp_get_attachment_url(); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><?php echo basename( get_permalink() ); ?></a>
+                                                <a href="<?php echo esc_url( wp_get_attachment_url() ); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><?php echo basename( get_permalink() ); ?></a>
 <?php endif; ?>
                                                 </div><!-- .entry-attachment -->
                                                 <div class="entry-caption"><?php if ( !empty( $post->post_excerpt ) ) the_excerpt(); ?></div>