WordPress.org

Make WordPress Core

Ticket #8587: 8587.patch

File 8587.patch, 1.9 KB (added by hakre, 9 years ago)

url parameter values should be urlencoded...

  • wp-admin/edit-form-comment.php

    ### Eclipse Workspace Patch 1.0
    #P wordpress-trunk
     
    6969
    7070<div id="major-publishing-actions">
    7171<div id="delete-action">
    72 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . wp_get_referer(), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
     72<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
    7373</div>
    7474<div id="publishing-action">
    7575<input type="submit" name="save" value="<?php _ea('Update Comment'); ?>" tabindex="4" class="button-primary" />
     
    130130
    131131<input type="hidden" name="c" value="<?php echo attr($comment->comment_ID) ?>" />
    132132<input type="hidden" name="p" value="<?php echo attr($comment->comment_post_ID) ?>" />
    133 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
     133<input name="referredby" type="hidden" id="referredby" value="<?php echo attr(clean_url(stripslashes(wp_get_referer()))); ?>" />
    134134<?php wp_original_referer_field(true, 'previous'); ?>
    135135<input type="hidden" name="noredir" value="1" />
    136136