WordPress.org

Make WordPress Core

Ticket #8587: 8587.patch

File 8587.patch, 1.9 KB (added by hakre, 5 years ago)

url parameter values should be urlencoded...

  • wp-admin/edit-form-comment.php

    ### Eclipse Workspace Patch 1.0
    #P wordpress-trunk
     
    6969 
    7070<div id="major-publishing-actions"> 
    7171<div id="delete-action"> 
    72 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . wp_get_referer(), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?> 
     72<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?> 
    7373</div> 
    7474<div id="publishing-action"> 
    7575<input type="submit" name="save" value="<?php _ea('Update Comment'); ?>" tabindex="4" class="button-primary" /> 
     
    130130 
    131131<input type="hidden" name="c" value="<?php echo attr($comment->comment_ID) ?>" /> 
    132132<input type="hidden" name="p" value="<?php echo attr($comment->comment_post_ID) ?>" /> 
    133 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 
     133<input name="referredby" type="hidden" id="referredby" value="<?php echo attr(clean_url(stripslashes(wp_get_referer()))); ?>" /> 
    134134<?php wp_original_referer_field(true, 'previous'); ?> 
    135135<input type="hidden" name="noredir" value="1" /> 
    136136