WordPress.org

Make WordPress Core

Changeset 10532


Ignore:
Timestamp:
02/09/2009 10:59:54 PM (9 years ago)
Author:
ryan
Message:

Add some attribute_escape()s for good measure. see #8878

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/general-template.php

    r10467 r10532  
    14111411    $args = wp_parse_args( $args, $defaults );
    14121412
    1413     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['rsstitle'], get_bloginfo('name') ) . '" href="' . get_feed_link() . "\" />\n";
    1414     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['comstitle'], get_bloginfo('name') ) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
     1413    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['rsstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
     1414    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
    14151415}
    14161416
     
    14371437        $post = &get_post( $id = 0 );
    14381438        if ( comments_open() || pings_open() || $post->comment_count > 0 )
    1439             echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['singletitle'], get_bloginfo('name'), $args['seperator'], wp_specialchars( get_the_title() ) ) . '" href="' . get_post_comments_feed_link( $post->ID ) . "\" />\n";
     1439            echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['singletitle'], get_bloginfo('name'), $args['seperator'], wp_specialchars( get_the_title() ) )) . '" href="' . get_post_comments_feed_link( $post->ID ) . "\" />\n";
    14401440    }
    14411441
    14421442    elseif ( is_category() ) {
    14431443        $cat_id = intval( get_query_var('cat') );
    1444         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['cattitle'], get_bloginfo('name'), $args['seperator'], get_cat_name( $cat_id ) ) . '" href="' . get_category_feed_link( $cat_id ) . "\" />\n";
     1444        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['cattitle'], get_bloginfo('name'), $args['seperator'], get_cat_name( $cat_id ) )) . '" href="' . get_category_feed_link( $cat_id ) . "\" />\n";
    14451445    }
    14461446
     
    14481448        $tag_id = intval( get_query_var('tag_id') );
    14491449        $tag = get_tag( $tag_id );
    1450         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['tagtitle'], get_bloginfo('name'), $args['seperator'], $tag->name ) . '" href="' . get_tag_feed_link( $tag_id ) . "\" />\n";
     1450        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['seperator'], $tag->name )) . '" href="' . get_tag_feed_link( $tag_id ) . "\" />\n";
    14511451    }
    14521452
    14531453    elseif ( is_author() ) {
    14541454        $author_id = intval( get_query_var('author') );
    1455         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['authortitle'], get_bloginfo('name'), $args['seperator'], get_author_name( $author_id ) ) . '" href="' . get_author_feed_link( $author_id ) . "\" />\n";
     1455        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['authortitle'], get_bloginfo('name'), $args['seperator'], get_author_name( $author_id ) )) . '" href="' . get_author_feed_link( $author_id ) . "\" />\n";
    14561456    }
    14571457
    14581458    elseif ( is_search() ) {
    1459         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['searchtitle'], get_bloginfo('name'), $args['seperator'], get_search_query() ) . '" href="' . get_search_feed_link() . "\" />\n";
     1459        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['seperator'], get_search_query() )) . '" href="' . get_search_feed_link() . "\" />\n";
    14601460    }
    14611461}
Note: See TracChangeset for help on using the changeset viewer.