WordPress.org

Make WordPress Core

Changeset 10532


Ignore:
Timestamp:
02/09/09 22:59:54 (7 years ago)
Author:
ryan
Message:

Add some attribute_escape()s for good measure. see #8878

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/general-template.php

    r10467 r10532  
    14111411    $args = wp_parse_args( $args, $defaults ); 
    14121412 
    1413     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['rsstitle'], get_bloginfo('name') ) . '" href="' . get_feed_link() . "\" />\n"; 
    1414     echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['comstitle'], get_bloginfo('name') ) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n"; 
     1413    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['rsstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n"; 
     1414    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n"; 
    14151415} 
    14161416 
     
    14371437        $post = &get_post( $id = 0 ); 
    14381438        if ( comments_open() || pings_open() || $post->comment_count > 0 ) 
    1439             echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['singletitle'], get_bloginfo('name'), $args['seperator'], wp_specialchars( get_the_title() ) ) . '" href="' . get_post_comments_feed_link( $post->ID ) . "\" />\n"; 
     1439            echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['singletitle'], get_bloginfo('name'), $args['seperator'], wp_specialchars( get_the_title() ) )) . '" href="' . get_post_comments_feed_link( $post->ID ) . "\" />\n"; 
    14401440    } 
    14411441 
    14421442    elseif ( is_category() ) { 
    14431443        $cat_id = intval( get_query_var('cat') ); 
    1444         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['cattitle'], get_bloginfo('name'), $args['seperator'], get_cat_name( $cat_id ) ) . '" href="' . get_category_feed_link( $cat_id ) . "\" />\n"; 
     1444        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['cattitle'], get_bloginfo('name'), $args['seperator'], get_cat_name( $cat_id ) )) . '" href="' . get_category_feed_link( $cat_id ) . "\" />\n"; 
    14451445    } 
    14461446 
     
    14481448        $tag_id = intval( get_query_var('tag_id') ); 
    14491449        $tag = get_tag( $tag_id ); 
    1450         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['tagtitle'], get_bloginfo('name'), $args['seperator'], $tag->name ) . '" href="' . get_tag_feed_link( $tag_id ) . "\" />\n"; 
     1450        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['seperator'], $tag->name )) . '" href="' . get_tag_feed_link( $tag_id ) . "\" />\n"; 
    14511451    } 
    14521452 
    14531453    elseif ( is_author() ) { 
    14541454        $author_id = intval( get_query_var('author') ); 
    1455         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['authortitle'], get_bloginfo('name'), $args['seperator'], get_author_name( $author_id ) ) . '" href="' . get_author_feed_link( $author_id ) . "\" />\n"; 
     1455        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['authortitle'], get_bloginfo('name'), $args['seperator'], get_author_name( $author_id ) )) . '" href="' . get_author_feed_link( $author_id ) . "\" />\n"; 
    14561456    } 
    14571457 
    14581458    elseif ( is_search() ) { 
    1459         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['searchtitle'], get_bloginfo('name'), $args['seperator'], get_search_query() ) . '" href="' . get_search_feed_link() . "\" />\n"; 
     1459        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['seperator'], get_search_query() )) . '" href="' . get_search_feed_link() . "\" />\n"; 
    14601460    } 
    14611461} 
Note: See TracChangeset for help on using the changeset viewer.