Changeset 10532

Timestamp:

02/09/2009 10:59:54 PM (17 years ago)

Author:

ryan

Message:

Add some attribute_escape()s for good measure. see #8878

File:

• trunk/wp-includes/general-template.php (modified) (3 diffs)

trunk/wp-includes/general-template.php

@@ -1411 +1411 @@
     $args = wp_parse_args( $args, $defaults );
 
-    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['rsstitle'], get_bloginfo('name') ) . '" href="' . get_feed_link() . "\" />\n";
-    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['comstitle'], get_bloginfo('name') ) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
+    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['rsstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link() . "\" />\n";
+    echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['comstitle'], get_bloginfo('name') )) . '" href="' . get_feed_link( 'comments_' . get_default_feed() ) . "\" />\n";
 }
 
@@ -1437 +1437 @@
         $post = &get_post( $id = 0 );
         if ( comments_open() || pings_open() || $post->comment_count > 0 )
-            echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['singletitle'], get_bloginfo('name'), $args['seperator'], wp_specialchars( get_the_title() ) ) . '" href="' . get_post_comments_feed_link( $post->ID ) . "\" />\n";
+            echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['singletitle'], get_bloginfo('name'), $args['seperator'], wp_specialchars( get_the_title() ) )) . '" href="' . get_post_comments_feed_link( $post->ID ) . "\" />\n";
     }
 
     elseif ( is_category() ) {
         $cat_id = intval( get_query_var('cat') );
-        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['cattitle'], get_bloginfo('name'), $args['seperator'], get_cat_name( $cat_id ) ) . '" href="' . get_category_feed_link( $cat_id ) . "\" />\n";
+        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['cattitle'], get_bloginfo('name'), $args['seperator'], get_cat_name( $cat_id ) )) . '" href="' . get_category_feed_link( $cat_id ) . "\" />\n";
     }
 
@@ -1448 +1448 @@
         $tag_id = intval( get_query_var('tag_id') );
         $tag = get_tag( $tag_id );
-        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['tagtitle'], get_bloginfo('name'), $args['seperator'], $tag->name ) . '" href="' . get_tag_feed_link( $tag_id ) . "\" />\n";
+        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['seperator'], $tag->name )) . '" href="' . get_tag_feed_link( $tag_id ) . "\" />\n";
     }
 
     elseif ( is_author() ) {
         $author_id = intval( get_query_var('author') );
-        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['authortitle'], get_bloginfo('name'), $args['seperator'], get_author_name( $author_id ) ) . '" href="' . get_author_feed_link( $author_id ) . "\" />\n";
+        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['authortitle'], get_bloginfo('name'), $args['seperator'], get_author_name( $author_id ) )) . '" href="' . get_author_feed_link( $author_id ) . "\" />\n";
     }
 
     elseif ( is_search() ) {
-        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . sprintf( $args['searchtitle'], get_bloginfo('name'), $args['seperator'], get_search_query() ) . '" href="' . get_search_feed_link() . "\" />\n";
+        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . attribute_escape(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['seperator'], get_search_query() )) . '" href="' . get_search_feed_link() . "\" />\n";
     }
 }