Make WordPress Core

Changeset 11120


Ignore:
Timestamp:
04/29/2009 04:20:14 PM (15 years ago)
Author:
ryan
Message:

urlencode referrer. Props hakre. fixes #8587

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-comment.php

    r11109 r11120  
    7070<div id="major-publishing-actions">
    7171<div id="delete-action">
    72 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . wp_get_referer(), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
     72<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
    7373</div>
    7474<div id="publishing-action">
     
    131131<input type="hidden" name="c" value="<?php echo attr($comment->comment_ID) ?>" />
    132132<input type="hidden" name="p" value="<?php echo attr($comment->comment_post_ID) ?>" />
    133 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
     133<input name="referredby" type="hidden" id="referredby" value="<?php echo attr(clean_url(stripslashes(wp_get_referer()))); ?>" />
    134134<?php wp_original_referer_field(true, 'previous'); ?>
    135135<input type="hidden" name="noredir" value="1" />
Note: See TracChangeset for help on using the changeset viewer.