WordPress.org
Get WordPress

Make WordPress Core

Changeset 11722


Ignore:
Timestamp:
07/20/2009 01:11:14 AM (16 years ago)
Author:
ryan
Message:

Escape , , and for use in attributes by default since so many themes don't escape them. Use wp_get_current_commenter() to get the raw values.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-includes/comment-template.php

    r11721 r11722  
    819819
    820820    $req = get_option('require_name_email');
     821
     822    /**
     823     * Raw comment author information fetched from the comment cookies.
     824     *
     825     * @uses wp_get_current_commenter()
     826     */
    821827    $commenter = wp_get_current_commenter();
    822     extract($commenter, EXTR_SKIP);
     828
     829    /**
     830     * The name of the current comment author escaped for use in attributes.  Use
     831     * wp_get_current_commenter() to get the raw value.
     832     */
     833    $comment_author = esc_attr($commenter['comment_author']);
     834
     835    /**
     836     * The email address of the current comment author escaped for use in attributes.  Use
     837     * wp_get_current_commenter() to get the raw value.
     838     */
     839    $comment_author_email = esc_attr($commenter['comment_author_email']);
     840
     841    /**
     842     * The url of the current comment author escaped for use in attributes.  Use
     843     * wp_get_current_commenter() to get the raw value.
     844     */
     845    $comment_author_url = esc_url($commenter['comment_author_url']);
    823846
    824847    /** @todo Use API instead of SELECTs. */
Note: See TracChangeset for help on using the changeset viewer.