WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/18/2009 04:05:07 PM (12 years ago)
Author:
ryan
Message:

Prophylactic escapes

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/author-template.php

    r11450 r11838  
    133133function the_author_link() {
    134134    if ( get_the_author_meta('url') ) {
    135         echo '<a href="' . get_the_author_meta('url') . '" title="' . sprintf(__("Visit %s&#8217;s website"), get_the_author()) . '" rel="external">' . get_the_author() . '</a>';
     135        echo '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="external">' . get_the_author() . '</a>';
    136136    } else {
    137137        the_author();
     
    182182        '<a href="%1$s" title="%2$s">%3$s</a>',
    183183        get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
    184         sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ),
     184        esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
    185185        get_the_author()
    186186    );
     
    293293                $link = $name;
    294294        } else {
    295             $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>';
     295            $link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . esc_attr( sprintf(__("Posts by %s"), $author->display_name) ) . '">' . $name . '</a>';
    296296
    297297            if ( (! empty($feed_image)) || (! empty($feed)) ) {
     
    302302
    303303                if ( !empty($feed) ) {
    304                     $title = ' title="' . $feed . '"';
    305                     $alt = ' alt="' . $feed . '"';
     304                    $title = ' title="' . esc_attr($feed) . '"';
     305                    $alt = ' alt="' . esc_attr($feed) . '"';
    306306                    $name = $feed;
    307307                    $link .= $title;
     
    311311
    312312                if ( !empty($feed_image) )
    313                     $link .= "<img src=\"$feed_image\" style=\"border: none;\"$alt$title" . ' />';
     313                    $link .= "<img src=\"" . esc_url($feed_image) . "\" style=\"border: none;\"$alt$title" . ' />';
    314314                else
    315315                    $link .= $name;
Note: See TracChangeset for help on using the changeset viewer.