WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/18/2009 04:05:07 PM (12 years ago)
Author:
ryan
Message:

Prophylactic escapes

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/category-template.php

    r11744 r11838  
    6969
    7070    if ( $link )
    71         $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $parent->cat_name ) . '">'.$name.'</a>' . $separator;
     71        $chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->cat_name ) ) . '">'.$name.'</a>' . $separator;
    7272    else
    7373        $chain .= $name.$separator;
     
    191191                    if ( $category->parent )
    192192                        $thelist .= get_category_parents( $category->parent, true, $separator );
    193                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a></li>';
     193                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
    194194                    break;
    195195                case 'single':
    196                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
     196                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
    197197                    if ( $category->parent )
    198198                        $thelist .= get_category_parents( $category->parent, false, $separator );
     
    201201                case '':
    202202                default:
    203                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
     203                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
    204204            }
    205205        }
     
    214214                    if ( $category->parent )
    215215                        $thelist .= get_category_parents( $category->parent, true, $separator );
    216                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
     216                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
    217217                    break;
    218218                case 'single':
    219                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
     219                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
    220220                    if ( $category->parent )
    221221                        $thelist .= get_category_parents( $category->parent, false, $separator );
     
    224224                case '':
    225225                default:
    226                     $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a>';
     226                    $thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
    227227            }
    228228            ++$i;
     
    353353
    354354    $categories = get_categories( $r );
     355    $name = esc_attr($name);
     356    $class = esc_attr($class);
    355357
    356358    $output = '';
Note: See TracChangeset for help on using the changeset viewer.