WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/18/2009 04:05:07 PM (12 years ago)
Author:
ryan
Message:

Prophylactic escapes

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment-template.php

    r11724 r11838  
    338338        $classes = array_merge($classes, $class);
    339339    }
     340
     341    $classes = array_map('esc_attr', $classes);
    340342
    341343    return apply_filters('comment_class', $classes, $class, $comment_id, $post_id);
     
    941943
    942944    if ( 0 == $number && !comments_open() && !pings_open() ) {
    943         echo '<span' . ((!empty($css_class)) ? ' class="' . $css_class . '"' : '') . '>' . $none . '</span>';
     945        echo '<span' . ((!empty($css_class)) ? ' class="' . esc_attr( $css_class ) . '"' : '') . '>' . $none . '</span>';
    944946        return;
    945947    }
     
    973975    echo apply_filters( 'comments_popup_link_attributes', '' );
    974976
    975     echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">';
     977    echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">';
    976978    comments_number( $zero, $one, $more, $number );
    977979    echo '</a>';
Note: See TracChangeset for help on using the changeset viewer.