WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/18/2009 04:05:07 PM (12 years ago)
Author:
ryan
Message:

Prophylactic escapes

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post-template.php

    r11642 r11838  
    342342        $classes = array_merge($classes, $class);
    343343    }
     344
     345    $classes = array_map('esc_attr', $classes);
    344346
    345347    return apply_filters('post_class', $classes, $class, $post_id);
     
    478480        $classes = array_merge($classes, $class);
    479481    }
     482
     483    $classes = array_map('esc_attr', $classes);
    480484
    481485    return apply_filters('body_class', $classes, $class);
     
    707711    $pages = get_pages($r);
    708712    $output = '';
     713    $name = esc_attr($name);
    709714
    710715    if ( ! empty($pages) ) {
     
    843848        $menu = '<ul>' . $menu . '</ul>';
    844849
    845     $menu = '<div class="' . $args['menu_class'] . '">' . $menu . "</div>\n";
     850    $menu = '<div class="' . esc_attr($args['menu_class']) . '">' . $menu . "</div>\n";
    846851    $menu = apply_filters( 'wp_page_menu', $menu, $args );
    847852    if ( $args['echo'] )
Note: See TracChangeset for help on using the changeset viewer.