Changeset 13029 for trunk/wp-content/themes/twentyten/attachment.php

Timestamp:

02/08/2010 08:28:13 PM (15 years ago)

Author:

ryan

Message:

Escape some attributes. Fix search form action. see #9015

File:

• trunk/wp-content/themes/twentyten/attachment.php (modified) (5 diffs)

trunk/wp-content/themes/twentyten/attachment.php

@@ -6 +6 @@
 <?php the_post(); ?>
 
-                <p class="page-title"><a href="<?php echo get_permalink($post->post_parent) ?>" title="<?php printf( __( 'Return to %s', 'twentyten' ), wp_specialchars( get_the_title($post->post_parent), 1 ) ) ?>" rel="gallery">&larr; <?php echo get_the_title($post->post_parent) ?></a></p>
+                <p class="page-title"><a href="<?php echo get_permalink($post->post_parent) ?>" title="<?php printf( esc_attr__( 'Return to %s', 'twentyten' ), wp_specialchars( get_the_title($post->post_parent), 1 ) ) ?>" rel="gallery">&larr; <?php echo get_the_title($post->post_parent) ?></a></p>
 
                 <div id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
@@ -13 +13 @@
                     <div class="entry-meta">
                         <span class="meta-prep meta-prep-author"><?php _e('By ', 'twentyten'); ?></span>
-                        <span class="author vcard"><a class="url fn n" href="<?php echo get_author_posts_url( $authordata->ID, $authordata->user_nicename ); ?>" title="<?php printf( __( 'View all posts by %s', 'twentyten' ), $authordata->display_name ); ?>"><?php the_author(); ?></a></span>
+                        <span class="author vcard"><a class="url fn n" href="<?php echo get_author_posts_url( $authordata->ID, $authordata->user_nicename ); ?>" title="<?php printf( esc_attr__( 'View all posts by %s', 'twentyten' ), $authordata->display_name ); ?>"><?php the_author(); ?></a></span>
                         <span class="meta-sep"> | </span>
                         <span class="meta-prep meta-prep-entry-date"><?php _e('Published ', 'twentyten'); ?></span>
@@ -23 +23 @@
                         <div class="entry-attachment">
 <?php if ( wp_attachment_is_image( $post->id ) ) : $att_image = wp_get_attachment_image_src( $post->id, array(640,640)); ?>
-                        <p class="attachment"><a href="<?php echo wp_get_attachment_url($post->id); ?>" title="<?php the_title(); ?>" rel="attachment"><img src="<?php echo $att_image[0];?>" width="<?php echo $att_image[1];?>" height="<?php echo $att_image[2];?>"  class="attachment-medium" alt="<?php $post->post_excerpt; ?>" /></a>
+                        <p class="attachment"><a href="<?php echo wp_get_attachment_url($post->id); ?>" title="<?php echo esc_attr( get_the_title() ); ?>" rel="attachment"><img src="<?php echo $att_image[0];?>" width="<?php echo $att_image[1];?>" height="<?php echo $att_image[2];?>"  class="attachment-medium" alt="<?php $post->post_excerpt; ?>" /></a>
                         </p>
 
@@ -32 +32 @@
                 </div><!-- #nav-below -->
 <?php else : ?>
-                        <a href="<?php echo wp_get_attachment_url($post->ID) ?>" title="<?php echo wp_specialchars( get_the_title($post->ID), 1 ) ?>" rel="attachment"><?php echo basename($post->guid) ?></a>
+                        <a href="<?php echo wp_get_attachment_url($post->ID) ?>" title="<?php echo esc_attr( get_the_title($post->ID) ); ?>" rel="attachment"><?php echo basename($post->guid) ?></a>
 <?php endif; ?>
                         </div>
@@ -50 +50 @@
                         comments_rss() ) ?>
 
-<?php if ( ('open' == $post->comment_status) && ('open' == $post->ping_status) ) : // Comments and trackbacks open ?>
+<?php if ( comments_open() && pings_open() ) : // Comments and trackbacks open ?>
                         <?php printf( __( '<a class="comment-link" href="#respond" title="Post a comment">Post a comment</a> or leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'twentyten' ), get_trackback_url() ) ?>
-<?php elseif ( !('open' == $post->comment_status) && ('open' == $post->ping_status) ) : // Only trackbacks open ?>
+<?php elseif ( !comments_open() && pings_open() ) : // Only trackbacks open ?>
                         <?php printf( __( 'Comments are closed, but you can leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', 'twentyten' ), get_trackback_url() ) ?>
-<?php elseif ( ('open' == $post->comment_status) && !('open' == $post->ping_status) ) : // Only comments open ?>
+<?php elseif ( comments_open() && !pings_open() ) : // Only comments open ?>
                         <?php _e( 'Trackbacks are closed, but you can <a class="comment-link" href="#respond" title="Post a comment">post a comment</a>.', 'twentyten' ) ?>
-<?php elseif ( !('open' == $post->comment_status) && !('open' == $post->ping_status) ) : // Comments and trackbacks closed ?>
+<?php elseif ( !comments_open() && !pings_open() ) : // Comments and trackbacks closed ?>
                         <?php _e( 'Both comments and trackbacks are currently closed.', 'twentyten' ) ?>
 <?php endif; ?>