Make WordPress Core


Ignore:
Timestamp:
02/08/2010 08:28:13 PM (15 years ago)
Author:
ryan
Message:

Escape some attributes. Fix search form action. see #9015

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-content/themes/twentyten/comments.php

    r13027 r13029  
    7575                    <div id="form-section-author" class="form-section">
    7676                        <div class="form-label"><label for="author"><?php _e('Name', 'twentyten') ?></label> <?php if ($req) _e('<span class="required">*</span>', 'twentyten') ?></div>
    77                         <div class="form-input"><input id="author" name="author" type="text" value="<?php echo $comment_author ?>" size="30" tabindex="3" /></div>
     77                        <div class="form-input"><input id="author" name="author" type="text" value="<?php echo esc_attr($comment_author) ?>" size="30" tabindex="3" /></div>
    7878                    </div><!-- #form-section-author .form-section -->
    7979
    8080                    <div id="form-section-email" class="form-section">
    8181                        <div class="form-label"><label for="email"><?php _e('Email', 'twentyten') ?></label> <?php if ($req) _e('<span class="required">*</span>', 'twentyten') ?></div>
    82                         <div class="form-input"><input id="email" name="email" type="text" value="<?php echo $comment_author_email ?>" size="30" tabindex="4" /></div>
     82                        <div class="form-input"><input id="email" name="email" type="text" value="<?php echo esc_attr($comment_author_email) ?>" size="30" tabindex="4" /></div>
    8383                    </div><!-- #form-section-email .form-section -->
    8484
    8585                    <div id="form-section-url" class="form-section">
    8686                        <div class="form-label"><label for="url"><?php _e('Website', 'twentyten') ?></label></div>
    87                         <div class="form-input"><input id="url" name="url" type="text" value="<?php echo $comment_author_url ?>" size="30" tabindex="5" /></div>
     87                        <div class="form-input"><input id="url" name="url" type="text" value="<?php echo esc_attr($comment_author_url) ?>" size="30" tabindex="5" /></div>
    8888                    </div><!-- #form-section-url .form-section -->
    8989
     
    101101                    <?php do_action('comment_form', $post->ID); ?>
    102102
    103                     <div class="form-submit"><input id="submit" name="submit" type="submit" value="<?php _e('Post Comment', 'twentyten') ?>" tabindex="7" /><input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" /></div>
     103                    <div class="form-submit"><input id="submit" name="submit" type="submit" value="<?php esc_attr_e('Post Comment', 'twentyten') ?>" tabindex="7" /><input type="hidden" name="comment_post_ID" value="<?php echo esc_attr($id); ?>" /></div>
    104104
    105105<?php comment_id_fields(); ?>
Note: See TracChangeset for help on using the changeset viewer.