WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/03/2010 11:38:38 PM (11 years ago)
Author:
nacin
Message:

Have get_search_query() escape by default, like it's echoing counterpart the_search_query(). see #12780

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/general-template.php

    r13831 r13978  
    157157    $form = '<form role="search" method="get" id="searchform" action="' . home_url() . '/" >
    158158    <div><label class="screen-reader-text" for="s">' . __('Search for:') . '</label>
    159     <input type="text" value="' . esc_attr(apply_filters('the_search_query', get_search_query())) . '" name="s" id="s" />
     159    <input type="text" value="' . get_search_query() . '" name="s" id="s" />
    160160    <input type="submit" id="searchsubmit" value="'. esc_attr__('Search') .'" />
    161161    </div>
     
    16431643        $href = get_author_feed_link( $author_id );
    16441644    } elseif ( is_search() ) {
    1645         $title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query() ));
     1645        $title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) ));
    16461646        $href = get_search_feed_link();
    16471647    }
     
    18261826 * Retrieve the contents of the search WordPress query variable.
    18271827 *
    1828  * @since 2.3.0
    1829  *
    1830  * @return string
    1831  */
    1832 function get_search_query() {
    1833     return apply_filters( 'get_search_query', get_query_var( 's' ) );
    1834 }
    1835 
    1836 /**
    1837  * Display the contents of the search query variable.
    1838  *
    18391828 * The search query string is passed through {@link esc_attr()}
    18401829 * to ensure that it is safe for placing in an html attribute.
    18411830 *
    1842  * @uses attr
     1831 * @since 2.3.0
     1832 * @uses esc_attr()
     1833 *
     1834 * @param bool $escaped Whether the result is escaped. Default true.
     1835 *  Only use when you are later escaping it. Do not use unescaped.
     1836 * @return string
     1837 */
     1838function get_search_query( $escaped = true ) {
     1839    $query = apply_filters( 'get_search_query', get_query_var( 's' ) );
     1840    if ( $escaped )
     1841        $query = esc_attr( $query );
     1842    return $query;
     1843}
     1844
     1845/**
     1846 * Display the contents of the search query variable.
     1847 *
     1848 * The search query string is passed through {@link esc_attr()}
     1849 * to ensure that it is safe for placing in an html attribute.
     1850 *
     1851 * @uses esc_attr()
    18431852 * @since 2.1.0
    18441853 */
    18451854function the_search_query() {
    1846     echo esc_attr( apply_filters( 'the_search_query', get_search_query() ) );
     1855    echo esc_attr( apply_filters( 'the_search_query', get_search_query( false ) ) );
    18471856}
    18481857
Note: See TracChangeset for help on using the changeset viewer.