Make WordPress Core

Changeset 14137


Ignore:
Timestamp:
04/18/2010 06:01:19 AM (14 years ago)
Author:
nacin
Message:

Escape some permalinks. add_query_arg will &, not &, so we need to use esc_url those when used in an attribute. fixes #12126.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-advanced.php

    r14107 r14137  
    3737$messages['post'] = array(
    3838    '',
    39     sprintf( __('Post updated. <a href="%s">View post</a>'), get_permalink($post_ID) ),
     39    sprintf( __('Post updated. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ),
    4040    __('Custom field updated.'),
    4141    __('Custom field deleted.'),
     
    4343    /* translators: %s: date and time of the revision */
    4444    isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false,
    45     sprintf( __('Post published. <a href="%s">View post</a>'), get_permalink($post_ID) ),
     45    sprintf( __('Post published. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ),
    4646    __('Post saved.'),
    47     sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
     47    sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
    4848    sprintf( __('Post scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview post</a>'),
    4949        // translators: Publish box date format, see http://php.net/date
    50         date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),
    51     sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) )
     50        date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ),
     51    sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
    5252);
    5353$messages['page'] = array(
    5454    '',
    55     sprintf( __('Page updated. <a href="%s">View page</a>'), get_permalink($post_ID) ),
     55    sprintf( __('Page updated. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ),
    5656    __('Custom field updated.'),
    5757    __('Custom field deleted.'),
    5858    __('Page updated.'),
    5959    isset($_GET['revision']) ? sprintf( __('Page restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false,
    60     sprintf( __('Page published. <a href="%s">View page</a>'), get_permalink($post_ID) ),
     60    sprintf( __('Page published. <a href="%s">View page</a>'), esc_url( get_permalink($post_ID) ) ),
    6161    __('Page saved.'),
    62     sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ),
    63     sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), get_permalink($post_ID) ),
    64     sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) )
     62    sprintf( __('Page submitted. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
     63    sprintf( __('Page scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview page</a>'), date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ),
     64    sprintf( __('Page draft updated. <a target="_blank" href="%s">Preview page</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
    6565);
    6666
Note: See TracChangeset for help on using the changeset viewer.