Make WordPress Core


Ignore:
Timestamp:
10/31/2011 08:22:35 PM (13 years ago)
Author:
ryan
Message:

Escape href in feed_links_extra(). Props solarissmoke. fixes #17408

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/general-template.php

    r19094 r19096  
    16261626
    16271627        if ( comments_open() || pings_open() || $post->comment_count > 0 ) {
    1628             $title = esc_attr(sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) ));
     1628            $title = sprintf( $args['singletitle'], get_bloginfo('name'), $args['separator'], esc_html( get_the_title() ) );
    16291629            $href = get_post_comments_feed_link( $post->ID );
    16301630        }
     
    16321632        $term = get_queried_object();
    16331633
    1634         $title = esc_attr(sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], $term->name ));
     1634        $title = sprintf( $args['cattitle'], get_bloginfo('name'), $args['separator'], $term->name );
    16351635        $href = get_category_feed_link( $term->term_id );
    16361636    } elseif ( is_tag() ) {
    16371637        $term = get_queried_object();
    16381638
    1639         $title = esc_attr(sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $term->name ));
     1639        $title = sprintf( $args['tagtitle'], get_bloginfo('name'), $args['separator'], $term->name );
    16401640        $href = get_tag_feed_link( $term->term_id );
    16411641    } elseif ( is_author() ) {
    16421642        $author_id = intval( get_query_var('author') );
    16431643
    1644         $title = esc_attr(sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) ));
     1644        $title = sprintf( $args['authortitle'], get_bloginfo('name'), $args['separator'], get_the_author_meta( 'display_name', $author_id ) );
    16451645        $href = get_author_feed_link( $author_id );
    16461646    } elseif ( is_search() ) {
    1647         $title = esc_attr(sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) ));
     1647        $title = sprintf( $args['searchtitle'], get_bloginfo('name'), $args['separator'], get_search_query( false ) );
    16481648        $href = get_search_feed_link();
    16491649    }
    16501650
    16511651    if ( isset($title) && isset($href) )
    1652         echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . $title . '" href="' . $href . '" />' . "\n";
     1652        echo '<link rel="alternate" type="' . feed_content_type() . '" title="' . esc_attr( $title ) . '" href="' . esc_url( $href ) . '" />' . "\n";
    16531653}
    16541654
Note: See TracChangeset for help on using the changeset viewer.