WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/01/2013 05:58:43 PM (8 years ago)
Author:
nacin
Message:

Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().

Use wp_slash() instead of addslashes().

see #21767.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-comment.php

    r23563 r23578  
    133133<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
    134134<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
    135 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
     135<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_get_referer() ); ?>" />
    136136<?php wp_original_referer_field(true, 'previous'); ?>
    137137<input type="hidden" name="noredir" value="1" />
Note: See TracChangeset for help on using the changeset viewer.