WordPress.org

Make WordPress Core

Changeset 26487


Ignore:
Timestamp:
11/30/2013 10:38:46 PM (6 years ago)
Author:
SergeyBiryukov
Message:

Escape smiley URL in translate_smiley().

props simonwheatley.
fixes #25529.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r26486 r26487  
    18631863    $smiley = trim( reset( $matches ) );
    18641864    $img = $wpsmiliestrans[ $smiley ];
    1865     $smiley_masked = esc_attr( $smiley );
    18661865
    18671866    /**
     
    18761875    $src_url = apply_filters( 'smilies_src', includes_url( "images/smilies/$img" ), $img, site_url() );
    18771876
    1878     return " <img src='$src_url' alt='$smiley_masked' class='wp-smiley' /> ";
     1877    return sprintf( ' <img src="%s" alt="%s" class="wp-smiley" /> ', esc_url( $src_url ), esc_attr( $smiley ) );
    18791878}
    18801879
Note: See TracChangeset for help on using the changeset viewer.