Make WordPress Core


Ignore:
Timestamp:
05/16/2014 10:43:31 PM (11 years ago)
Author:
lancewillett
Message:

Twenty Ten: correct attribute escaping in the attachment template. Props philiparthurmoore, see #28251.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-content/themes/twentyten/loop-attachment.php

    r25627 r28463  
    1919
    2020                <?php if ( ! empty( $post->post_parent ) ) : ?>
    21                     <p class="page-title"><a href="<?php echo get_permalink( $post->post_parent ); ?>" title="<?php echo esc_attr( sprintf( __( 'Return to %s', 'twentyten' ), strip_tags( get_the_title( $post->post_parent ) ) ) ); ?>" rel="gallery"><?php
     21                    <p class="page-title"><a href="<?php echo esc_url( get_permalink( $post->post_parent ) ); ?>" title="<?php echo esc_attr( sprintf( __( 'Return to %s', 'twentyten' ), strip_tags( get_the_title( $post->post_parent ) ) ) ); ?>" rel="gallery"><?php
    2222                        /* translators: %s - title of parent post */
    2323                        printf( __( '<span class="meta-nav">&larr;</span> %s', 'twentyten' ), get_the_title( $post->post_parent ) );
     
    5353                                printf( __( 'Full size is %s pixels', 'twentyten' ),
    5454                                    sprintf( '<a href="%1$s" title="%2$s">%3$s &times; %4$s</a>',
    55                                         wp_get_attachment_url(),
     55                                        esc_url( wp_get_attachment_url() ),
    5656                                        esc_attr( __( 'Link to full-size image', 'twentyten' ) ),
    5757                                        $metadata['width'],
     
    8686    }
    8787?>
    88                         <p class="attachment"><a href="<?php echo $next_attachment_url; ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><?php
     88                        <p class="attachment"><a href="<?php echo esc_url( $next_attachment_url ); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><?php
    8989                            /**
    9090                             * Filter the Twenty Ten default attachment width.
     
    111111                        </div><!-- #nav-below -->
    112112<?php else : ?>
    113                         <a href="<?php echo wp_get_attachment_url(); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><?php echo basename( get_permalink() ); ?></a>
     113                        <a href="<?php echo esc_url( wp_get_attachment_url() ); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><?php echo basename( get_permalink() ); ?></a>
    114114<?php endif; ?>
    115115                        </div><!-- .entry-attachment -->
Note: See TracChangeset for help on using the changeset viewer.