WordPress.org

Make WordPress Core

Changeset 29398


Ignore:
Timestamp:
08/06/2014 07:50:12 AM (5 years ago)
Author:
nacin
Message:

Escape late in get_avatar().

Merges [29397] to the 3.9 branch.

Location:
branches/3.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9

  • branches/3.9/src/wp-includes/pluggable.php

    r29384 r29398  
    21142114        $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
    21152115    } else {
    2116         $avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
     2116        $out = esc_url( $default );
     2117        $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
    21172118    }
    21182119
Note: See TracChangeset for help on using the changeset viewer.