WordPress.org
Get WordPress

Make WordPress Core

Changeset 32175


Ignore:
Timestamp:
04/20/2015 07:38:29 AM (10 years ago)
Author:
pento
Message:

Ensure post titles are correctly escaped on the Dashboard.

Props helen, ocean90, dd32, pento.

Location:
trunk/src/wp-admin
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-admin/includes/class-wp-comments-list-table.php

    r31889 r32175  
    562562        if ( current_user_can( 'edit_post', $post->ID ) ) {
    563563            $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
    564             $post_link .= get_the_title( $post->ID ) . '</a>';
     564            $post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
    565565        } else {
    566             $post_link = get_the_title( $post->ID );
     566            $post_link = esc_html( get_the_title( $post->ID ) );
    567567        }
    568568

  • trunk/src/wp-admin/includes/dashboard.php

    r32116 r32175  
    521521    $GLOBALS['comment'] =& $comment;
    522522
    523     $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
     523    $comment_post_title = _draft_or_post_title( $comment->comment_post_ID );
    524524
    525525    if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {

  • trunk/src/wp-admin/includes/template.php

    r31999 r32175  
    15571557    if ( empty( $title ) )
    15581558        $title = __( '(no title)' );
    1559     return $title;
     1559    return esc_html( $title );
    15601560}
    15611561

  • trunk/src/wp-admin/js/nav-menu.js

    r31996 r32175  
    464464                thisLink = menuItem.find( '.menus-move-left' ),
    465465                thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft );
    466                 thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).html( thisLinkText ).css( 'display', 'inline' );
     466                thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).text( thisLinkText ).css( 'display', 'inline' );
    467467            }
    468468
     
    471471                    thisLink = menuItem.find( '.menus-move-right' ),
    472472                    thisLinkText = menus.under.replace( '%s', prevItemNameRight );
    473                     thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).html( thisLinkText ).css( 'display', 'inline' );
     473                    thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).text( thisLinkText ).css( 'display', 'inline' );
    474474                }
    475475            }
Note: See TracChangeset for help on using the changeset viewer.