WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/20/2015 07:38:29 AM (6 years ago)
Author:
pento
Message:

Ensure post titles are correctly escaped on the Dashboard.

Props helen, ocean90, dd32, pento.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-comments-list-table.php

    r31889 r32175  
    562562        if ( current_user_can( 'edit_post', $post->ID ) ) {
    563563            $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
    564             $post_link .= get_the_title( $post->ID ) . '</a>';
     564            $post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
    565565        } else {
    566             $post_link = get_the_title( $post->ID );
     566            $post_link = esc_html( get_the_title( $post->ID ) );
    567567        }
    568568
Note: See TracChangeset for help on using the changeset viewer.