WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
04/20/2015 01:41:34 PM (10 years ago)
Author:
pento
Message:

Ensure post titles are correctly escaped on the Dashboard. Merge of [32175] to the 3.8 branch.

Props helen, ocean90, dd32, pento.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/3.8/src/wp-admin/includes/class-wp-comments-list-table.php

    r26962 r32205  
    538538        if ( current_user_can( 'edit_post', $post->ID ) ) {
    539539            $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
    540             $post_link .= get_the_title( $post->ID ) . '</a>';
     540            $post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
    541541        } else {
    542             $post_link = get_the_title( $post->ID );
     542            $post_link = esc_html( get_the_title( $post->ID ) );
    543543        }
    544544
Note: See TracChangeset for help on using the changeset viewer.