Make WordPress Core

Changeset 32206


Ignore:
Timestamp:
04/20/2015 01:43:56 PM (10 years ago)
Author:
pento
Message:

Ensure post titles are correctly escaped on the Dashboard. Merge of [32175] to the 3.7 branch.

Props helen, ocean90, dd32, pento.

Location:
branches/3.7/src/wp-admin
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7/src/wp-admin/includes/class-wp-comments-list-table.php

    r25526 r32206  
    494494        if ( current_user_can( 'edit_post', $post->ID ) ) {
    495495            $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
    496             $post_link .= get_the_title( $post->ID ) . '</a>';
     496            $post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
    497497        } else {
    498             $post_link = get_the_title( $post->ID );
     498            $post_link = esc_html( get_the_title( $post->ID ) );
    499499        }
    500500
  • branches/3.7/src/wp-admin/includes/dashboard.php

    r25868 r32206  
    659659
    660660    $comment_post_url = get_edit_post_link( $comment->comment_post_ID );
    661     $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
     661    $comment_post_title = _draft_or_post_title( $comment->comment_post_ID );
    662662    $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
    663663    $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
  • branches/3.7/src/wp-admin/includes/template.php

    r25695 r32206  
    13741374    if ( empty( $title ) )
    13751375        $title = __( '(no title)' );
    1376     return $title;
     1376    return esc_html( $title );
    13771377}
    13781378
  • branches/3.7/src/wp-admin/js/nav-menu.js

    r25708 r32206  
    445445                    var thisLink = menuItem.find( '.menus-move-left' ),
    446446                        thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft );
    447                     thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).html( thisLinkText ).css( 'display', 'inline' );
     447                    thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).text( thisLinkText ).css( 'display', 'inline' );
    448448                }
    449449
     
    452452                        var thisLink = menuItem.find( '.menus-move-right' ),
    453453                            thisLinkText = menus.under.replace( '%s', prevItemNameRight );
    454                         thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).html( thisLinkText ).css( 'display', 'inline' );
     454                        thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).text( thisLinkText ).css( 'display', 'inline' );
    455455                    }
    456456                }
     
    474474                }
    475475
    476                 $this.prop('title', title).html( title );
     476                $this.prop('title', title).text( title );
    477477            });
    478478        },
Note: See TracChangeset for help on using the changeset viewer.