Make WordPress Core


Ignore:
Timestamp:
04/20/2015 01:43:56 PM (10 years ago)
Author:
pento
Message:

Ensure post titles are correctly escaped on the Dashboard. Merge of [32175] to the 3.7 branch.

Props helen, ocean90, dd32, pento.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7/src/wp-admin/includes/class-wp-comments-list-table.php

    r25526 r32206  
    494494        if ( current_user_can( 'edit_post', $post->ID ) ) {
    495495            $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
    496             $post_link .= get_the_title( $post->ID ) . '</a>';
     496            $post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
    497497        } else {
    498             $post_link = get_the_title( $post->ID );
     498            $post_link = esc_html( get_the_title( $post->ID ) );
    499499        }
    500500
Note: See TracChangeset for help on using the changeset viewer.