Make WordPress Core

Changeset 34139


Ignore:
Timestamp:
09/14/2015 10:41:12 PM (9 years ago)
Author:
nbachiyski
Message:

List tables: escape user e-mails

Merges [34133] for 4.1 branch

Location:
branches/4.1/src/wp-admin/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.1/src/wp-admin/includes/class-wp-ms-users-list-table.php

    r30679 r34139  
    226226
    227227                    case 'email':
    228                         echo "<td $attributes><a href='mailto:$user->user_email'>$user->user_email</a></td>";
     228                        echo "<td $attributes><a href='" . esc_url( "mailto:$user->user_email" ) . "'>$user->user_email</a></td>";
    229229                    break;
    230230
  • branches/4.1/src/wp-admin/includes/class-wp-users-list-table.php

    r30537 r34139  
    420420                    break;
    421421                case 'email':
    422                     $r .= "<td $attributes><a href='mailto:$email' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
     422                    $r .= "<td $attributes><a href='" . esc_url( "mailto:$email" ) . "' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
    423423                    break;
    424424                case 'role':
Note: See TracChangeset for help on using the changeset viewer.