Changeset 35748
- Timestamp:
- 11/29/2015 02:40:42 AM (6 years ago)
- Location:
- trunk/src
- Files:
-
- 2 edited
-
wp-admin/includes/class-wp-comments-list-table.php (modified) (2 diffs)
-
wp-includes/comment-template.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-comments-list-table.php
r35726 r35748 696 696 697 697 if ( ! empty( $email ) && '@' !== $email ) { 698 printf( '<a href= \'mailto:%1$s\'>%1$s</a><br />', $email);698 printf( '<a href="%1$s">%2$s</a><br />', esc_url( 'mailto:' . $email ), esc_html( $email ) ); 699 699 } 700 700 } … … 706 706 $author_ip_url = add_query_arg( 'comment_status', 'spam', $author_ip_url ); 707 707 } 708 printf( '<a href="% s">%s</a>', esc_url( $author_ip_url ), $author_ip);708 printf( '<a href="%1$s">%2$s</a>', esc_url( $author_ip_url ), esc_html( $author_ip ) ); 709 709 } 710 710 } -
trunk/src/wp-includes/comment-template.php
r35723 r35748 185 185 $display = ($linktext != '') ? $linktext : $email; 186 186 $return = $before; 187 $return .= "<a href='mailto:$email'>$display</a>";187 $return .= sprintf( '<a href="%1$s">%2$s</a>', esc_url( 'mailto:' . $email ), esc_html( $display ) ); 188 188 $return .= $after; 189 189 return $return; … … 279 279 */ 280 280 function comment_author_IP( $comment_ID = 0 ) { 281 echo get_comment_author_IP( $comment_ID);281 echo esc_html( get_comment_author_IP( $comment_ID ) ); 282 282 } 283 283
Note: See TracChangeset
for help on using the changeset viewer.