Index: branches/3.7/src/wp-admin/includes/post.php
===================================================================
--- branches/3.7/src/wp-admin/includes/post.php (revision 37808)
+++ branches/3.7/src/wp-admin/includes/post.php (revision 37823)
@@ -1155,9 +1155,9 @@
if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) {
- $return = '' . __('Permalink:') . "\n" . '' . $permalink . "\n";
+ $return = '' . __('Permalink:') . "\n" . '' . esc_html( $permalink ) . "\n";
if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) )
$return .= '' . __('Change Permalinks') . "\n";
if ( isset( $view_post ) )
- $return .= "$view_post\n";
+ $return .= "$view_post\n";
$return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);
@@ -1180,6 +1180,6 @@
}
- $post_name_html = '' . $post_name_abridged . '';
- $display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, $permalink);
+ $post_name_html = '' . esc_html( $post_name_abridged ) . '';
+ $display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, esc_html( $permalink ) );
$view_link = str_replace(array('%pagename%','%postname%'), $post_name, $permalink);
$return = '' . __('Permalink:') . "\n";
@@ -1187,7 +1187,7 @@
$return .= ''; // Fix bi-directional text display defect in RTL languages.
$return .= '' . __('Edit') . "\n";
- $return .= '' . $post_name . "\n";
+ $return .= '' . esc_html( $post_name ) . "\n";
if ( isset($view_post) )
- $return .= "$view_post\n";
+ $return .= "$view_post\n";
$return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);