Make WordPress Core

Changeset 44500


Ignore:
Timestamp:
01/09/2019 06:10:13 AM (6 years ago)
Author:
pento
Message:

Bundled Themes: Run the pingback_url through esc_url().

Twenties Ten through Seventeen have been updated to properly escape the pingback URL. Twenty Nineteen is already escaping the URL.

Props soulseekah, sharaz.
Fixes #43717.

Location:
trunk/src/wp-content/themes
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-content/themes/twentyeleven/header.php

    r43571 r44500  
    5050<link rel="profile" href="http://gmpg.org/xfn/11" />
    5151<link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>" />
    52 <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" />
     52<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
    5353<!--[if lt IE 9]>
    5454<script src="<?php echo get_template_directory_uri(); ?>/js/html5.js" type="text/javascript"></script>
  • trunk/src/wp-content/themes/twentyfifteen/header.php

    r43571 r44500  
    1515    <meta name="viewport" content="width=device-width">
    1616    <link rel="profile" href="http://gmpg.org/xfn/11">
    17     <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
     17    <link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
    1818    <!--[if lt IE 9]>
    1919    <script src="<?php echo esc_url( get_template_directory_uri() ); ?>/js/html5.js"></script>
  • trunk/src/wp-content/themes/twentyfourteen/header.php

    r43571 r44500  
    2424    <title><?php wp_title( '|', true, 'right' ); ?></title>
    2525    <link rel="profile" href="http://gmpg.org/xfn/11">
    26     <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
     26    <link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
    2727    <!--[if lt IE 9]>
    2828    <script src="<?php echo get_template_directory_uri(); ?>/js/html5.js"></script>
  • trunk/src/wp-content/themes/twentyseventeen/functions.php

    r44479 r44500  
    411411function twentyseventeen_pingback_header() {
    412412    if ( is_singular() && pings_open() ) {
    413         printf( '<link rel="pingback" href="%s">' . "\n", get_bloginfo( 'pingback_url' ) );
     413        printf( '<link rel="pingback" href="%s">' . "\n", esc_url( get_bloginfo( 'pingback_url' ) ) );
    414414    }
    415415}
  • trunk/src/wp-content/themes/twentysixteen/header.php

    r43571 r44500  
    1717    <link rel="profile" href="http://gmpg.org/xfn/11">
    1818    <?php if ( is_singular() && pings_open( get_queried_object() ) ) : ?>
    19     <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
     19    <link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
    2020    <?php endif; ?>
    2121    <?php wp_head(); ?>
  • trunk/src/wp-content/themes/twentyten/header.php

    r43571 r44500  
    4040<link rel="profile" href="http://gmpg.org/xfn/11" />
    4141<link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>" />
    42 <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" />
     42<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
    4343<?php
    4444    /*
  • trunk/src/wp-content/themes/twentythirteen/header.php

    r43571 r44500  
    2424    <title><?php wp_title( '|', true, 'right' ); ?></title>
    2525    <link rel="profile" href="http://gmpg.org/xfn/11">
    26     <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
     26    <link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
    2727    <!--[if lt IE 9]>
    2828    <script src="<?php echo get_template_directory_uri(); ?>/js/html5.js"></script>
  • trunk/src/wp-content/themes/twentytwelve/header.php

    r43571 r44500  
    2424<title><?php wp_title( '|', true, 'right' ); ?></title>
    2525<link rel="profile" href="http://gmpg.org/xfn/11" />
    26 <link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" />
     26<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
    2727<?php // Loads HTML5 JavaScript file to add support for HTML5 elements in older IE versions. ?>
    2828<!--[if lt IE 9]>
Note: See TracChangeset for help on using the changeset viewer.