Changeset 4951
- Timestamp:
- 02/27/2007 07:15:47 AM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/functions.php
r4934 r4951 1271 1271 $adminurl = get_option('siteurl') . '/wp-admin'; 1272 1272 if ( wp_get_referer() ) 1273 $adminurl = wp_get_referer();1273 $adminurl = attribute_escape(wp_get_referer()); 1274 1274 1275 1275 $title = __('WordPress Confirmation'); … … 1288 1288 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 1289 1289 } else { 1290 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . a dd_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI']) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";1290 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 1291 1291 } 1292 1292 $html .= "</body>\n</html>";
Note: See TracChangeset
for help on using the changeset viewer.