Changeset 4952 for branches/2.1/wp-includes/functions.php
- Timestamp:
- 02/27/2007 07:16:15 AM (18 years ago)
- File:
-
- 1 edited
-
branches/2.1/wp-includes/functions.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/2.1/wp-includes/functions.php
r4876 r4952 1191 1191 $adminurl = get_option('siteurl') . '/wp-admin'; 1192 1192 if ( wp_get_referer() ) 1193 $adminurl = wp_get_referer();1193 $adminurl = attribute_escape(wp_get_referer()); 1194 1194 1195 1195 $title = __('WordPress Confirmation'); … … 1208 1208 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 1209 1209 } else { 1210 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . a dd_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI']) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";1210 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 1211 1211 } 1212 1212 $html .= "</body>\n</html>";
Note: See TracChangeset
for help on using the changeset viewer.