Make WordPress Core


Ignore:
Timestamp:
03/09/2007 04:36:24 AM (18 years ago)
Author:
markjaquith
Message:

Sanitize browser-bound add_query_arg() outputs. fixes #3937

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/wp-includes/script-loader.php

    r4949 r5007  
    7979                        $ver .= '&' . $this->args[$handle];
    8080                    $src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_option( 'siteurl' ) . $this->scripts[$handle]->src;
    81                     $src = add_query_arg('ver', $ver, $src);
     81                    $src = attribute_escape(add_query_arg('ver', $ver, $src));
    8282                    echo "<script type='text/javascript' src='$src'></script>\n";
    8383                }
Note: See TracChangeset for help on using the changeset viewer.