Changeset 5045

Timestamp:

03/16/2007 08:04:24 AM (16 years ago)

Author:

markjaquith

Message:

Sanitize output of previous_posts() and next_posts(). Props Alex Concha for the report.

File:

• trunk/wp-includes/link-template.php (modified) (5 diffs)

trunk/wp-includes/link-template.php

@@ -423 +423 @@
     global $wp_rewrite;
 
-    $qstr = wp_specialchars($_SERVER['REQUEST_URI']);
+    $qstr = $_SERVER['REQUEST_URI'];
 
     $page_querystring = "paged";
@@ -491 +491 @@
 }
 
-function next_posts($max_page = 0) { // original by cfactor at cooltux.org
+function get_next_posts_page_link($max_page = 0) {
     global $paged, $pagenow;
 
@@ -499 +499 @@
         $nextpage = intval($paged) + 1;
         if ( !$max_page || $max_page >= $nextpage )
-            echo get_pagenum_link($nextpage);
-    }
+            return get_pagenum_link($nextpage);
+    }
+}
+
+function next_posts($max_page = 0) {
+    echo attribute_escape(get_next_posts_page_link($max_page));
 }
 
@@ -518 +522 @@
 }
 
-
-function previous_posts() { // original by cfactor at cooltux.org
+function get_previous_posts_page_link() {
     global $paged, $pagenow;
 
@@ -526 +529 @@
         if ( $nextpage < 1 )
             $nextpage = 1;
-        echo get_pagenum_link($nextpage);
-    }
-}
-
+        return get_pagenum_link($nextpage);
+    }
+}
+
+function previous_posts() {
+    echo attribute_escape(get_previous_posts_page_link());
+}
 
 function previous_posts_link($label='&laquo; Previous Page') {