WordPress.org

Make WordPress Core

Changeset 5046


Ignore:
Timestamp:
03/16/07 08:04:44 (8 years ago)
Author:
markjaquith
Message:

Sanitize output of previous_posts() and next_posts(). Props Alex Concha for the report.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/wp-includes/link-template.php

    r4721 r5046  
    380380    global $wp_rewrite; 
    381381 
    382     $qstr = wp_specialchars($_SERVER['REQUEST_URI']); 
     382    $qstr = $_SERVER['REQUEST_URI']; 
    383383 
    384384    $page_querystring = "paged"; 
     
    447447} 
    448448 
    449 function next_posts($max_page = 0) { // original by cfactor at cooltux.org 
     449function get_next_posts_page_link($max_page = 0) { 
    450450    global $paged, $pagenow; 
    451451 
     
    455455        $nextpage = intval($paged) + 1; 
    456456        if ( !$max_page || $max_page >= $nextpage ) 
    457             echo get_pagenum_link($nextpage); 
    458     } 
     457            return get_pagenum_link($nextpage); 
     458    } 
     459} 
     460 
     461function next_posts($max_page = 0) { 
     462    echo attribute_escape(get_next_posts_page_link($max_page)); 
    459463} 
    460464 
     
    474478} 
    475479 
    476  
    477 function previous_posts() { // original by cfactor at cooltux.org 
     480function get_previous_posts_page_link() { 
    478481    global $paged, $pagenow; 
    479482 
     
    482485        if ( $nextpage < 1 ) 
    483486            $nextpage = 1; 
    484         echo get_pagenum_link($nextpage); 
    485     } 
    486 } 
    487  
     487        return get_pagenum_link($nextpage); 
     488    } 
     489} 
     490 
     491function previous_posts() { 
     492    echo attribute_escape(get_previous_posts_page_link()); 
     493} 
    488494 
    489495function previous_posts_link($label='&laquo; Previous Page') { 
Note: See TracChangeset for help on using the changeset viewer.