Make WordPress Core

Changeset 5046


Ignore:
Timestamp:
03/16/2007 08:04:44 AM (18 years ago)
Author:
markjaquith
Message:

Sanitize output of previous_posts() and next_posts(). Props Alex Concha for the report.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/wp-includes/link-template.php

    r4721 r5046  
    380380    global $wp_rewrite;
    381381
    382     $qstr = wp_specialchars($_SERVER['REQUEST_URI']);
     382    $qstr = $_SERVER['REQUEST_URI'];
    383383
    384384    $page_querystring = "paged";
     
    447447}
    448448
    449 function next_posts($max_page = 0) { // original by cfactor at cooltux.org
     449function get_next_posts_page_link($max_page = 0) {
    450450    global $paged, $pagenow;
    451451
     
    455455        $nextpage = intval($paged) + 1;
    456456        if ( !$max_page || $max_page >= $nextpage )
    457             echo get_pagenum_link($nextpage);
    458     }
     457            return get_pagenum_link($nextpage);
     458    }
     459}
     460
     461function next_posts($max_page = 0) {
     462    echo attribute_escape(get_next_posts_page_link($max_page));
    459463}
    460464
     
    474478}
    475479
    476 
    477 function previous_posts() { // original by cfactor at cooltux.org
     480function get_previous_posts_page_link() {
    478481    global $paged, $pagenow;
    479482
     
    482485        if ( $nextpage < 1 )
    483486            $nextpage = 1;
    484         echo get_pagenum_link($nextpage);
    485     }
    486 }
    487 
     487        return get_pagenum_link($nextpage);
     488    }
     489}
     490
     491function previous_posts() {
     492    echo attribute_escape(get_previous_posts_page_link());
     493}
    488494
    489495function previous_posts_link($label='&laquo; Previous Page') {
Note: See TracChangeset for help on using the changeset viewer.