WordPress.org

Make WordPress Core

Changeset 5047


Ignore:
Timestamp:
03/16/07 08:04:52 (7 years ago)
Author:
markjaquith
Message:

Sanitize output of previous_posts() and next_posts(). Props Alex Concha for the report.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-includes/template-functions-links.php

    r3823 r5047  
    379379    global $wp_rewrite; 
    380380 
    381     $qstr = wp_specialchars($_SERVER['REQUEST_URI']); 
     381    $qstr = $_SERVER['REQUEST_URI']; 
    382382 
    383383    $page_querystring = "paged";  
     
    446446} 
    447447 
    448 function next_posts($max_page = 0) { // original by cfactor at cooltux.org 
     448function get_next_posts_page_link($max_page = 0) { 
    449449    global $paged, $pagenow; 
    450450 
     
    454454        $nextpage = intval($paged) + 1; 
    455455        if ( !$max_page || $max_page >= $nextpage ) 
    456             echo get_pagenum_link($nextpage); 
    457     } 
     456            return get_pagenum_link($nextpage); 
     457    } 
     458} 
     459 
     460function next_posts($max_page = 0) { 
     461    echo attribute_escape(get_next_posts_page_link($max_page)); 
    458462} 
    459463 
     
    480484} 
    481485 
    482  
    483 function previous_posts() { // original by cfactor at cooltux.org 
     486function get_previous_posts_page_link() { 
    484487    global $paged, $pagenow; 
    485488 
     
    488491        if ( $nextpage < 1 ) 
    489492            $nextpage = 1; 
    490         echo get_pagenum_link($nextpage); 
    491     } 
    492 } 
    493  
     493        return get_pagenum_link($nextpage); 
     494    } 
     495} 
     496 
     497function previous_posts() { 
     498    echo attribute_escape(get_previous_posts_page_link()); 
     499} 
    494500 
    495501function previous_posts_link($label='&laquo; Previous Page') { 
Note: See TracChangeset for help on using the changeset viewer.