Make WordPress Core


Ignore:
Timestamp:
03/16/2007 08:04:52 AM (18 years ago)
Author:
markjaquith
Message:

Sanitize output of previous_posts() and next_posts(). Props Alex Concha for the report.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-includes/template-functions-links.php

    r3823 r5047  
    379379    global $wp_rewrite;
    380380
    381     $qstr = wp_specialchars($_SERVER['REQUEST_URI']);
     381    $qstr = $_SERVER['REQUEST_URI'];
    382382
    383383    $page_querystring = "paged";
     
    446446}
    447447
    448 function next_posts($max_page = 0) { // original by cfactor at cooltux.org
     448function get_next_posts_page_link($max_page = 0) {
    449449    global $paged, $pagenow;
    450450
     
    454454        $nextpage = intval($paged) + 1;
    455455        if ( !$max_page || $max_page >= $nextpage )
    456             echo get_pagenum_link($nextpage);
    457     }
     456            return get_pagenum_link($nextpage);
     457    }
     458}
     459
     460function next_posts($max_page = 0) {
     461    echo attribute_escape(get_next_posts_page_link($max_page));
    458462}
    459463
     
    480484}
    481485
    482 
    483 function previous_posts() { // original by cfactor at cooltux.org
     486function get_previous_posts_page_link() {
    484487    global $paged, $pagenow;
    485488
     
    488491        if ( $nextpage < 1 )
    489492            $nextpage = 1;
    490         echo get_pagenum_link($nextpage);
    491     }
    492 }
    493 
     493        return get_pagenum_link($nextpage);
     494    }
     495}
     496
     497function previous_posts() {
     498    echo attribute_escape(get_previous_posts_page_link());
     499}
    494500
    495501function previous_posts_link($label='&laquo; Previous Page') {
Note: See TracChangeset for help on using the changeset viewer.