Changeset 5056 for trunk/wp-includes/functions.php

Timestamp:

03/17/2007 08:46:59 AM (18 years ago)

Author:

markjaquith

Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for trunk.

File:

• trunk/wp-includes/functions.php (modified) (2 diffs)

trunk/wp-includes/functions.php

@@ -1273 +1273 @@
     $adminurl = get_option('siteurl') . '/wp-admin';
     if ( wp_get_referer() )
-        $adminurl = attribute_escape(wp_get_referer());
+        $adminurl = clean_url(wp_get_referer());
 
     $title = __('WordPress Confirmation');
@@ -1290 +1290 @@
         $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
     } else {
-        $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+        $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
     }
     $html .= "</body>\n</html>";