Make WordPress Core


Ignore:
Timestamp:
03/17/2007 08:46:59 AM (18 years ago)
Author:
markjaquith
Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/link-template.php

    r5045 r5056  
    504504
    505505function next_posts($max_page = 0) {
    506     echo attribute_escape(get_next_posts_page_link($max_page));
     506    echo clean_url(get_next_posts_page_link($max_page));
    507507}
    508508
     
    534534
    535535function previous_posts() {
    536     echo attribute_escape(get_previous_posts_page_link());
     536    echo clean_url(get_previous_posts_page_link());
    537537}
    538538
Note: See TracChangeset for help on using the changeset viewer.