Changeset 5057 for branches/2.1/wp-admin/link-manager.php

Timestamp:

03/17/2007 08:47:29 AM (19 years ago)

Author:

markjaquith

Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.1.

File:

• branches/2.1/wp-admin/link-manager.php (modified) (1 diff)

branches/2.1/wp-admin/link-manager.php

@@ -134 +134 @@
         $link->link_name = attribute_escape($link->link_name);
         $link->link_description = wp_specialchars($link->link_description);
-        $link->link_url = attribute_escape($link->link_url);
+        $link->link_url = clean_url($link->link_url);
         $link->link_category = wp_get_link_cats($link->link_id);
         $short_url = str_replace('http://', '', $link->link_url);