Make WordPress Core


Ignore:
Timestamp:
03/17/2007 08:47:29 AM (18 years ago)
Author:
markjaquith
Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.1.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/wp-includes/link-template.php

    r5046 r5057  
    460460
    461461function next_posts($max_page = 0) {
    462     echo attribute_escape(get_next_posts_page_link($max_page));
     462    echo clean_url(get_next_posts_page_link($max_page));
    463463}
    464464
     
    490490
    491491function previous_posts() {
    492     echo attribute_escape(get_previous_posts_page_link());
     492    echo clean_url(get_previous_posts_page_link());
    493493}
    494494
Note: See TracChangeset for help on using the changeset viewer.