Changeset 5058 for branches/2.0/wp-includes/links.php

Timestamp:

03/17/2007 09:04:56 AM (18 years ago)

Author:

markjaquith

Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.0.

File:

• branches/2.0/wp-includes/links.php (modified) (1 diff)

branches/2.0/wp-includes/links.php

@@ -213 +213 @@
         $the_link = '#';
         if (!empty($row->link_url))
-            $the_link = attribute_escape($row->link_url);
+            $the_link = clean_url($row->link_url);
 
         $rel = $row->link_rel;