Changeset 5058 for branches/2.0/wp-includes/template-functions-links.php

Timestamp:

03/17/2007 09:04:56 AM (18 years ago)

Author:

markjaquith

Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.0.

File:

• branches/2.0/wp-includes/template-functions-links.php (modified) (2 diffs)

branches/2.0/wp-includes/template-functions-links.php

@@ -459 +459 @@
 
 function next_posts($max_page = 0) {
-    echo attribute_escape(get_next_posts_page_link($max_page));
+    echo clean_url(get_next_posts_page_link($max_page));
 }
 
@@ -496 +496 @@
 
 function previous_posts() {
-    echo attribute_escape(get_previous_posts_page_link());
+    echo clean_url(get_previous_posts_page_link());
 }