WordPress.org

Make WordPress Core

Opened 15 months ago

Closed 14 months ago

Last modified 14 months ago

#23334 closed defect (bug) (fixed)

Use the proper function to escape WP.org links

Reported by: SergeyBiryukov Owned by: SergeyBiryukov
Milestone: 3.6 Priority: normal
Severity: normal Version:
Component: Formatting Keywords: has-patch
Focuses: Cc:

Description

We use esc_attr_e() in some places:

<a href="<?php esc_attr_e( 'http://wordpress.org/' ); ?>"><?php _e( 'WordPress' ); ?></a>

esc_url( __( 'http://wordpress.org/' ) ) should be used instead.

Attachments (1)

23334.patch (4.0 KB) - added by SergeyBiryukov 15 months ago.

Download all attachments as: .zip

Change History (5)

SergeyBiryukov15 months ago

comment:2 DrewAPicture15 months ago

+1, 23334.patch looks good to me.

comment:3 SergeyBiryukov14 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 23413:

Use correct escaping function. fixes #23334.

comment:4 SergeyBiryukov14 months ago

In 23455:

Revert to esc_attr_e() in setup-config.php to prevent a fatal error.
kses.php is not loaded at this point, so esc_url() cannot be used.

props csixty4, JustinSainton.
fixes #23516. see #23334.

Note: See TracTickets for help on using tickets.