Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#23334 closed defect (bug) (fixed)

Use the proper function to escape WP.org links

Reported by: SergeyBiryukov Owned by: SergeyBiryukov
Milestone: 3.6 Priority: normal
Severity: normal Version:
Component: Formatting Keywords: has-patch
Focuses: Cc:


We use esc_attr_e() in some places:

<a href="<?php esc_attr_e( 'http://wordpress.org/' ); ?>"><?php _e( 'WordPress' ); ?></a>

esc_url( __( 'http://wordpress.org/' ) ) should be used instead.

Attachments (1)

23334.patch (4.0 KB) - added by SergeyBiryukov 9 years ago.

Download all attachments as: .zip

Change History (5)

#2 @DrewAPicture
9 years ago

+1, 23334.patch looks good to me.

#3 @SergeyBiryukov
9 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 23413:

Use correct escaping function. fixes #23334.

#4 @SergeyBiryukov
9 years ago

In 23455:

Revert to esc_attr_e() in setup-config.php to prevent a fatal error.
kses.php is not loaded at this point, so esc_url() cannot be used.

props csixty4, JustinSainton.
fixes #23516. see #23334.

Note: See TracTickets for help on using tickets.