Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 3 months ago

#23334 closed defect (bug) (fixed)

Use the proper function to escape WP.org links

Reported by: sergeybiryukov's profile SergeyBiryukov Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 3.6 Priority: normal
Severity: normal Version:
Component: Formatting Keywords: has-patch
Focuses: Cc:

Description

We use esc_attr_e() in some places:

<a href="<?php esc_attr_e( 'http://wordpress.org/' ); ?>"><?php _e( 'WordPress' ); ?></a>

esc_url( __( 'http://wordpress.org/' ) ) should be used instead.

Attachments (1)

23334.patch (4.0 KB) - added by SergeyBiryukov 11 years ago.

Download all attachments as: .zip

Change History (5)

#2 @DrewAPicture
11 years ago

+1, 23334.patch looks good to me.

#3 @SergeyBiryukov
11 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 23413:

Use correct escaping function. fixes #23334.

#4 @SergeyBiryukov
11 years ago

In 23455:

Revert to esc_attr_e() in setup-config.php to prevent a fatal error.
kses.php is not loaded at this point, so esc_url() cannot be used.

props csixty4, JustinSainton.
fixes #23516. see #23334.

Note: See TracTickets for help on using tickets.