WordPress.org

Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#2358 closed defect (bug) (duplicate)

Transform HTML Special Chars in comment-functions.php:comments_popup_link()

Reported by: tsaiid Owned by:
Milestone: Priority: low
Severity: minor Version: 2.0
Component: General Keywords: validation bg|has-patch
Focuses: Cc:

Description

Because the post title may contain some html special chars, I recommend that use htmlspecialchars() in comments_popup_link() to make the page validated. Thx. 

--- comment-functions.php.old   Sun Jan 29 23:17:21 2006
+++ comment-functions.php       Sun Jan 29 23:08:08 2006
@@ -310,7 +310,7 @@
                if (!empty($CSSclass)) {
                        echo ' class="'.$CSSclass.'"';
                }
-               echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+               echo ' title="' . sprintf( __('Comment on %s'), htmlspecialchars($post->post_title) ) .'">';
                comments_number($zero, $one, $more, $number);
                echo '</a>';
        }

Change History (2)

#1 @davidhouse
12 years ago

  • Keywords bg|has-patch added

#2 @mdawaffe
12 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

[3874] [3995]

#2625 #2915

Fixed.

Note: See TracTickets for help on using tickets.