WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 8 years ago

#2358 closed defect (bug) (duplicate)

Transform HTML Special Chars in comment-functions.php:comments_popup_link()

Reported by: tsaiid Owned by:
Milestone: Priority: low
Severity: minor Version: 2.0
Component: General Keywords: validation bg|has-patch
Focuses: Cc:

Description

Because the post title may contain some html special chars, I recommend that use htmlspecialchars() in comments_popup_link() to make the page validated. Thx.

--- comment-functions.php.old   Sun Jan 29 23:17:21 2006
+++ comment-functions.php       Sun Jan 29 23:08:08 2006
@@ -310,7 +310,7 @@
                if (!empty($CSSclass)) {
                        echo ' class="'.$CSSclass.'"';
                }
-               echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+               echo ' title="' . sprintf( __('Comment on %s'), htmlspecialchars($post->post_title) ) .'">';
                comments_number($zero, $one, $more, $number);
                echo '</a>';
        }

Change History (2)

comment:1 @davidhouse9 years ago

  • Keywords bg|has-patch added

comment:2 @mdawaffe8 years ago

  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.