Ticket #3986: clean_url-includes_a-l.diff
| File clean_url-includes_a-l.diff, 5.1 kB (added by ryan, 2 years ago) |
|---|
-
link-template.php
old new 503 503 } 504 504 505 505 function next_posts($max_page = 0) { 506 echo attribute_escape(get_next_posts_page_link($max_page));506 echo clean_url(get_next_posts_page_link($max_page)); 507 507 } 508 508 509 509 function next_posts_link($label='Next Page »', $max_page=0) { … … 533 533 } 534 534 535 535 function previous_posts() { 536 echo attribute_escape(get_previous_posts_page_link());536 echo clean_url(get_previous_posts_page_link()); 537 537 } 538 538 539 539 function previous_posts_link($label='« Previous Page') { -
general-template.php
old new 297 297 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 298 298 $text = wptexturize($text); 299 299 $title_text = attribute_escape($text); 300 $url = clean_url($url); 300 301 301 302 if ('link' == $format) 302 303 return "\t<link rel='archives' title='$title_text' href='$url' />\n"; … … 985 986 $link = str_replace('%#%', $current - 1, $link); 986 987 if ( $add_args ) 987 988 $link = add_query_arg( $add_args, $link ); 988 $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape($link) . "'>$prev_text</a>";989 $page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>"; 989 990 endif; 990 991 for ( $n = 1; $n <= $total; $n++ ) : 991 992 if ( $n == $current ) : … … 997 998 $link = str_replace('%#%', $n, $link); 998 999 if ( $add_args ) 999 1000 $link = add_query_arg( $add_args, $link ); 1000 $page_links[] = "<a class='page-numbers' href='" . attribute_escape($link) . "'>$n</a>";1001 $page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n</a>"; 1001 1002 $dots = true; 1002 1003 elseif ( $dots && !$show_all ) : 1003 1004 $page_links[] = "<span class='page-numbers dots'>...</span>"; … … 1010 1011 $link = str_replace('%#%', $current + 1, $link); 1011 1012 if ( $add_args ) 1012 1013 $link = add_query_arg( $add_args, $link ); 1013 $page_links[] = "<a class='next page-numbers' href='" . attribute_escape($link) . "'>$next_text</a>";1014 $page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>"; 1014 1015 endif; 1015 1016 switch ( $type ) : 1016 1017 case 'array' : -
comment.php
old new 169 169 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 170 170 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 171 171 $comment_author_url = stripslashes($comment_author_url); 172 $comment_author_url = attribute_escape($comment_author_url);172 $comment_author_url = clean_url($comment_author_url); 173 173 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 174 174 } 175 175 } -
functions.php
old new 1272 1272 1273 1273 $adminurl = get_option('siteurl') . '/wp-admin'; 1274 1274 if ( wp_get_referer() ) 1275 $adminurl = attribute_escape(wp_get_referer());1275 $adminurl = clean_url(wp_get_referer()); 1276 1276 1277 1277 $title = __('WordPress Confirmation'); 1278 1278 // Remove extra layer of slashes. … … 1289 1289 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 1290 1290 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 1291 1291 } else { 1292 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";1292 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 1293 1293 } 1294 1294 $html .= "</body>\n</html>"; 1295 1295 wp_die($html, $title); -
bookmark-template.php
old new 96 96 $output .= get_option('links_recently_updated_prepend'); 97 97 $the_link = '#'; 98 98 if ( !empty($row->link_url) ) 99 $the_link = wp_specialchars($row->link_url);99 $the_link = clean_url($row->link_url); 100 100 $rel = $row->link_rel; 101 101 if ( '' != $rel ) 102 102 $rel = ' rel="' . $rel . '"'; … … 260 260 261 261 $the_link = '#'; 262 262 if ( !empty($bookmark->link_url) ) 263 $the_link = wp_specialchars($bookmark->link_url);263 $the_link = clean_url($bookmark->link_url); 264 264 265 265 $rel = $bookmark->link_rel; 266 266 if ( '' != $rel )
