Show
Ignore:
Timestamp:
03/17/07 08:47:29 (2 years ago)
Author:
markjaquith
Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.1.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/2.1/wp-admin/edit-page-form.php

    r4760 r5057  
    1414} 
    1515 
    16 $sendto = attribute_escape(stripslashes(wp_get_referer())); 
     16$sendto = clean_url(stripslashes(wp_get_referer())); 
    1717 
    1818if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )