Merge pull request #255 from kwighta8c/escaping

_s: Escape URLs in image.php.
This commit is contained in:
Konstantin Obenland 2013-07-11 11:53:28 -07:00
commit 418d31dea4
1 changed files with 4 additions and 4 deletions

View File

@ -23,10 +23,10 @@ get_header();
printf( __( 'Published <span class="entry-date"><time class="entry-date" datetime="%1$s">%2$s</time></span> at <a href="%3$s" title="Link to full-size image">%4$s &times; %5$s</a> in <a href="%6$s" title="Return to %7$s" rel="gallery">%8$s</a>', '_s' ), printf( __( 'Published <span class="entry-date"><time class="entry-date" datetime="%1$s">%2$s</time></span> at <a href="%3$s" title="Link to full-size image">%4$s &times; %5$s</a> in <a href="%6$s" title="Return to %7$s" rel="gallery">%8$s</a>', '_s' ),
esc_attr( get_the_date( 'c' ) ), esc_attr( get_the_date( 'c' ) ),
esc_html( get_the_date() ), esc_html( get_the_date() ),
wp_get_attachment_url(), esc_url( wp_get_attachment_url() ),
$metadata['width'], $metadata['width'],
$metadata['height'], $metadata['height'],
get_permalink( $post->post_parent ), esc_url( get_permalink( $post->post_parent ) ),
esc_attr( strip_tags( get_the_title( $post->post_parent ) ) ), esc_attr( strip_tags( get_the_title( $post->post_parent ) ) ),
get_the_title( $post->post_parent ) get_the_title( $post->post_parent )
); );
@ -66,9 +66,9 @@ get_header();
<footer class="entry-meta"> <footer class="entry-meta">
<?php <?php
if ( comments_open() && pings_open() ) : // Comments and trackbacks open if ( comments_open() && pings_open() ) : // Comments and trackbacks open
printf( __( '<a class="comment-link" href="#respond" title="Post a comment">Post a comment</a> or leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', '_s' ), get_trackback_url() ); printf( __( '<a class="comment-link" href="#respond" title="Post a comment">Post a comment</a> or leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', '_s' ), esc_url( get_trackback_url() ) );
elseif ( ! comments_open() && pings_open() ) : // Only trackbacks open elseif ( ! comments_open() && pings_open() ) : // Only trackbacks open
printf( __( 'Comments are closed, but you can leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', '_s' ), get_trackback_url() ); printf( __( 'Comments are closed, but you can leave a trackback: <a class="trackback-link" href="%s" title="Trackback URL for your post" rel="trackback">Trackback URL</a>.', '_s' ), esc_url( get_trackback_url() ) );
elseif ( comments_open() && ! pings_open() ) : // Only comments open elseif ( comments_open() && ! pings_open() ) : // Only comments open
_e( 'Trackbacks are closed, but you can <a class="comment-link" href="#respond" title="Post a comment">post a comment</a>.', '_s' ); _e( 'Trackbacks are closed, but you can <a class="comment-link" href="#respond" title="Post a comment">post a comment</a>.', '_s' );
elseif ( ! comments_open() && ! pings_open() ) : // Comments and trackbacks closed elseif ( ! comments_open() && ! pings_open() ) : // Comments and trackbacks closed