diff --git a/wp-admin/link-categories.php b/wp-admin/link-categories.php index aa37102474..8159067a8f 100644 --- a/wp-admin/link-categories.php +++ b/wp-admin/link-categories.php @@ -121,7 +121,7 @@ switch ($action) {
-

Edit “cat_name?>” Category

+

Edit “cat_name)?>” Category

@@ -131,7 +131,7 @@ switch ($action) { - + @@ -332,7 +332,7 @@ foreach ($results as $row) { $style = ($i % 2) ? ' class="alternate"' : ''; ?> style="border-bottom: 1px dotted #9C9A9C;"> - + diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index e37a2cbc9f..022928f183 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -312,17 +312,17 @@ switch ($action) { WHERE link_id = $link_id"); if ($row) { - $link_url = $row->link_url; - $link_name = $row->link_name; + $link_url = htmlspecialchars($row->link_url); + $link_name = htmlspecialchars($row->link_name); $link_image = $row->link_image; $link_target = $row->link_target; $link_category = $row->link_category; - $link_description = $row->link_description; + $link_description = htmlspecialchars($row->link_description); $link_visible = $row->link_visible; $link_rating = $row->link_rating; $link_rel = $row->link_rel; - $link_notes = $row->link_notes; - $link_rss_uri = $row->link_rss; + $link_notes = htmlspecialchars($row->link_notes); + $link_rss_uri = htmlspecialchars($row->link_rss); } ?> @@ -690,6 +690,10 @@ function checkAll(form) $links = $wpdb->get_results($sql); if ($links) { foreach ($links as $link) { + $link->link_name = htmlspecialchars($link->link_name); + $link->link_category = htmlspecialchars($link->link_category); + $link->link_description = htmlspecialchars($link->link_description); + $link->link_url = htmlspecialchars($link->link_url); $short_url = str_replace('http://', '', $link->link_url); $short_url = str_replace('www.', '', $short_url); if ('/' == substr($short_url, -1))
cat_name?>cat_name)?> cat_id?> auto_toggle?> show_images?>