From be127956e0ce80e9bca1380c89d0fb5169dae73b Mon Sep 17 00:00:00 2001
From: Gary Pendergast <gary@pento.net>
Date: Wed, 9 Jan 2019 06:11:51 +0000
Subject: [PATCH] Bundled Themes: Run the `pingback_url` through `esc_url()`.

Twenties Ten through Seventeen have been updated to properly escape the pingback URL. Twenty Nineteen is already escaping the URL.

Props soulseekah, sharaz.
Fixes #43717.


Built from https://develop.svn.wordpress.org/trunk@44500


git-svn-id: http://core.svn.wordpress.org/trunk@44331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-content/themes/twentyeleven/header.php       | 2 +-
 wp-content/themes/twentyfifteen/header.php      | 2 +-
 wp-content/themes/twentyfourteen/header.php     | 2 +-
 wp-content/themes/twentyseventeen/functions.php | 2 +-
 wp-content/themes/twentysixteen/header.php      | 2 +-
 wp-content/themes/twentyten/header.php          | 2 +-
 wp-content/themes/twentythirteen/header.php     | 2 +-
 wp-content/themes/twentytwelve/header.php       | 2 +-
 wp-includes/version.php                         | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/wp-content/themes/twentyeleven/header.php b/wp-content/themes/twentyeleven/header.php
index 78e9264f85..e27cac9316 100644
--- a/wp-content/themes/twentyeleven/header.php
+++ b/wp-content/themes/twentyeleven/header.php
@@ -49,7 +49,7 @@ if ( ( $paged >= 2 || $page >= 2 ) && ! is_404() ) {
 	</title>
 <link rel="profile" href="http://gmpg.org/xfn/11" />
 <link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>" />
-<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" />
+<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 <!--[if lt IE 9]>
 <script src="<?php echo get_template_directory_uri(); ?>/js/html5.js" type="text/javascript"></script>
 <![endif]-->
diff --git a/wp-content/themes/twentyfifteen/header.php b/wp-content/themes/twentyfifteen/header.php
index dfb281f342..a6a43c2b90 100644
--- a/wp-content/themes/twentyfifteen/header.php
+++ b/wp-content/themes/twentyfifteen/header.php
@@ -14,7 +14,7 @@
 	<meta charset="<?php bloginfo( 'charset' ); ?>">
 	<meta name="viewport" content="width=device-width">
 	<link rel="profile" href="http://gmpg.org/xfn/11">
-	<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
+	<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 	<!--[if lt IE 9]>
 	<script src="<?php echo esc_url( get_template_directory_uri() ); ?>/js/html5.js"></script>
 	<![endif]-->
diff --git a/wp-content/themes/twentyfourteen/header.php b/wp-content/themes/twentyfourteen/header.php
index 3207e73574..1de76b341f 100644
--- a/wp-content/themes/twentyfourteen/header.php
+++ b/wp-content/themes/twentyfourteen/header.php
@@ -23,7 +23,7 @@
 	<meta name="viewport" content="width=device-width">
 	<title><?php wp_title( '|', true, 'right' ); ?></title>
 	<link rel="profile" href="http://gmpg.org/xfn/11">
-	<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
+	<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 	<!--[if lt IE 9]>
 	<script src="<?php echo get_template_directory_uri(); ?>/js/html5.js"></script>
 	<![endif]-->
diff --git a/wp-content/themes/twentyseventeen/functions.php b/wp-content/themes/twentyseventeen/functions.php
index 90e3fd3de0..a8f10773f9 100644
--- a/wp-content/themes/twentyseventeen/functions.php
+++ b/wp-content/themes/twentyseventeen/functions.php
@@ -410,7 +410,7 @@ add_action( 'wp_head', 'twentyseventeen_javascript_detection', 0 );
  */
 function twentyseventeen_pingback_header() {
 	if ( is_singular() && pings_open() ) {
-		printf( '<link rel="pingback" href="%s">' . "\n", get_bloginfo( 'pingback_url' ) );
+		printf( '<link rel="pingback" href="%s">' . "\n", esc_url( get_bloginfo( 'pingback_url' ) ) );
 	}
 }
 add_action( 'wp_head', 'twentyseventeen_pingback_header' );
diff --git a/wp-content/themes/twentysixteen/header.php b/wp-content/themes/twentysixteen/header.php
index cb88d6e027..41159f122d 100644
--- a/wp-content/themes/twentysixteen/header.php
+++ b/wp-content/themes/twentysixteen/header.php
@@ -16,7 +16,7 @@
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<link rel="profile" href="http://gmpg.org/xfn/11">
 	<?php if ( is_singular() && pings_open( get_queried_object() ) ) : ?>
-	<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
+	<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 	<?php endif; ?>
 	<?php wp_head(); ?>
 </head>
diff --git a/wp-content/themes/twentyten/header.php b/wp-content/themes/twentyten/header.php
index d62acee0d1..1a4b35afea 100644
--- a/wp-content/themes/twentyten/header.php
+++ b/wp-content/themes/twentyten/header.php
@@ -39,7 +39,7 @@ if ( ( $paged >= 2 || $page >= 2 ) && ! is_404() ) {
 	</title>
 <link rel="profile" href="http://gmpg.org/xfn/11" />
 <link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>" />
-<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" />
+<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 <?php
 	/*
 	 * We add some JavaScript to pages with the comment form
diff --git a/wp-content/themes/twentythirteen/header.php b/wp-content/themes/twentythirteen/header.php
index 8343d76af2..31fbfaba07 100644
--- a/wp-content/themes/twentythirteen/header.php
+++ b/wp-content/themes/twentythirteen/header.php
@@ -23,7 +23,7 @@
 	<meta name="viewport" content="width=device-width">
 	<title><?php wp_title( '|', true, 'right' ); ?></title>
 	<link rel="profile" href="http://gmpg.org/xfn/11">
-	<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>">
+	<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 	<!--[if lt IE 9]>
 	<script src="<?php echo get_template_directory_uri(); ?>/js/html5.js"></script>
 	<![endif]-->
diff --git a/wp-content/themes/twentytwelve/header.php b/wp-content/themes/twentytwelve/header.php
index cbd555c31c..107c0a1850 100644
--- a/wp-content/themes/twentytwelve/header.php
+++ b/wp-content/themes/twentytwelve/header.php
@@ -23,7 +23,7 @@
 <meta name="viewport" content="width=device-width" />
 <title><?php wp_title( '|', true, 'right' ); ?></title>
 <link rel="profile" href="http://gmpg.org/xfn/11" />
-<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" />
+<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 <?php // Loads HTML5 JavaScript file to add support for HTML5 elements in older IE versions. ?>
 <!--[if lt IE 9]>
 <script src="<?php echo get_template_directory_uri(); ?>/js/html5.js" type="text/javascript"></script>
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 27a587c9eb..9b2c5d23c6 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.1-alpha-44499';
+$wp_version = '5.1-alpha-44500';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.