Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-27 06:42:56 +02:00
Code Issues Projects Releases Wiki Activity

Ensure post titles are correctly escaped on the Dashboard.

Browse Source 
Props helen, ocean90, dd32, pento.


Built from https://develop.svn.wordpress.org/trunk@32175


git-svn-id: http://core.svn.wordpress.org/trunk@32150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Gary Pendergast 2015-04-20 07:39:25 +00:00
parent 2bb5d8529f
commit e3f1f8fed1
6 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/includes/class-wp-comments-list-table.php
View File

@ -561,9 +561,9 @@ class WP_Comments_List_Table extends WP_List_Table {
if ( current_user_can( 'edit_post', $post->ID ) ) { if ( current_user_can( 'edit_post', $post->ID ) ) {
$post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>"; $post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
$post_link .= get_the_title( $post->ID ) . '</a>'; $post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
} else { } else {
$post_link = get_the_title( $post->ID ); $post_link = esc_html( get_the_title( $post->ID ) );
} }
echo '<div class="response-links"><span class="post-com-count-wrapper">'; echo '<div class="response-links"><span class="post-com-count-wrapper">';

2
wp-admin/includes/dashboard.php
View File

@ -520,7 +520,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) { function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
$GLOBALS['comment'] =& $comment; $GLOBALS['comment'] =& $comment;
$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); $comment_post_title = _draft_or_post_title( $comment->comment_post_ID );
if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) { if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
$comment_post_url = get_edit_post_link( $comment->comment_post_ID ); $comment_post_url = get_edit_post_link( $comment->comment_post_ID );

2
wp-admin/includes/template.php
View File

@ -1556,7 +1556,7 @@ function _draft_or_post_title( $post = 0 ) {
$title = get_the_title( $post ); $title = get_the_title( $post );
if ( empty( $title ) ) if ( empty( $title ) )
$title = __( '(no title)' ); $title = __( '(no title)' );
return $title; return esc_html( $title );
} }
/** /**

4
wp-admin/js/nav-menu.js
View File

@ -463,14 +463,14 @@ var wpNavMenu;
if ( ! isPrimaryMenuItem ) { if ( ! isPrimaryMenuItem ) {
thisLink = menuItem.find( '.menus-move-left' ), thisLink = menuItem.find( '.menus-move-left' ),
thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft ); thisLinkText = menus.outFrom.replace( '%s', prevItemNameLeft );
thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).html( thisLinkText ).css( 'display', 'inline' ); thisLink.prop( 'title', menus.moveOutFrom.replace( '%s', prevItemNameLeft ) ).text( thisLinkText ).css( 'display', 'inline' );
} }
if ( 0 !== position ) { if ( 0 !== position ) {
if ( menuItem.find( '.menu-item-data-parent-id' ).val() !== menuItem.prev().find( '.menu-item-data-db-id' ).val() ) { if ( menuItem.find( '.menu-item-data-parent-id' ).val() !== menuItem.prev().find( '.menu-item-data-db-id' ).val() ) {
thisLink = menuItem.find( '.menus-move-right' ), thisLink = menuItem.find( '.menus-move-right' ),
thisLinkText = menus.under.replace( '%s', prevItemNameRight ); thisLinkText = menus.under.replace( '%s', prevItemNameRight );
thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).html( thisLinkText ).css( 'display', 'inline' ); thisLink.prop( 'title', menus.moveUnder.replace( '%s', prevItemNameRight ) ).text( thisLinkText ).css( 'display', 'inline' );
} }
} }

2
wp-admin/js/nav-menu.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.2-RC1-32173'; $wp_version = '4.2-RC1-32175';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.