From bf92d8a32390197af7a4db4a9ce8afdb4eb9e50c Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 6 May 2009 04:56:32 +0000 Subject: [PATCH] Escape title attributes in calendar links. fixes #8967 git-svn-id: http://svn.automattic.com/wordpress/trunk@11215 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 9 +++------ wp-includes/general-template.php | 3 +-- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 3207ba050..38c670b98 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -200,8 +200,7 @@ function seems_utf8($Str) { # by bmorel at ssi dot fr * @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false. * @return string The encoded text with HTML entities. */ -function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) -{ +function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { $string = (string) $string; if ( 0 === strlen( $string ) ) { @@ -277,8 +276,7 @@ function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. * @return string The decoded text without HTML entities. */ -function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) -{ +function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) { $string = (string) $string; if ( 0 === strlen( $string ) ) { @@ -335,8 +333,7 @@ function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. * @return string The checked text. */ -function wp_check_invalid_utf8( $string, $strip = false ) -{ +function wp_check_invalid_utf8( $string, $strip = false ) { $string = (string) $string; if ( 0 === strlen( $string ) ) { diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index 1a6f5ec20..ea4e41336 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -1076,8 +1076,7 @@ function get_calendar($initial = true) { if ( $ak_post_titles ) { foreach ( (array) $ak_post_titles as $ak_post_title ) { - $post_title = apply_filters( "the_title", $ak_post_title->post_title ); - $post_title = str_replace('"', '"', wptexturize( $post_title )); + $post_title = esc_attr( apply_filters( 'the_title', $ak_post_title->post_title ) ); if ( empty($ak_titles_for_day['day_'.$ak_post_title->dom]) ) $ak_titles_for_day['day_'.$ak_post_title->dom] = '';