Skip to:
Content

bbPress.org


Ignore:
Timestamp:
07/17/2013 07:35:03 PM (11 years ago)
Author:
johnjamesjacoby
Message:

For all template functions that output URL's, always echo an escaped value using esc_url(). See #2367.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/replies/template-tags.php

    r4995 r5037  
    367367 */
    368368function bbp_reply_permalink( $reply_id = 0 ) {
    369     echo bbp_get_reply_permalink( $reply_id );
     369    echo esc_url( bbp_get_reply_permalink( $reply_id ) );
    370370}
    371371    /**
     
    395395 */
    396396function bbp_reply_url( $reply_id = 0 ) {
    397     echo bbp_get_reply_url( $reply_id );
     397    echo esc_url( bbp_get_reply_url( $reply_id ) );
    398398}
    399399    /**
     
    11811181 */
    11821182function bbp_reply_author_url( $reply_id = 0 ) {
    1183     echo bbp_get_reply_author_url( $reply_id );
     1183    echo esc_url( bbp_get_reply_author_url( $reply_id ) );
    11841184}
    11851185    /**
     
    18521852 */
    18531853function bbp_reply_edit_url( $reply_id = 0 ) {
    1854     echo bbp_get_reply_edit_url( $reply_id );
     1854    echo esc_url( bbp_get_reply_edit_url( $reply_id ) );
    18551855}
    18561856    /**
Note: See TracChangeset for help on using the changeset viewer.