Message info
 
To:wp-svn@lists.automattic.com From:m@wordpress.org Subject:[wp-svn] [21084] branches/3.3/wp-includes/link-template.php: Always escape the output of get_pagenum_link(). Date:Fri, 15 Jun 2012 17:02:39 +0000 (UTC)
 

Revision
21084
Author
markjaquith
Date
2012-06-15 17:02:39 +0000 (Fri, 15 Jun 2012)

Log Message

Always escape the output of get_pagenum_link(). fixes #14556 for the 3.3 branch.

Modified Paths

Diff

Modified: branches/3.3/wp-includes/link-template.php (21083 => 21084)


--- branches/3.3/wp-includes/link-template.php	2012-06-15 16:57:32 UTC (rev 21083)
+++ branches/3.3/wp-includes/link-template.php	2012-06-15 17:02:39 UTC (rev 21084)
@@ -1375,9 +1375,11 @@
  * @since 1.5.0
  *
  * @param int $pagenum Optional. Page ID.
+ * @param bool $escape Optional. Whether to escape the URL for display, with esc_url(). Defaults to true.
+* 	Otherwise, prepares the URL with esc_url_raw().
  * @return string
  */
-function get_pagenum_link($pagenum = 1) {
+function get_pagenum_link($pagenum = 1, $escape = true ) {
 	global $wp_rewrite;
 
 	$pagenum = (int) $pagenum;
@@ -1428,7 +1430,10 @@
 
 	$result = apply_filters('get_pagenum_link', $result);
 
-	return $result;
+	if ( $escape )
+		return esc_url( $result );
+	else
+		return esc_url_raw( $result );
 }
 
 /**