WordPress.org

Plugin Directory

Changeset 621554


Ignore:
Timestamp:
11/06/12 04:17:10 (18 months ago)
Author:
mdawaffe
Message:

Sharing: Improve sanitation for Custom Service's Icons

esc_attr( ... esc_url_raw( ... ) ... ) is technically more correct. The old way was not dangerous.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • jetpack/trunk/modules/sharedaddy/sharing-sources.php

    r621466 r621554  
    934934    public function get_display( $post ) { 
    935935        $str = $this->get_link( get_permalink( $post->ID ), esc_html( $this->name ), __( 'Click to share', 'jetpack' ), 'share='.$this->id ); 
    936         return str_replace( '<span>', '<span style="background-image:url(' . esc_url( $this->icon ) . ');">', $str ); 
     936        return str_replace( '<span>', '<span style="' . esc_attr( 'background-image:url(' . esc_url_raw( $this->icon ) . ');' ) . '">', $str ); 
    937937    } 
    938938 
Note: See TracChangeset for help on using the changeset viewer.