[wp-hackers] Quotes no longer escaped in get_links

Basil Crow lists at basilcrow.com
Sun Dec 19 02:13:51 UTC 2004

I have some items in the links manager that contain apostrophes in the 
description, such as "My friend's weblog." In calling get_links(), the 
$desc / $title variable in lines 185-186 doesn't escape the single 
quote, so when it is placed in the context of <a 
href='http://example.com/' rel='friend met' title='My friend's weblog'>, 
the apostrophe in the title attribute leads to incorrect and invalid 
markup. For the meantime, I changed line 197 to read $title = " 
title=\"$title\"";   By putting the HTML attribute in double quotes, the 
problem is worked around. But I'm hoping the devs were planning to fix 
this escaping problem. The last time I mentioned an blog-header.php bug, 
Ryan Boren fixed it in CVS a few days later, to my delightful surprise. 
Thanks Ryan!!!


More information about the hackers mailing list