[wp-trac] [WordPress Trac] #19282: wp_get_attachment_link() does not allow HTML in link text

WordPress Trac wp-trac at lists.automattic.com
Thu Nov 17 22:07:06 UTC 2011


#19282: wp_get_attachment_link() does not allow HTML in link text
----------------------------+-----------------------------
 Reporter:  SergeyBiryukov  |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  General         |    Version:  2.8
 Severity:  normal          |   Keywords:  has-patch
----------------------------+-----------------------------
 Background: #18156

 Escaping `$link_text` was introduced in [10495] along with the `$text`
 parameter itself and changed to `esc_attr()` in [11204]. Looks like it
 shouldn't really be there:

 1. `$link_text` is not an attribute, it's literally a link text.
 2. `adjacent_post_link()` doesn't escape link text.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19282>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list