Permalink
Browse files

Escape the things

We need to escape the "disabled" attribute. And apparently the Paypal
string has never used the right i18n function
  • Loading branch information...
1 parent a53b53e commit 1b2ec5560d3985e0bf18d0612c887b3e451b9901 @1bigidea committed Mar 22, 2013
Showing with 2 additions and 2 deletions.
  1. +2 −2 wpsc-includes/display.functions.php
@@ -43,10 +43,10 @@ function wpsc_buy_now_button( $product_id, $replaced_shortcode = false ) {
$src = apply_filters( 'wpsc_buy_now_button_src', $src );
$classes = "wpsc-buy-now-form wpsc-buy-now-form-{$product_id}";
$button_html = sprintf('<input %s class="wpsc-buy-now-button wpsc-buy-now-button-%s" type="image" name="submit" border="0" src="%s" alt="%s" />',
- $disabled,
+ esc_attr( $disabled ),
esc_attr( $product_id ),
esc_url( $src ),
- esc_attr( 'PayPal - The safer, easier way to pay online', 'wpsc' )
+ esc_attr__( 'PayPal - The safer, easier way to pay online', 'wpsc' )
);
$button_html = apply_filters( 'wpsc_buy_now_button_html', $button_html, $product_id );
?>

0 comments on commit 1b2ec55

Please sign in to comment.