Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Escape home_url() in #site-title link #113

Merged
merged 1 commit into from

2 participants

@sixhours
Owner

We escape home_url( '/' ) when displaying custom-header.php and searchform.php; it should also be escaped here.

@sixhours sixhours Escape home_url() in #site-title link
We escape the URL when displaying custom-header.php and searchform.php, which leads me to believe it should also be escaped here.
c2c282e
@mfields

I think this makes a lot of sense because the output of home_url() is filterable by core.

@mfields mfields merged commit b6b88b4 into Automattic:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 20, 2012
  1. @sixhours

    Escape home_url() in #site-title link

    sixhours authored
    We escape the URL when displaying custom-header.php and searchform.php, which leads me to believe it should also be escaped here.
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  header.php
View
2  header.php
@@ -47,7 +47,7 @@
<?php do_action( 'before' ); ?>
<header id="masthead" class="site-header" role="banner">
<hgroup>
- <h1 class="site-title"><a href="<?php echo home_url( '/' ); ?>" title="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></h1>
+ <h1 class="site-title"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php echo esc_attr( get_bloginfo( 'name', 'display' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a></h1>
<h2 class="site-description"><?php bloginfo( 'description' ); ?></h2>
</hgroup>
Something went wrong with that request. Please try again.