From 22264eea24a97711bdd0d2af9c91c7e6253d4828 Mon Sep 17 00:00:00 2001
From: Ben Keith <ben@benlk.com>
Date: Tue, 19 Jan 2016 14:12:41 -0500
Subject: [PATCH] Escape the URLs on the share buttons, and the text on the
 Twitter button.

---
 inc/post-tags.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/post-tags.php b/inc/post-tags.php
index f2e013601..1f74ba05a 100644
--- a/inc/post-tags.php
+++ b/inc/post-tags.php
@@ -174,7 +174,7 @@ function largo_post_social_links( $echo = true ) {
 			$fb_share = '<span class="facebook"><a target="_blank" href="http://www.facebook.com/sharer/sharer.php?u=%1$s"><i class="icon-facebook"></i><span class="hidden-phone">%2$s</span></a></span>';
 			$output .= sprintf(
 				$fb_share,
-				esc_attr( get_permalink() ),
+				esc_url( get_permalink() ),
 				esc_attr( ucfirst( of_get_option( 'fb_verb' ) ) )
 			);
 		}
@@ -183,8 +183,8 @@ function largo_post_social_links( $echo = true ) {
 			$twitter_share = '<span class="twitter"><a target="_blank" href="https://twitter.com/intent/tweet?text=%1$s&url=%2$s&via=%3$s"><i class="icon-twitter"></i><span class="hidden-phone">%4$s</span></a></span>';
 			$output .= sprintf(
 				$twitter_share,
-				esc_attr( get_the_title() ),
-				esc_attr( get_permalink() ),
+				urlencode( get_the_title() ),
+				esc_url( get_permalink() ),
 				esc_attr( get_the_author_meta( 'twitter' ) ),
 				esc_attr( __( 'Tweet', 'largo' ) )
 			);