Escaping Backlink URL

circuscode · circuscode · commit 8a565864a719 · 2024-04-01T16:28:13.000+02:00
diff --git a/tootpress_blog.php b/tootpress_blog.php
@@ -139,7 +139,7 @@ function tootpress_paint_elephant( $instance, $account, $mastodon_id, $backlink)
 
 	if($backlink) {
 		$elephant_html.='<a href="';
-		$elephant_html.=$url;
+		$elephant_html.=esc_url($url);
 		$elephant_html.='" class="toot-backlink"/>';
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,7 @@ function tootpress_paint_elephant( $instance, $account, $mastodon_id, $backlink)`
`139`	`139`
`140`	`140`	`if($backlink) {`
`141`	`141`	`$elephant_html.='<a href="';`
`142`		`- $elephant_html.=$url;`
	`142`	`+ $elephant_html.=esc_url($url);`
`143`	`143`	`$elephant_html.='" class="toot-backlink"/>';`
`144`	`144`	`}`
`145`	`145`