Wordpress 2.8.5

[autoinstalls/wordpress.git] / wp-includes / post-template.php

diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index 35a7caa9fbdd650f6408ff79c2c4d1bfd5100832..c473bdcc59c6971ab71287861012f068784a92cc 100644 (file)
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -342,6 +342,8 @@ function get_post_class( $class = '', $post_id = null ) {
                $classes = array_merge($classes, $class);
        }
 
+       $classes = array_map('esc_attr', $classes);
+
        return apply_filters('post_class', $classes, $class, $post_id);
 }
 
@@ -478,6 +480,8 @@ function get_body_class( $class = '' ) {
                $classes = array_merge($classes, $class);
        }
 
+       $classes = array_map('esc_attr', $classes);
+
        return apply_filters('body_class', $classes, $class);
 }
 
@@ -706,6 +710,7 @@ function wp_dropdown_pages($args = '') {
 
        $pages = get_pages($r);
        $output = '';
+       $name = esc_attr($name);
 
        if ( ! empty($pages) ) {
                $output = "<select name=\"$name\" id=\"$name\">\n";
@@ -842,7 +847,7 @@ function wp_page_menu( $args = array() ) {
        if ( $menu )
                $menu = '<ul>' . $menu . '</ul>';
 
-       $menu = '<div class="' . $args['menu_class'] . '">' . $menu . "</div>\n";
+       $menu = '<div class="' . esc_attr($args['menu_class']) . '">' . $menu . "</div>\n";
        $menu = apply_filters( 'wp_page_menu', $menu, $args );
        if ( $args['echo'] )
                echo $menu;