From 65561851298cf189c139aed05a7fef7a869356e6 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Thu, 30 Mar 2023 15:16:47 +0000 Subject: [PATCH] Comments: Use correct escaping function in `get_cancel_comment_reply_link()`. Follow-up to [9112], [9406], [11011], [11380], [11383], [44659]. Props chintan1896, ankitmaru. Fixes #58025. git-svn-id: https://develop.svn.wordpress.org/trunk@55614 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/comment-template.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-includes/comment-template.php b/src/wp-includes/comment-template.php index a739f622b8..9a2064cec2 100644 --- a/src/wp-includes/comment-template.php +++ b/src/wp-includes/comment-template.php @@ -1941,7 +1941,7 @@ function get_cancel_comment_reply_link( $text = '', $post = null ) { $post = get_post( $post ); $reply_to_id = $post ? _get_comment_reply_id( $post->ID ) : 0; $style = 0 !== $reply_to_id ? '' : ' style="display:none;"'; - $link = esc_html( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond'; + $link = esc_url( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond'; $formatted_link = '' . $text . '';