fix: use wp_kses_post() instead of esc_url() for HTML output in distributor_the_original_site_link()

[thisismyurl]

Description of the Change

Summary

distributor_the_original_site_link() wraps the return value of distributor_get_original_site_link() in esc_url() before echoing it. distributor_get_original_site_link() returns a fully-formed <a href="...">...</a> anchor tag — not a bare URL — with esc_url() and esc_html() already applied internally.

Wrapping HTML in esc_url() encodes angle brackets, quotes, and ampersands. The rendered output is escaped text rather than a clickable link.

This PR replaces esc_url() with wp_kses_post(), which permits the safe HTML subset the getter already produces.

Before:

echo esc_url( distributor_get_original_site_link( $post_id ) );

After:

echo wp_kses_post( distributor_get_original_site_link( $post_id ) );

Fixes #1378

---

Developed and tested with AI assistance (Claude + internal review pipeline). Changes were verified against the function's return value before implementation.

How to test the Change

1. Link two sites, either internal or external
2. Create a post on the source site
3. Distribute the post to the destination site
4. On the destination site, check the post ID on the edit post list page
5. Run the WP CLI command wp eval --url=[destination site] "distributor_the_original_site_link([post id]);" replacing the placeholders as appropriate
6. Ensure the link tag is shown in the output

Changelog Entry

Fixed - Correct escaping of distributor_the_original_site_link()

Credits

Props @thisismyurl

Checklist:

• I agree to follow this project's Code of Conduct.
• I have updated the documentation accordingly.
• I have added Critical Flows, Test Cases, and/or End-to-End Tests to cover my change.
• All new and existing tests pass.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Updates the output escaping for the “original site link” template tag so HTML returned by the getter is safely rendered instead of being incorrectly treated as a URL.

Changes:

• Replace esc_url() with wp_kses_post() when echoing the original site link markup.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[peterwilsoncc]

@thisismyurl thank you for the pull request.

I've taken the liberty of reformatting your PR description using the repository template. Are you able to review the test details I've provided to ensure you are happy with them.

We also require contributors to review and agree to the repos code of conduct, are you able to read through them and check the checkbox "I agree to follow this project's Code of Conduct." in the PR's description if you are happy with them.

Once I hear back, I'll approve and merge the pull request.

[thisismyurl]

Hi @peterwilsoncc — I've read through the Code of Conduct and checked the box.

Your test steps look right to me: the bug shows up any time distributor_the_original_site_link() is called with content that has been distributed, and the WP CLI wp eval command is a clean way to verify the output without needing a front-end template. The reproduction steps you documented match how I verified the fix locally.

Thanks for reformatting the description and for the detailed test case.

[peterwilsoncc]

LGTM and tests well, thank you!