[wp-trac] [WordPress Trac] #22690: TwentyTwelve twentytwelve_content_nav $nav_id is not validated.
WordPress Trac
noreply at wordpress.org
Mon Dec 3 04:42:43 UTC 2012
#22690: TwentyTwelve twentytwelve_content_nav $nav_id is not validated.
-----------------------------+--------------------------
Reporter: ounziw | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Themes
Version: | Severity: minor
Keywords: |
-----------------------------+--------------------------
In functions.php of TwentyTwelve Theme, function
"twentytwelve_content_nav" is defined.
twentytwelve_content_nav takes a parameter called $nav_id. $nav_id is
echoed without validated nor escaped.
When careless people write a code like twentytwelve_content_nav( 'nav
below' ), it breaks HTML's rule.
{{{
function twentytwelve_content_nav( $nav_id ) {
global $wp_query;
if ( $wp_query->max_num_pages > 1 ) : ?>
<nav id="<?php echo $nav_id; ?>" class="navigation"
role="navigation">
...
}}}
I propose to add
{{{
$nav_id = esc_attr( str_replace(' ','',$nav_id ) );
}}}
at the beginning of the function definition.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22690>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list