[wp-trac] [WordPress Trac] #30967: $fallback in sanitize_html_class() is not sanitized
WordPress Trac
noreply at wordpress.org
Fri Jan 9 20:23:47 UTC 2015
#30967: $fallback in sanitize_html_class() is not sanitized
-------------------------------+------------------------------
Reporter: mighty_mt | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------------+------------------------------
Comment (by MikeHansenMe):
Replying to [comment:2 mighty_mt]:
> By the way, I just quickly did a full text search of all PHP files in
the ''wp-incudes'' directory and found that there are a few places in core
where the fallback is used... once in the {{{get_comment_class()}}}
function and multiple times in {{{get_post_class()}}}. See also #30883.
Not sure how I missed those. Every use case was to use an id if the
slug/nice_name could not be sanitized without being empty. I think
sanitizing the fallback should probably happen either way.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30967#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list