[wp-trac] [WordPress Trac] #51855: wp_dropdown_categories allows multiple classes
WordPress Trac
noreply at wordpress.org
Mon Nov 23 20:50:26 UTC 2020
#51855: wp_dropdown_categories allows multiple classes
--------------------------+-----------------------------
Reporter: tnash | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
The function wp_dropdown_categories() provides the argument for class in
line with many other functions however it uses:
{{{#!php
$class = esc_attr( $parsed_args['class'] );
}}}
Rather then then:
{{{#!php
sanitize_html_class( $class )
}}}
This means its not using the much more restrictive santization and is
allowing multiple classes.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51855>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list