[wp-trac] [WordPress Trac] #57110: Correctly some attributes escape is missing in this ( wp-admin/includes/nav-menu.php ) file.
WordPress Trac
noreply at wordpress.org
Fri Mar 31 15:57:24 UTC 2023
#57110: Correctly some attributes escape is missing in this ( wp-admin/includes
/nav-menu.php ) file.
--------------------------+-----------------------------------------------
Reporter: zenaulislam | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.3
Component: Menus | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration, coding-standards
--------------------------+-----------------------------------------------
Changes (by SergeyBiryukov):
* focuses: coding-standards => administration, coding-standards
* component: Administration => Menus
* milestone: Awaiting Review => 6.3
Comment:
Thanks for the PR! It looks good, I only have two minor notes:
* It would be more consistent with some existing instances to only escape
the variable, e.g.
{{{
<div id="posttype-<?php echo esc_attr( $post_type_name ); ?>"
class="posttypediv">
}}}
instead of:
{{{
<div id="<?php echo esc_attr( 'posttype-' . $post_type_name ); ?>"
class="posttypediv">
}}}
* We should also escape `$taxonomy_name` in
`wp_nav_menu_item_taxonomy_meta_box()` in a similar way.
This can be addressed on commit.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57110#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list