[wp-trac] [WordPress Trac] #19712: Escape taxonomy labels in tags meta box
WordPress Trac
wp-trac at lists.automattic.com
Mon Jan 2 19:32:19 UTC 2012
#19712: Escape taxonomy labels in tags meta box
--------------------------+-----------------------------
Reporter: niallkennedy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version:
Severity: minor | Keywords: has-patch
--------------------------+-----------------------------
While browsing the code for the tags post meta box I noticed many values
were echoed without escaping. Taxonomy [labels
http://core.trac.wordpress.org/browser/tags/3.3/wp-
includes/taxonomy.php#L14 from wp-includes/taxonomy.php] or elsewhere may
have passed through gettext and contain escapable characters in the
returned string.
Before: `echo $taxonomy->labels->add_new_item`
After: `echo esc_html( $taxonomy->labels->add_new_item )`
While I was in there I also assigned the `assign_terms` capability test
into a single variable compared three times instead of calling the
capabilities function three times. Performance benefit, slightly cleaner.
The [http://www.whatwg.org/specs/web-apps/current-work/multipage
/association-of-controls-and-forms.html#attr-fe-disabled disabled
attribute] is a [http://www.whatwg.org/specs/web-apps/current-
work/multipage/common-microsyntaxes.html#boolean-attribute boolean
attribute] in HTML5; changed that string as well. The variable is only
used once and could be a good candidate for a
[http://codex.wordpress.org/WordPress_Coding_Standards#Ternary_Operator
ternary operator] based on WP coding standards but the assigned string
change is a cleaner patch compare.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19712>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list