[wp-trac] [WordPress Trac] #20771: esc_url() instead of esc_html() in wp_nonce_url()
WordPress Trac
wp-trac at lists.automattic.com
Tue May 29 09:53:32 UTC 2012
#20771: esc_url() instead of esc_html() in wp_nonce_url()
---------------------------------+-----------------------------
Reporter: jkudish | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Formatting | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch 3.5-early |
---------------------------------+-----------------------------
Changes (by SergeyBiryukov):
* keywords: has-patch => has-patch 3.5-early
* milestone: Awaiting Review => Future Release
Comment:
`wp_specialchars()` was added in [3974] and changed to `esc_html()` in
[11380].
In come cases, `wp_nonce_url()` result is already escaped with `esc_url()`
on output: [[BR]]
http://core.trac.wordpress.org/browser/tags/3.3.2/wp-admin/includes/class-
wp-ms-sites-list-table.php#L249
We should probably review all the instances.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20771#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list