[wp-trac] [WordPress Trac] #29127: Bundled Themes: fix escaping and minor code style issues

WordPress Trac noreply at wordpress.org
Thu Aug 7 02:52:34 UTC 2014


#29127: Bundled Themes: fix escaping and minor code style issues
-------------------------------------+-----------------------------
 Reporter:  lancewillett             |       Owner:
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  Future Release
Component:  Bundled Theme            |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+-----------------------------

Comment (by lancewillett):

 Replying to [comment:4 obenland]:
 > * Can we move the definition of `$style` to the top of the function?
 > * In `header.php`: Adding `esc_url()` around `header_image()` will not
 work, as it echoes its content.
 > * In `category.php`: Using `esc_html()` around the category description
 might break things.

 Fixed.

 > * Do we allow HTML in the site description? If we do, using `esc_html()`
 around the site description might break things.

 Fixed. We do not allow HTML, and it's escaped with {{{esc_html()}}}
 already: see https://core.trac.wordpress.org/browser/trunk/src/wp-
 includes/formatting.php#L3303

--
Ticket URL: <https://core.trac.wordpress.org/ticket/29127#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list