[wp-trac] [WordPress Trac] #30967: $fallback in sanitize_html_class() is not sanitized
WordPress Trac
noreply at wordpress.org
Fri Jan 9 19:44:32 UTC 2015
#30967: $fallback in sanitize_html_class() is not sanitized
-------------------------------+------------------------------
Reporter: mighty_mt | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------------+------------------------------
Comment (by MikeHansenMe):
Looking at that function I find it a bit strange that there is even a
fallback. The reason is by default if the sanitized text is an empty
string it return a different variable that is also an empty string. It
seems if someone puts in a fallback that also gets sanitized it could be
an empty string as well. Not saying it shouldn't be sanitized, just seems
strange. I could not find any places in core that use the fallback.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30967#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list