[wp-trac] [WordPress Trac] #30967: $fallback in sanitize_html_class() is not sanitized

WordPress Trac noreply at wordpress.org
Fri Jan 9 20:23:47 UTC 2015

#30967: $fallback in sanitize_html_class() is not sanitized
 Reporter:  mighty_mt          |       Owner:
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Posts, Post Types  |     Version:  trunk
 Severity:  normal             |  Resolution:
 Keywords:                     |     Focuses:

Comment (by MikeHansenMe):

 Replying to [comment:2 mighty_mt]:
 > By the way, I just quickly did a full text search of all PHP files in
 the ''wp-incudes'' directory and found that there are a few places in core
 where the fallback is used... once in the {{{get_comment_class()}}}
 function and multiple times in {{{get_post_class()}}}. See also #30883.
 Not sure how I missed those. Every use case was to use an id if the
 slug/nice_name could not be sanitized without being empty. I think
 sanitizing the fallback should probably happen either way.

Ticket URL: <https://core.trac.wordpress.org/ticket/30967#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list