[wp-trac] [WordPress Trac] #32233: Improve escaping in /wp-admin/includes/template.php

WordPress Trac noreply at wordpress.org
Sat May 2 20:04:23 UTC 2015

#32233: Improve escaping in /wp-admin/includes/template.php
 Reporter:  McGuive7                 |       Owner:
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Administration           |     Version:  trunk
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-refresh  |     Focuses:  administration
Changes (by ocean90):

 * keywords:  has-patch needs-testing => has-patch needs-refresh


 Replying to [comment:3 McGuive7]:

 > On another point, I'm confused. You say that esc_html_e() should only be
 used for translatable strings, and then you go on to say translations
 should be considered safe

 That was just for the wrong use of `esc_html_e()` for `esc_attr_e( $bytes
 )` in your patch.

 Core translations are considered as safe because we have a review process
 for them. See also the comments on #30724.

 Side note: All occurrences of `echo __()` should be replaced with `_e()`.

Ticket URL: <https://core.trac.wordpress.org/ticket/32233#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list