[wp-trac] [WordPress Trac] #53426: Escaping function missing.
WordPress Trac
noreply at wordpress.org
Thu Jun 17 12:18:25 UTC 2021
#53426: Escaping function missing.
----------------------------+---------------------
Reporter: chintan1896 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.8
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
----------------------------+---------------------
Changes (by SergeyBiryukov):
* keywords: => has-patch
Comment:
Hi there, thanks for the patch!
Just noting that the instance in `wp-includes/class-wp-embed.php` does not
need escaping.
The current code creates a link like this:
{{{
$.get("/build/wp-admin/admin-ajax.php?action=oembed-cache&post=123");
}}}
With the patch, the ampersand is converted to the `&` entity:
{{{
$.get("/build/wp-admin/admin-ajax.php?action=oembed-cache&post=123");
}}}
This leads to the `post` parameter being dropped from the link when the
request is made in my testing:
{{{
http://develop.wordpress.test/build/wp-admin/admin-ajax.php?action=oembed-
cache&
}}}
The rest of the patch looks good.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53426#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list