[wp-trac] [WordPress Trac] #54277: values within loop should be escaped properly before echo `wp-admin/theme-install.php`
WordPress Trac
noreply at wordpress.org
Sat Oct 16 23:27:27 UTC 2021
#54277: values within loop should be escaped properly before echo `wp-admin/theme-
install.php`
--------------------------+-------------------------------
Reporter: sabbirshouvo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: coding-standards
--------------------------+-------------------------------
Changes (by sabernhardt):
* version: trunk =>
Comment:
Using `esc_html()` would be appropriate for the label text; the category
name's variable is escaped the same way for the `legend` tag on line 226.
Side note: I got confused by both variables named `$feature_name` because
the first `foreach` loop refers to the feature ''category'' name. Could we
change that variable to `$category_name` (or something similar)?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54277#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list