[wp-trac] [WordPress Trac] #57110: Correctly some attributes escape is missing in this ( wp-admin/includes/nav-menu.php ) file.
WordPress Trac
noreply at wordpress.org
Sat Apr 1 08:35:30 UTC 2023
#57110: Correctly some attributes escape is missing in this ( wp-admin/includes
/nav-menu.php ) file.
--------------------------+-----------------------------------------------
Reporter: zenaulislam | Owner: SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.3
Component: Menus | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses: administration, coding-standards
--------------------------+-----------------------------------------------
Changes (by SergeyBiryukov):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"55616" 55616]:
{{{
#!CommitTicketReference repository="" revision="55616"
Coding Standards: Escape the whole attributes in `wp-admin/includes/nav-
menu.php`.
It is best to always escape the complete value of an attribute, not a
partial value, as otherwise the escaping could be (partially) undone when
the values are joined together.
While the hardcoded prefix/suffix values in this case don't necessarily
create that risk, those may change to values which could be problematic,
so making it a habit to escape the value in one go is best practice.
Includes:
* Moving a few `esc_url()` calls closer to the actual output and escaping
the hash parts too.
* Wrapping a few long lines for better readability.
Follow-up to [14248], [23707], [42217], [55615].
Props jrf, SergeyBiryukov.
Fixes #57110.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57110#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list