[wp-trac] [WordPress Trac] #62798: Twenty Seventeen: sanitize output of twentyseventeen_custom_colors_css()
WordPress Trac
noreply at wordpress.org
Fri Jan 10 05:38:07 UTC 2025
#62798: Twenty Seventeen: sanitize output of twentyseventeen_custom_colors_css()
------------------------------+----------------------------------------
Reporter: viralsampat | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version:
Severity: normal | Keywords: dev-feedback needs-testing
Focuses: coding-standards |
------------------------------+----------------------------------------
Hello Team,
I have checked WordPress fork and found PHPCS Warning in functions.php
file for "TwentySeventeen" theme.
i.e
All output should be run through an escaping function (see the Security
sections in the WordPress Developer Handbooks), found
'twentyseventeen_custom_colors_css'.
{{{
<style type="text/css" id="custom-theme-colors" <?php echo
$customize_preview_data_hue; ?>>
<?php echo twentyseventeen_custom_colors_css(); ?>
</style>
}}}
**Note:** I have checked the core trac and found the similar issue. #62787
Thanks,
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62798>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list