[wp-trac] [WordPress Trac] #62798: Twenty Seventeen: sanitize output of twentyseventeen_custom_colors_css()

WordPress Trac noreply at wordpress.org
Fri Jan 10 05:38:07 UTC 2025


#62798: Twenty Seventeen: sanitize output of twentyseventeen_custom_colors_css()
------------------------------+----------------------------------------
 Reporter:  viralsampat       |      Owner:  (none)
     Type:  defect (bug)      |     Status:  new
 Priority:  normal            |  Milestone:  Awaiting Review
Component:  Bundled Theme     |    Version:
 Severity:  normal            |   Keywords:  dev-feedback needs-testing
  Focuses:  coding-standards  |
------------------------------+----------------------------------------
 Hello Team,

 I have checked WordPress fork and found PHPCS Warning in functions.php
 file for "TwentySeventeen" theme.

 i.e

 All output should be run through an escaping function (see the Security
 sections in the WordPress Developer Handbooks), found
 'twentyseventeen_custom_colors_css'.


 {{{
 <style type="text/css" id="custom-theme-colors" <?php echo
 $customize_preview_data_hue; ?>>
         <?php echo twentyseventeen_custom_colors_css(); ?>
 </style>
 }}}

 **Note:** I have checked the core trac and found the similar issue. #62787

 Thanks,

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62798>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list