Ticket #17217 (closed defect (bug): fixed)

Opened 10 months ago

Last modified 10 months ago

Walker_PageDropdown doesn't filter titles correctly

Reported by: Otto42 Owned by:
Priority: normal Milestone: 3.1.2
Component: Administration Version: 3.1
Severity: normal Keywords: has-patch
Cc:

Description (last modified by Otto42) (diff)

The Walker_PageDropdown has this code: 

$title = esc_html($page->post_title);
$title = apply_filters( 'list_pages', $page->post_title );

Meaning that the esc_html is not applied properly, since $title just gets replaces with the $post_title again.

Fix is this: 

$title = esc_html($page->post_title);
$title = apply_filters( 'list_pages', $title );

Patch attached.

Attachments

walkerpatch.patch Download (469 bytes) - added by Otto42 10 months ago.

Change History

Otto4210 months ago

comment:1   Otto4210 months ago

  • Description modified (diff)

comment:2   Otto4210 months ago

  • Priority changed from high to normal
  • Component changed from Security to Administration
  • Severity changed from major to normal

comment:3   nacin10 months ago

  • Milestone changed from Awaiting Review to 3.2

Going to tweak this a bit. Instead moving the esc_html() to after the filter, consistent with escaping as late as possible and also still passing post_title unescaped to the filter, as before.

comment:4   nacin10 months ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [17683]) Apply esc_html properly in Walker_PageDropdown. fixes #17217.

comment:5   nacin10 months ago

  • Milestone changed from 3.2 to 3.1.2

Broken in [16446].

comment:6   nacin10 months ago

(In [17685]) Apply esc_html properly in Walker_PageDropdown. fixes #17217 for the 3.1 branch.

Note: See TracTickets for help on using tickets.