WordPress.org

Make WordPress Core

Ticket #13377: 13377.patch

File 13377.patch, 1.8 KB (added by Mte90, 3 years ago)

patch refreshed

  • src/wp-admin/includes/template.php

     
    772772        ksort( $templates );
    773773        foreach ( array_keys( $templates ) as $template ) {
    774774                $selected = selected( $default, $templates[ $template ], false );
    775                 echo "\n\t<option value='" . $templates[ $template ] . "' $selected>$template</option>";
     775                echo "\n\t<option value='" . $templates[ $template ] . "' $selected>" . esc_html( $template ) . "</option>";
    776776        }
    777777}
    778778
  • src/wp-admin/theme-editor.php

     
    156156 <div id="message" class="updated notice is-dismissible"><p><?php _e( 'File edited successfully.' ) ?></p></div>
    157157<?php endif;
    158158
    159 $description = get_file_description( $relative_file );
     159$description = trim( get_file_description( $relative_file ) );
    160160$file_show = array_search( $file, array_filter( $allowed_files ) );
    161161if ( $description != $file_show )
    162162        $description .= ' <span>(' . $file_show . ')</span>';
     
    166166
    167167<div class="fileedit-sub">
    168168<div class="alignleft">
    169 <h2><?php echo $theme->display( 'Name' ); if ( $description ) echo ': ' . $description; ?></h2>
     169<h2><?php echo $theme->display( 'Name' ); if ( $description ) echo ': ' . esc_html( $description ); ?></h2>
    170170</div>
    171171<div class="alignright">
    172172        <form action="theme-editor.php" method="post">
     
    236236                }
    237237
    238238                if ( $absolute_filename === $file ) {
    239                         $file_description = '<span class="highlight">' . $file_description . '</span>';
     239                        $file_description = '<span class="highlight">' . esc_html( $file_description ) . '</span>';
    240240                }
    241241
    242242                $previous_file_type = $file_type;