WordPress.org

Make WordPress Core

Ticket #20009: 20009.2.diff

File 20009.2.diff, 820 bytes (added by mfields, 3 years ago)

Escape even later.

  • wp-includes/post-template.php

     
    292292 */ 
    293293function post_class( $class = '', $post_id = null ) { 
    294294        // Separates classes with a single space, collates classes for post DIV 
    295         echo 'class="' . join( ' ', get_post_class( $class, $post_id ) ) . '"'; 
     295        echo 'class="' . esc_attr( join( ' ', get_post_class( $class, $post_id ) ) ) . '"'; 
    296296} 
    297297 
    298298/** 
     
    384384 */ 
    385385function body_class( $class = '' ) { 
    386386        // Separates classes with a single space, collates classes for body element 
    387         echo 'class="' . join( ' ', get_body_class( $class ) ) . '"'; 
     387        echo 'class="' . esc_attr( join( ' ', get_body_class( $class ) ) ) . '"'; 
    388388} 
    389389 
    390390/**