WordPress.org

Make WordPress Core

Ticket #20009: 20009.2.diff

File 20009.2.diff, 820 bytes (added by mfields, 6 years ago)

Escape even later.

  • wp-includes/post-template.php

     
    292292 */
    293293function post_class( $class = '', $post_id = null ) {
    294294        // Separates classes with a single space, collates classes for post DIV
    295         echo 'class="' . join( ' ', get_post_class( $class, $post_id ) ) . '"';
     295        echo 'class="' . esc_attr( join( ' ', get_post_class( $class, $post_id ) ) ) . '"';
    296296}
    297297
    298298/**
     
    384384 */
    385385function body_class( $class = '' ) {
    386386        // Separates classes with a single space, collates classes for body element
    387         echo 'class="' . join( ' ', get_body_class( $class ) ) . '"';
     387        echo 'class="' . esc_attr( join( ' ', get_body_class( $class ) ) ) . '"';
    388388}
    389389
    390390/**