WordPress.org

Make WordPress Core

Ticket #26631: 26631.11.diff

File 26631.11.diff, 1.8 KB (added by xknown, 7 years ago)

Add some escaping/whitelisting to the shortcode attributes.

  • wp-includes/media.php

     
    10091009                $orderby = 'none';
    10101010        }
    10111011
     1012        if ( !in_array( $style, array( 'light', 'dark' ), true ) ) {
     1013                $style = 'light';
     1014        }
     1015
    10121016        $args = array(
    10131017                'post_status' => 'inherit',
    10141018                'post_type' => 'attachment',
     
    11091113        }
    11101114        $data['tracks'] = $tracks;
    11111115
     1116        $safe_type = esc_attr( $safe_type );
     1117        $safe_style = esc_attr( $style );
     1118
    11121119        ob_start();
    11131120
    11141121        if ( 1 === $instance ):
    11151122                wp_enqueue_style( 'wp-mediaelement' );
    11161123                wp_enqueue_script( 'wp-playlist' );
    11171124?>
    1118 <!--[if lt IE 9]><script>document.createElement('<?php echo $type ?>');</script><![endif]-->
     1125<!--[if lt IE 9]><script>document.createElement('<?php echo esc_js( $type ) ?>');</script><![endif]-->
    11191126<script type="text/html" id="tmpl-wp-playlist-current-item">
    11201127        <# if ( data.image ) { #>
    11211128        <img src="{{{ data.thumb.src }}}"/>
     
    11501157        </div>
    11511158</script>
    11521159        <?php endif ?>
    1153 <div class="wp-playlist wp-<?php echo $type ?>-playlist wp-playlist-<?php echo $style ?>">
     1160<div class="wp-playlist wp-<?php echo $safe_type ?>-playlist wp-playlist-<?php echo $safe_style ?>">
    11541161        <?php if ( 'audio' === $type ): ?>
    11551162        <div class="wp-playlist-current-item"></div>
    11561163        <?php endif ?>
    1157         <<?php echo $type ?> controls="controls" preload="metadata" width="<?php echo $theme_width ?>"></<?php echo $type ?>>
     1164        <<?php echo $safe_type ?> controls="controls" preload="metadata" width="<?php echo (int) $theme_width ?>"></<?php echo $safe_type ?>>
    11581165        <div class="wp-playlist-next"></div>
    11591166        <div class="wp-playlist-prev"></div>
    11601167        <noscript>
     
    25902597        }
    25912598
    25922599        return current_theme_supports( 'post-thumbnails', $post->post_type );
    2593 }
    2594  No newline at end of file
     2600}