WordPress.org

Make WordPress Core

Ticket #40401: 40401.2.diff

File 40401.2.diff, 1.3 KB (added by audrasjb, 4 months ago)

Patch refresh

  • src/wp-admin/includes/class-wp-list-table.php

    diff --git a/src/wp-admin/includes/class-wp-list-table.php b/src/wp-admin/includes/class-wp-list-table.php
    index 8169a4fcbc..535f5d5f81 100644
    a b class WP_List_Table { 
    14251425                        }
    14261426
    14271427                        // Comments column uses HTML in the display name with screen reader text.
    1428                         // Instead of using esc_attr(), we strip tags to get closer to a user-friendly string.
    1429                         $data = 'data-colname="' . wp_strip_all_tags( $column_display_name ) . '"';
     1428                        // Strip tags to get closer to a user-friendly string.
     1429                        $data = 'data-colname="' . esc_attr( wp_strip_all_tags( $column_display_name ) ) . '"';
    14301430
    14311431                        $attributes = "class='$classes' $data";
    14321432
  • src/wp-admin/includes/class-wp-users-list-table.php

    diff --git a/src/wp-admin/includes/class-wp-users-list-table.php b/src/wp-admin/includes/class-wp-users-list-table.php
    index 2ab7e9f725..a0a989498c 100644
    a b class WP_Users_List_Table extends WP_List_Table { 
    531531                                $classes .= ' hidden';
    532532                        }
    533533
    534                         $data = 'data-colname="' . wp_strip_all_tags( $column_display_name ) . '"';
     534                        $data = 'data-colname="' . esc_attr( wp_strip_all_tags( $column_display_name ) ) . '"';
    535535
    536536                        $attributes = "class='$classes' $data";
    537537