Make WordPress Core

Ticket #43723: 43723_sanitize_html_class.patch

File 43723_sanitize_html_class.patch, 1015 bytes (added by BjornW, 7 years ago)

Using sanitize_html_class() to make sure the sanitized data adheres to characters allowed in a html class

  • wp-admin/user-edit.php

     
    526526        <?php
    527527        foreach ( wp_get_user_contact_methods( $profileuser ) as $name => $desc ) {
    528528        ?>
    529         <tr class="user-<?php echo $name; ?>-wrap">
    530 <th><label for="<?php echo $name; ?>">
     529        <tr class="user-<?php echo sanitize_html_class($name); ?>-wrap">
     530  <th><label for="<?php echo esc_attr($name); ?>">
    531531        <?php
    532532        /**
    533533         * Filters a user contactmethod label.
     
    542542        echo apply_filters( "user_{$name}_label", $desc );
    543543        ?>
    544544        </label></th>
    545         <td><input type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr( $profileuser->$name ); ?>" class="regular-text" /></td>
     545        <td><input type="text" name="<?php echo esc_attr($name); ?>" id="<?php echo esc_attr($name); ?>" value="<?php echo esc_attr( $profileuser->$name ); ?>" class="regular-text" /></td>
    546546        </tr>
    547547        <?php
    548548        }