WordPress.org
Get WordPress

Make WordPress Core

Ticket #54277: 54277.diff

File 54277.diff, 635 bytes (added by sabbirshouvo, 4 years ago)

escape $feature_name using esc_html()

  • src/wp-admin/theme-install.php 

    diff --git a/src/wp-admin/theme-install.php b/src/wp-admin/theme-install.php
index 4f0ba2ad66..50d43dd137 100644
    a b require_once ABSPATH . 'wp-admin/admin-header.php'; 
    228228                        echo '<div class="filter-group-feature">';
    229229                        foreach ( $features as $feature => $feature_name ) {
    230230                                $feature = esc_attr( $feature );
     231                                $feature_name = esc_html( $feature_name );
    231232                                echo '<input type="checkbox" id="filter-id-' . $feature . '" value="' . $feature . '" /> ';
    232233                                echo '<label for="filter-id-' . $feature . '">' . $feature_name . '</label>';
    233234                        }