Ticket #56110: 56110.patch

wp-admin/options-permalink.php

@@ -10 +10 @@
 require_once __DIR__ . '/admin.php';
 
 if ( ! current_user_can( 'manage_options' ) ) {
-        wp_die( __( 'Sorry, you are not allowed to manage options for this site.' ) );
+        wp_die( esc_html__( 'Sorry, you are not allowed to manage options for this site.' ) );
 }
 
 // Used in the HTML title tag.
@@ -244 +244 @@
         </tr>
         <tr>
                 <th scope="row"><label><input name="selection" type="radio" value="<?php echo esc_attr( $structures[1] ); ?>" <?php checked( $structures[1], $permalink_structure ); ?> /> <?php _e( 'Day and name' ); ?></label></th>
-                <td><code><?php echo get_option( 'home' ) . $blog_prefix . $prefix . '/' . gmdate( 'Y' ) . '/' . gmdate( 'm' ) . '/' . gmdate( 'd' ) . '/' . _x( 'sample-post', 'sample permalink structure' ) . '/'; ?></code></td>
+                <td><code><?php echo get_option( 'home' ) . esc_html( $blog_prefix ) . esc_html( $prefix ) . '/' . gmdate( 'Y' ) . '/' . gmdate( 'm' ) . '/' . gmdate( 'd' ) . '/' . _x( 'sample-post', 'sample permalink structure' ) . '/'; ?></code></td>
         </tr>
         <tr>
                 <th scope="row"><label><input name="selection" type="radio" value="<?php echo esc_attr( $structures[2] ); ?>" <?php checked( $structures[2], $permalink_structure ); ?> /> <?php _e( 'Month and name' ); ?></label></th>
-                <td><code><?php echo get_option( 'home' ) . $blog_prefix . $prefix . '/' . gmdate( 'Y' ) . '/' . gmdate( 'm' ) . '/' . _x( 'sample-post', 'sample permalink structure' ) . '/'; ?></code></td>
+                <td><code><?php echo get_option( 'home' ) . esc_html( $blog_prefix ) . esc_html( $prefix ) . '/' . gmdate( 'Y' ) . '/' . gmdate( 'm' ) . '/' . _x( 'sample-post', 'sample permalink structure' ) . '/'; ?></code></td>
         </tr>
         <tr>
                 <th scope="row"><label><input name="selection" type="radio" value="<?php echo esc_attr( $structures[3] ); ?>" <?php checked( $structures[3], $permalink_structure ); ?> /> <?php _e( 'Numeric' ); ?></label></th>
-                <td><code><?php echo get_option( 'home' ) . $blog_prefix . $prefix . '/' . _x( 'archives', 'sample permalink base' ) . '/123'; ?></code></td>
+                <td><code><?php echo get_option( 'home' ) . esc_html( $blog_prefix ) . esc_html( $prefix ) . '/' . _x( 'archives', 'sample permalink base' ) . '/123'; ?></code></td>
         </tr>
         <tr>
                 <th scope="row"><label><input name="selection" type="radio" value="<?php echo esc_attr( $structures[4] ); ?>" <?php checked( $structures[4], $permalink_structure ); ?> /> <?php _e( 'Post name' ); ?></label></th>
-                <td><code><?php echo get_option( 'home' ) . $blog_prefix . $prefix . '/' . _x( 'sample-post', 'sample permalink structure' ) . '/'; ?></code></td>
+                <td><code><?php echo get_option( 'home' ) . esc_html( $blog_prefix ) . esc_html( $prefix ) . '/' . _x( 'sample-post', 'sample permalink structure' ) . '/'; ?></code></td>
         </tr>
         <tr>
                 <th scope="row">
@@ -265 +265 @@
                         </label>
                 </th>
                 <td>
-                        <code><?php echo get_option( 'home' ) . $blog_prefix; ?></code>
+                        <code><?php echo get_option( 'home' ) . esc_html( $blog_prefix ); ?></code>
                         <input name="permalink_structure" id="permalink_structure" type="text" value="<?php echo esc_attr( $permalink_structure ); ?>" class="regular-text code" />
                         <div class="available-structure-tags hide-if-no-js">
                                 <div id="custom_selection_updated" aria-live="assertive" class="screen-reader-text"></div>
@@ -338 +338 @@
 <p>
 <?php
 /* translators: %s: Placeholder that must come at the start of the URL. */
-printf( __( 'If you like, you may enter custom structures for your category and tag URLs here. For example, using <code>topics</code> as your category base would make your category links like <code>%s/topics/uncategorized/</code>. If you leave these blank the defaults will be used.' ), get_option( 'home' ) . $blog_prefix . $prefix );
+printf( __( 'If you like, you may enter custom structures for your category and tag URLs here. For example, using <code>topics</code> as your category base would make your category links like <code>%s/topics/uncategorized/</code>. If you leave these blank the defaults will be used.' ), get_option( 'home' ) . esc_html( $blog_prefix ) . esc_html( $prefix ) );
 ?>
 </p>
 
 <table class="form-table" role="presentation">
         <tr>
                 <th><label for="category_base"><?php /* translators: Prefix for category permalinks. */ _e( 'Category base' ); ?></label></th>
-                <td><?php echo $blog_prefix; ?> <input name="category_base" id="category_base" type="text" value="<?php echo esc_attr( $category_base ); ?>" class="regular-text code" /></td>
+                <td><?php echo esc_html( $blog_prefix ); ?> <input name="category_base" id="category_base" type="text" value="<?php echo esc_attr( $category_base ); ?>" class="regular-text code" /></td>
         </tr>
         <tr>
                 <th><label for="tag_base"><?php _e( 'Tag base' ); ?></label></th>
-                <td><?php echo $blog_prefix; ?> <input name="tag_base" id="tag_base" type="text" value="<?php echo esc_attr( $tag_base ); ?>" class="regular-text code" /></td>
+                <td><?php echo esc_html( $blog_prefix ); ?> <input name="tag_base" id="tag_base" type="text" value="<?php echo esc_attr( $tag_base ); ?>" class="regular-text code" /></td>
         </tr>
         <?php do_settings_fields( 'permalink', 'optional' ); ?>
 </table>