Changeset 16520

Timestamp:

11/21/2010 01:37:09 PM (13 years ago)

Author:

nacin

Message:

Escape the wrap ID and class attributes going into sprintf() and s/slug/wrap_id/ to make it more obvious. see #14235.

File:

• trunk/wp-includes/nav-menu-template.php (modified) (2 diffs)

trunk/wp-includes/nav-menu-template.php

@@ -206 +206 @@
     // Attributes
     if ( ! empty( $args->menu_id ) ) {
-        $slug = $args->menu_id;
+        $wrap_id = $args->menu_id;
     } else {
-        $slug = 'menu-' . $menu->slug;
-        while ( in_array( $slug, $menu_id_slugs ) ) {
-            if ( preg_match( '#-(\d+)$#', $slug, $matches ) )
-                $slug = preg_replace('#-(\d+)$#', '-' . ++$matches[1], $slug);
+        $wrap_id = 'menu-' . $menu->slug;
+        while ( in_array( $wrap_id, $menu_id_slugs ) ) {
+            if ( preg_match( '#-(\d+)$#', $wrap_id, $matches ) )
+                $wrap_id = preg_replace('#-(\d+)$#', '-' . ++$matches[1], $wrap_id );
             else
-                $slug = $slug . '-1';
-        }
-    }
-    $menu_id_slugs[] = $slug;
-    
+                $wrap_id = $wrap_id . '-1';
+        }
+    }
+    $menu_id_slugs[] = $wrap_id;
+
     $wrap_class = $args->menu_class ? $args->menu_class : '';
 
@@ -223 +223 @@
     $items = apply_filters( 'wp_nav_menu_items', $items, $args );
     $items = apply_filters( "wp_nav_menu_{$menu->slug}_items", $items, $args );
-    
-    $nav_menu .= sprintf( $args->items_wrap, $slug, $wrap_class, $items );
-    unset($items);
+
+    $nav_menu .= sprintf( $args->items_wrap, esc_attr( $wrap_id ), esc_attr( $wrap_class ), $items );
+    unset( $items );
 
     if ( $show_container )