WordPress.org

Make WordPress Core

Changeset 30081


Ignore:
Timestamp:
10/28/2014 11:07:32 PM (7 years ago)
Author:
lancewillett
Message:

Twenty Fifteen: only escape HTML attribute output with esc_attr(). See #30133, props ocean90.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-content/themes/twentyfifteen/inc/custom-header.php

    r30046 r30081  
    150150 */
    151151function twentyfifteen_admin_header_image() {
    152     $style                   = sprintf( ' style="color: #%s;"', get_header_textcolor() );
     152    $style                   = sprintf( ' style="color: #%s;"', esc_attr( get_header_textcolor() ) );
    153153    $color_scheme            = twentyfifteen_get_color_scheme();
    154154    $header_background_color = get_theme_mod( 'header_background_color', $color_scheme[1] );
    155155?>
    156156    <div id="headimg" style="background-image: url(<?php header_image(); ?>); background-color: <?php echo esc_attr( $header_background_color ); ?>;">
    157         <h1 class="displaying-header-text"><a id="name"<?php echo esc_attr( $style ); ?> onclick="return false;" href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
    158         <div id="desc" class="displaying-header-text"<?php echo esc_attr( $style ); ?>><?php bloginfo( 'description' ); ?></div>
     157        <h1 class="displaying-header-text"><a id="name"<?php echo $style; ?> onclick="return false;" href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
     158        <div id="desc" class="displaying-header-text"<?php echo $style; ?>><?php bloginfo( 'description' ); ?></div>
    159159    </div>
    160160<?php
Note: See TracChangeset for help on using the changeset viewer.