WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/27/2015 05:09:24 AM (6 years ago)
Author:
nacin
Message:

Escape the $s global.

fixes #32142.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/template.php

    r31188 r32298  
    495495    global $posts, $post, $wp_did_header, $wp_query, $wp_rewrite, $wpdb, $wp_version, $wp, $id, $comment, $user_ID;
    496496
    497     if ( is_array( $wp_query->query_vars ) )
     497    if ( is_array( $wp_query->query_vars ) ) {
    498498        extract( $wp_query->query_vars, EXTR_SKIP );
    499 
    500     if ( $require_once )
     499    }
     500
     501    if ( isset( $s ) ) {
     502        $s = esc_attr( $s );
     503    }
     504
     505    if ( $require_once ) {
    501506        require_once( $_template_file );
    502     else
     507    } else {
    503508        require( $_template_file );
    504 }
    505 
     509    }
     510}
     511
Note: See TracChangeset for help on using the changeset viewer.