WordPress.org
Get WordPress

Make WordPress Core

Changeset 42259


Ignore:
Timestamp:
11/29/2017 03:54:05 PM (7 years ago)
Author:
johnbillion
Message:

Hardening: Add escaping to the language attributes used on html elements.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/general-template.php

    r42228 r42259  
    35693569        $attributes[] = 'dir="rtl"';
    35703570
    3571     if ( $lang = get_bloginfo('language') ) {
    3572         if ( get_option('html_type') == 'text/html' || $doctype == 'html' )
    3573             $attributes[] = "lang=\"$lang\"";
    3574 
    3575         if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' )
    3576             $attributes[] = "xml:lang=\"$lang\"";
     3571    if ( $lang = get_bloginfo( 'language' ) ) {
     3572        if ( get_option( 'html_type' ) == 'text/html' || $doctype == 'html' ) {
     3573            $attributes[] = 'lang="' . esc_attr( $lang ) . '"';
     3574        }
     3575
     3576        if ( get_option( 'html_type' ) != 'text/html' || $doctype == 'xhtml' ) {
     3577            $attributes[] = 'xml:lang="' . esc_attr( $lang ) . '"';
     3578        }
    35773579    }
    35783580
Note: See TracChangeset for help on using the changeset viewer.