WordPress.org
Get WordPress

Make WordPress Core

Changeset 42305 for branches/3.9


Ignore:
Timestamp:
11/29/2017 04:39:51 PM (9 years ago)
Author:
johnbillion
Message:

Hardening: Add escaping to the language attributes used on html elements.

Merges [42259] to the 3.9 branch.

Location:
branches/3.9
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/3.9

  • branches/3.9/src/wp-includes/general-template.php

    r28131 r42305  
    23502350        $attributes[] = 'dir="rtl"';
    23512351
    2352     if ( $lang = get_bloginfo('language') ) {
    2353         if ( get_option('html_type') == 'text/html' || $doctype == 'html' )
    2354             $attributes[] = "lang=\"$lang\"";
    2355 
    2356         if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' )
    2357             $attributes[] = "xml:lang=\"$lang\"";
     2352    if ( $lang = get_bloginfo( 'language' ) ) {
     2353        if ( get_option( 'html_type' ) == 'text/html' || $doctype == 'html' ) {
     2354            $attributes[] = 'lang="' . esc_attr( $lang ) . '"';
     2355        }
     2356
     2357        if ( get_option( 'html_type' ) != 'text/html' || $doctype == 'xhtml' ) {
     2358            $attributes[] = 'xml:lang="' . esc_attr( $lang ) . '"';
     2359        }
    23582360    }
    23592361
Note: See TracChangeset for help on using the changeset viewer.