WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/16/2018 01:54:50 PM (3 years ago)
Author:
johnbillion
Message:

Options, Meta APIs: Use the correct escaping function when outputting the meta box context.

Props khaihong, abdullahramzan, leanderiversen, aryamaaru, lbenicio, palmiak

Fixes #44274

Merges [43365] to the 4.9 branch.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/template.php

    r42147 r43366  
    10191019    $hidden = get_hidden_meta_boxes( $screen );
    10201020
    1021     printf('<div id="%s-sortables" class="meta-box-sortables">', htmlspecialchars($context));
     1021    printf( '<div id="%s-sortables" class="meta-box-sortables">', esc_attr( $context ) );
    10221022
    10231023    // Grab the ones the user has manually sorted. Pull them out of their previous context/priority and into the one the user chose
Note: See TracChangeset for help on using the changeset viewer.