Make WordPress Core

Changeset 51080


Ignore:
Timestamp:
06/07/2021 06:45:56 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Comments: Escape comment author's email in the Edit Comment form.

Technically, this is redundant, as the comment_author, comment_author_email, and comment_author_url fields are already escaped via get_comment_to_edit() before the form is displayed.

However, this brings some consistency with the comment_author and comment_author_url fields being escaped in the same form.

Follow-up to [11721].

Props utsav72640.
Fixes #53349.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/edit-form-comment.php

    r48991 r51080  
    5353    <td class="first"><label for="email"><?php _e( 'Email' ); ?></label></td>
    5454    <td>
    55         <input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" id="email" />
     55        <input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr( $comment->comment_author_email ); ?>" id="email" />
    5656    </td>
    5757</tr>
Note: See TracChangeset for help on using the changeset viewer.