Make WordPress Core


Ignore:
Timestamp:
10/20/2021 07:17:00 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Coding Standards: Improve escaping in wp-admin/theme-install.php.

  • Rename a duplicate $feature_name variable to $feature_group for clarity.
  • Escape the remaining $feature_name variable.

Follow-up to [27636], [35273].

Props sabbirshouvo, sabernhardt, mukesh27, afragen.
Fixes #54277.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/theme-install.php

    r51475 r51923  
    222222        $feature_list = get_theme_feature_list( false );
    223223
    224         foreach ( $feature_list as $feature_name => $features ) {
     224        foreach ( $feature_list as $feature_group => $features ) {
    225225            echo '<fieldset class="filter-group">';
    226             $feature_name = esc_html( $feature_name );
    227             echo '<legend>' . $feature_name . '</legend>';
     226            echo '<legend>' . esc_html( $feature_group ) . '</legend>';
    228227            echo '<div class="filter-group-feature">';
    229228            foreach ( $features as $feature => $feature_name ) {
    230229                $feature = esc_attr( $feature );
    231230                echo '<input type="checkbox" id="filter-id-' . $feature . '" value="' . $feature . '" /> ';
    232                 echo '<label for="filter-id-' . $feature . '">' . $feature_name . '</label>';
     231                echo '<label for="filter-id-' . $feature . '">' . esc_html( $feature_name ) . '</label>';
    233232            }
    234233            echo '</div>';
Note: See TracChangeset for help on using the changeset viewer.