Make WordPress Core


Ignore:
Timestamp:
11/05/2021 05:57:40 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Coding Standards: Consistently escape attribute in wp-admin/themes.php.

Follow-up to [27012], [38057], [47816], [51083].

Props sabbirshouvo, audrasjb.
Fixes #54256.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/themes.php

    r51475 r52020  
    364364
    365365foreach ( $themes as $theme ) :
    366     $aria_action = esc_attr( $theme['id'] . '-action' );
    367     $aria_name   = esc_attr( $theme['id'] . '-name' );
     366    $aria_action = $theme['id'] . '-action';
     367    $aria_name   = $theme['id'] . '-name';
    368368
    369369    $active_class = '';
     
    375375    <?php if ( ! empty( $theme['screenshot'][0] ) ) { ?>
    376376        <div class="theme-screenshot">
    377             <img src="<?php echo $theme['screenshot'][0]; ?>" alt="" />
     377            <img src="<?php echo esc_attr( $theme['screenshot'][0] ); ?>" alt="" />
    378378        </div>
    379379    <?php } else { ?>
     
    509509    $details_aria_label = sprintf( _x( 'View Theme Details for %s', 'theme' ), $theme['name'] );
    510510    ?>
    511     <button type="button" aria-label="<?php echo esc_attr( $details_aria_label ); ?>" class="more-details" id="<?php echo $aria_action; ?>"><?php _e( 'Theme Details' ); ?></button>
     511    <button type="button" aria-label="<?php echo esc_attr( $details_aria_label ); ?>" class="more-details" id="<?php echo esc_attr( $aria_action ); ?>"><?php _e( 'Theme Details' ); ?></button>
    512512    <div class="theme-author">
    513513        <?php
     
    519519    <div class="theme-id-container">
    520520        <?php if ( $theme['active'] ) { ?>
    521             <h2 class="theme-name" id="<?php echo $aria_name; ?>">
     521            <h2 class="theme-name" id="<?php echo esc_attr( $aria_name ); ?>">
    522522                <span><?php _ex( 'Active:', 'theme' ); ?></span> <?php echo $theme['name']; ?>
    523523            </h2>
    524524        <?php } else { ?>
    525             <h2 class="theme-name" id="<?php echo $aria_name; ?>"><?php echo $theme['name']; ?></h2>
     525            <h2 class="theme-name" id="<?php echo esc_attr( $aria_name ); ?>"><?php echo $theme['name']; ?></h2>
    526526        <?php } ?>
    527527
     
    900900                    $aria_label = sprintf( _x( 'Activate %s', 'theme' ), '{{ data.name }}' );
    901901                    ?>
    902                     <a class="button activate" href="{{{ data.actions.activate }}}" aria-label="<?php echo $aria_label; ?>"><?php _e( 'Activate' ); ?></a>
     902                    <a class="button activate" href="{{{ data.actions.activate }}}" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Activate' ); ?></a>
    903903                    <?php
    904904                    /* translators: %s: Theme name. */
     
    11181118                    ?>
    11191119                    <# if ( data.actions.activate ) { #>
    1120                         <a href="{{{ data.actions.activate }}}" class="button activate" aria-label="<?php echo $aria_label; ?>"><?php _e( 'Activate' ); ?></a>
     1120                        <a href="{{{ data.actions.activate }}}" class="button activate" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Activate' ); ?></a>
    11211121                    <# } #>
    11221122                    <a href="{{{ data.actions.customize }}}" class="button button-primary load-customize hide-if-no-customize"><?php _e( 'Live Preview' ); ?></a>
     
    11271127                    ?>
    11281128                    <# if ( data.actions.activate ) { #>
    1129                         <a class="button disabled" aria-label="<?php echo $aria_label; ?>"><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
     1129                        <a class="button disabled" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
    11301130                    <# } #>
    11311131                    <a class="button button-primary hide-if-no-customize disabled"><?php _e( 'Live Preview' ); ?></a>
     
    11381138                $aria_label = sprintf( _x( 'Delete %s', 'theme' ), '{{ data.name }}' );
    11391139                ?>
    1140                 <a href="{{{ data.actions['delete'] }}}" class="button delete-theme" aria-label="<?php echo $aria_label; ?>"><?php _e( 'Delete' ); ?></a>
     1140                <a href="{{{ data.actions['delete'] }}}" class="button delete-theme" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Delete' ); ?></a>
    11411141            <# } #>
    11421142        </div>
Note: See TracChangeset for help on using the changeset viewer.