Make WordPress Core


Ignore:
Timestamp:
07/04/2022 08:14:41 AM (2 years ago)
Author:
audrasjb
Message:

Comments: Use more appropriate escaping functions in class WP_Comments_List_Table.

This changeset replaces esc_attr escaping function with esc_html as it is more appropriate in this context.

Props chintan1896, afragen, peterwilsoncc, SergeyBiryukov.
Fixes #56101.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-comments-list-table.php

    r52957 r53640  
    918918        <div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
    919919            <textarea class="comment" rows="1" cols="1"><?php echo esc_textarea( $comment_content ); ?></textarea>
    920             <div class="author-email"><?php echo esc_attr( $comment->comment_author_email ); ?></div>
    921             <div class="author"><?php echo esc_attr( $comment->comment_author ); ?></div>
     920            <div class="author-email"><?php echo esc_html( $comment->comment_author_email ); ?></div>
     921            <div class="author"><?php echo esc_html( $comment->comment_author ); ?></div>
    922922            <div class="author-url"><?php echo esc_url( $comment->comment_author_url ); ?></div>
    923923            <div class="comment_status"><?php echo $comment->comment_approved; ?></div>
Note: See TracChangeset for help on using the changeset viewer.