Make WordPress Core

Changeset 53961


Ignore:
Timestamp:
08/30/2022 03:17:21 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Posts, Post Types: Escape output within the_meta().

Convert markup to entities when displaying on the front end. Deprecates the_meta() in favor of get_post_meta().

Props tykoted, martinkrcho, xknown, dd32, peterwilsoncc, paulkevan, timothyblynjacobs.
Merges [53958] to the 6.0 branch.

Location:
branches/6.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/6.0

  • branches/6.0/src/wp-includes/post-template.php

    r53318 r53961  
    10891089 * @since 1.2.0
    10901090 *
    1091  * @internal This will probably change at some point...
     1091 * @deprecated 6.0.2 Use get_post_meta() to retrieve post meta and render manually.
    10921092 */
    10931093function the_meta() {
     1094    _deprecated_function( __FUNCTION__, '6.0.2', 'get_post_meta()' );
    10941095    $keys = get_post_custom_keys();
    10951096    if ( $keys ) {
     
    11071108                "<li><span class='post-meta-key'>%s</span> %s</li>\n",
    11081109                /* translators: %s: Post custom field name. */
    1109                 sprintf( _x( '%s:', 'Post custom field name' ), $key ),
    1110                 $value
     1110                esc_html( sprintf( _x( '%s:', 'Post custom field name' ), $key ) ),
     1111                esc_html( $value )
    11111112            );
    11121113
Note: See TracChangeset for help on using the changeset viewer.