Make WordPress Core

Changeset 54541


Ignore:
Timestamp:
10/17/2022 12:39:40 PM (18 months ago)
Author:
audrasjb
Message:

Widgets: Escape RSS error messages for display.

Props xknown, timothyblynjacobs, matveb, talldanwp.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/widgets.php

    r53455 r54541  
    15791579    if ( is_wp_error( $rss ) ) {
    15801580        if ( is_admin() || current_user_can( 'manage_options' ) ) {
    1581             echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . $rss->get_error_message() . '</p>';
     1581            echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>';
    15821582        }
    15831583        return;
     
    17021702
    17031703    if ( ! empty( $args['error'] ) ) {
    1704         echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . $args['error'] . '</p>';
     1704        echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>';
    17051705    }
    17061706
Note: See TracChangeset for help on using the changeset viewer.