Make WordPress Core


Ignore:
Timestamp:
10/17/2022 12:41:05 PM (19 months ago)
Author:
audrasjb
Message:

Widgets: Escape RSS error messages for display.

Props xknown, timothyblynjacobs, matveb, talldanwp.
Merges [54541] to the 6.0 branch.

Location:
branches/6.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/6.0

  • branches/6.0/src/wp-includes/widgets.php

    r52362 r54542  
    15791579    if ( is_wp_error( $rss ) ) {
    15801580        if ( is_admin() || current_user_can( 'manage_options' ) ) {
    1581             echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . $rss->get_error_message() . '</p>';
     1581            echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>';
    15821582        }
    15831583        return;
     
    17021702
    17031703    if ( ! empty( $args['error'] ) ) {
    1704         echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . $args['error'] . '</p>';
     1704        echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>';
    17051705    }
    17061706
Note: See TracChangeset for help on using the changeset viewer.