Make WordPress Core

Changeset 54834


Ignore:
Timestamp:
11/14/2022 11:48:18 AM (13 months ago)
Author:
SergeyBiryukov
Message:

Administration: Add missing escaping for a few strings used as HTML attributes.

Follow-up to [47209], [50997], [51006].

Props kowsar89, riccardodicurti, audrasjb, krupalpanchal, SergeyBiryukov.
Fixes #57093.

Location:
trunk/src/wp-admin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/nav-menu.php

    r53222 r54834  
    525525        </ul><!-- .posttype-tabs -->
    526526
    527         <div id="tabs-panel-posttype-<?php echo $post_type_name; ?>-most-recent" class="tabs-panel <?php echo ( 'most-recent' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php _e( 'Most Recent' ); ?>" tabindex="0">
     527        <div id="tabs-panel-posttype-<?php echo $post_type_name; ?>-most-recent" class="tabs-panel <?php echo ( 'most-recent' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php esc_attr_e( 'Most Recent' ); ?>" tabindex="0">
    528528            <ul id="<?php echo $post_type_name; ?>checklist-most-recent" class="categorychecklist form-no-clear">
    529529                <?php
  • trunk/src/wp-admin/nav-menus.php

    r54316 r54834  
    10411041                                        <span class="bulk-select-button-label"><?php _e( 'Bulk Select' ); ?></span>
    10421042                                    </label>
    1043                                     <input type="button" class="deletion menu-items-delete disabled" value="<?php _e( 'Remove Selected Items' ); ?>">
     1043                                    <input type="button" class="deletion menu-items-delete disabled" value="<?php esc_attr_e( 'Remove Selected Items' ); ?>">
    10441044                                    <div id="pending-menu-items-to-delete">
    10451045                                        <p><?php _e( 'List of menu items selected for deletion:' ); ?></p>
  • trunk/src/wp-admin/widgets-form.php

    r51791 r54834  
    333333        <div class="alignleft">
    334334            <?php if ( ! isset( $_GET['addnew'] ) ) : ?>
    335                 <input type="submit" name="removewidget" id="removewidget" class="button-link button-link-delete widget-control-remove" value="<?php _e( 'Delete' ); ?>" />
     335                <input type="submit" name="removewidget" id="removewidget" class="button-link button-link-delete widget-control-remove" value="<?php esc_attr_e( 'Delete' ); ?>" />
    336336                <span class="widget-control-close-wrapper">
    337337                    | <a href="widgets.php" class="button-link widget-control-close"><?php _e( 'Cancel' ); ?></a>
Note: See TracChangeset for help on using the changeset viewer.