Make WordPress Core


Ignore:
Timestamp:
11/14/2022 11:48:18 AM (2 years ago)
Author:
SergeyBiryukov
Message:

Administration: Add missing escaping for a few strings used as HTML attributes.

Follow-up to [47209], [50997], [51006].

Props kowsar89, riccardodicurti, audrasjb, krupalpanchal, SergeyBiryukov.
Fixes #57093.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/widgets-form.php

    r51791 r54834  
    333333        <div class="alignleft">
    334334            <?php if ( ! isset( $_GET['addnew'] ) ) : ?>
    335                 <input type="submit" name="removewidget" id="removewidget" class="button-link button-link-delete widget-control-remove" value="<?php _e( 'Delete' ); ?>" />
     335                <input type="submit" name="removewidget" id="removewidget" class="button-link button-link-delete widget-control-remove" value="<?php esc_attr_e( 'Delete' ); ?>" />
    336336                <span class="widget-control-close-wrapper">
    337337                    | <a href="widgets.php" class="button-link widget-control-close"><?php _e( 'Cancel' ); ?></a>
Note: See TracChangeset for help on using the changeset viewer.