Make WordPress Core

Changeset 55240


Ignore:
Timestamp:
02/06/2023 09:34:56 PM (16 months ago)
Author:
audrasjb
Message:

Coding Standards: Add missing escaping function in Custom_Image_Header::show_header_selector().

Props chintan1896, SergeyBiryukov.
Fixes #57638.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-custom-image-header.php

    r54133 r55240  
    333333                $width = ' width="230"';
    334334            }
    335             echo '<img src="' . set_url_scheme( $header_thumbnail ) . '" alt="' . esc_attr( $header_alt_text ) . '"' . $width . ' /></label>';
     335            echo '<img src="' . esc_url( set_url_scheme( $header_thumbnail ) ) . '" alt="' . esc_attr( $header_alt_text ) . '"' . $width . ' /></label>';
    336336            echo '</div>';
    337337        }
Note: See TracChangeset for help on using the changeset viewer.